[taler-docs] branch master updated: New system administration section for documentation and tutorials

[gnunet]

This is an automated email from the git hooks/post-receive script.

javier-sepulveda pushed a commit to branch master
in repository docs.

The following commit(s) were added to refs/heads/master by this push:
     new 6ad0e19f New system administration section for documentation and 
tutorials
6ad0e19f is described below

commit 6ad0e19fc0417f7ec55063b1d883fe999c18d953
Author: Javier Sepulveda <javier.sepulveda@uv.es>
AuthorDate: Fri May 17 12:40:31 2024 +0200

    New system administration section for documentation and tutorials
---
 images/grafana-postgres-exporter.png               | Bin 244971 -> 0 bytes
 images/kuma.png                                    | Bin 244687 -> 0 bytes
 images/regional-arch.png                           | Bin 117525 -> 0 bytes
 images/taler-monitoring-infrastructure.png         | Bin 85006 -> 0 bytes
 images/uptime-kuma-edit.png                        | Bin 116550 -> 0 bytes
 images/uptime-kuma-from-grafana.png                | Bin 345702 -> 0 bytes
 index.rst                                          |   2 +
 system-administration/images/lego-logo.svg         |   1 +
 system-administration/index.rst                    |  26 ++++
 system-administration/lego-certificates.rst        | 131 +++++++++++++++++++++
 .../taler-monitoring-infrastructure.rst            |   0
 11 files changed, 160 insertions(+)

diff --git a/images/grafana-postgres-exporter.png 
b/images/grafana-postgres-exporter.png
deleted file mode 100644
index a51c28f0..00000000
Binary files a/images/grafana-postgres-exporter.png and /dev/null differ
diff --git a/images/kuma.png b/images/kuma.png
deleted file mode 100644
index d98772a1..00000000
Binary files a/images/kuma.png and /dev/null differ
diff --git a/images/regional-arch.png b/images/regional-arch.png
deleted file mode 100644
index a3691aea..00000000
Binary files a/images/regional-arch.png and /dev/null differ
diff --git a/images/taler-monitoring-infrastructure.png 
b/images/taler-monitoring-infrastructure.png
deleted file mode 100644
index 05f29704..00000000
Binary files a/images/taler-monitoring-infrastructure.png and /dev/null differ
diff --git a/images/uptime-kuma-edit.png b/images/uptime-kuma-edit.png
deleted file mode 100644
index 23b85dad..00000000
Binary files a/images/uptime-kuma-edit.png and /dev/null differ
diff --git a/images/uptime-kuma-from-grafana.png 
b/images/uptime-kuma-from-grafana.png
deleted file mode 100644
index c42b8660..00000000
Binary files a/images/uptime-kuma-from-grafana.png and /dev/null differ
diff --git a/index.rst b/index.rst
index bd3b30d6..417e3a1b 100644
--- a/index.rst
+++ b/index.rst
@@ -18,6 +18,7 @@
   @author Sree Harsha Totakura
   @author Marcello Stanisci
   @author Christian Grothoff
+  @author Javier Sepulveda
 
 GNU Taler Documentation
 =======================
@@ -63,6 +64,7 @@ Documentation Overview
   taler-auditor-manual
   taler-developer-manual
   libeufin/index
+  system-administration/index
   design-documents/index
   global-licensing
   manindex
diff --git a/system-administration/images/lego-logo.svg 
b/system-administration/images/lego-logo.svg
new file mode 100644
index 00000000..2b578d34
--- /dev/null
+++ b/system-administration/images/lego-logo.svg
@@ -0,0 +1 @@
+<svg width="538.167" height="152.232" viewBox="0 0 142.39 40.278" 
xml:space="preserve" xmlns="http://www.w3.org/2000/svg"; 
xmlns:xlink="http://www.w3.org/1999/xlink";><g fill="none" stroke="#00add8" 
stroke-width="2.646"><path d="M129.04 6.615c-6.952 0-6.952 4.973-6.952 
6.024V27.61c0 .62 0 6.053 6.952 6.053s6.735-5.423 
6.735-6.053V12.64c0-1.013.217-6.024-6.735-6.024z"/><path d="M113.61 
12.639c0-1.013.217-6.025-6.735-6.025s-6.952 4.973-6.952 6.025V27.61c0 .62 0 
6.053 6.952 6.053s6.735-5.423  [...]
diff --git a/system-administration/index.rst b/system-administration/index.rst
new file mode 100644
index 00000000..e573f7c8
--- /dev/null
+++ b/system-administration/index.rst
@@ -0,0 +1,26 @@
+..
+  This file is part of GNU TALER.
+  Copyright (C) 2014-2023 Taler Systems SA
+
+  TALER is free software; you can redistribute it and/or modify it under the
+  terms of the GNU Affero General Public License as published by the Free 
Software
+  Foundation; either version 2.1, or (at your option) any later version.
+
+  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more 
details.
+
+  You should have received a copy of the GNU Affero General Public License 
along with
+  TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+
+  @author Javier Sepulveda
+
+System Administration tutorials
+##################################
+
+.. toctree::
+  :maxdepth: 1
+  :glob:
+
+  lego-certificates
+  taler-monitoring-infrastructure
diff --git a/system-administration/lego-certificates.rst 
b/system-administration/lego-certificates.rst
new file mode 100644
index 00000000..ebc35329
--- /dev/null
+++ b/system-administration/lego-certificates.rst
@@ -0,0 +1,131 @@
+.. image:: images/lego-logo.svg
+   :width: 300
+   :height: 150
+   :alt: lego logo
+
+What is Lego
+###############
+
+Let's Encrypt client and ACME library written in Go.
+
+* You can request new certificates
+* You can request new subdomain alt names for your current main certicate
+* You can renew certificates
+* You can revoke certificates
+* You can request certificates by using dynamic DNS (API access, with multiple 
providers)
+
+
+Why lego is better for managing certificates
+===============================================
+
+* The process is not considered a live process, so in case something goes 
wrong your websites won't break.
+* You can hook some actions after the renewal process, such as reloading 
Dovecot. 
+* The process of either obtaining or renewing new certicates, doesn't require 
you to stop NGINX.
+* Lego just helps you to obtain the certificates as text files, which you can 
copy afterwards to the right locations to be used by NGINX. 
+
+
+Requirements
+=============
+- A fully automation of installing and deploying Lego can be found in 
migration-exercise-stable.git/taler.net/lego-certificates
+- If you want to do things manually instead, you can execute the 
"install-lego.sh" file.
+- To use our script simply execute the "main-certs.sh" file, which not only 
will install lego on your system, but
+  will try to obtain certificates for the ones listed on the "domains" text 
file.
+- Lego can work with so many domain providers (dynamic DNS), so please make 
sure you have indicated the right
+  API credentials on the "envars" variables file for your domain provider. In 
our specific case, we use Joker.
+- Make sure either you are not using UFW or any firewall program, or that if 
you are using one, make sure you have opened beforehand
+  the port 80.
+
+Installation and deployment with a script
+#############################################
+
+#. Git clone migration-exercise-stable.git
+#. Navigate to the folder taler.net/lego-certificates
+#. Add your desired FQDNs in the "domains" text file
+#. Execute the "main-certs.sh" file as ./main-certs.sh
+
+Manually installing Lego
+===========================
+
+.. note ::
+   Just as an informative process, as this is fully automated by executing 
either the "install-lego.sh" or the "main-certs.sh" files.
+
+.. code-block:: console
+
+   $ wget 
https://github.com/go-acme/lego/releases/download/v4.16.1/lego_v4.16.1_linux_amd64.tar.gz
+   $ tar -axf lego_v4.16.1_linux_amd64.tar.gz
+   $ # If moving directly to /usr/local/bin, just copy the lego binary file to 
/usr/local/bin
+   $ cp /tmp/lego /usr/local/bin/
+   $ # If copying the binary to /opt/lego, make symbolic links to 
/usr/local/bin
+   $ cp /tmp/lego /opt/lego/
+   $ ln -s /usr/local/bin /opt/lego/lego
+
+Full documentation on how to use Lego can be found in: 
https://go-acme.github.io/lego/ 
+
+Usage of lego once it has been installed
+###############################################
+
+* Each time you want to add an additional domain to your setup, just add the 
FQDN to the "domains" text file
+* There is nothing else to do in your side now, the server itself will trigger 
automatically (systemd timer) the "renew-certs.service" 
+* We have implemented the use of lego with systemd timers, so there is not 
additional maintenance
+
+Automatic renewal of certificates
+##################################
+
+We use systemd timers do undertake this. 
+  
+.. note ::
+   To check the systemd timer is running properly and "waiting", you can 
execute "systemctl status renew-certs.timer"
+
+More information: https://go-acme.github.io/lego/usage/cli/renew-a-certificate/
+
+
+Email notifications
+====================
+
+* Let's encrypt notifications will arrive to your configured email address. 
+* You can specify your email address by editing the  "envars" text file 
(variable "LEGO_ACCOUNT_EMAIL").
+* On each successful renewal, you will receive an email notification from the 
script.
+
+Additional information for troubleshooting
+###############################################
+
+Once you have the certificate generated files (/root/.lego/xxx.crt, 
/root/.lego/xxx.key)
+they will be copied to /etc/ssl/certs and /etc/ssl/private, respectively. 
+
+How to configure NGINX to use your certificates
+##################################################
+
+In the NGINX virtualhost configuration file just include "include 
conf.d/talerssl.conf;" line, and
+make sure you have a file named "talerssl.conf" in the path: /etc/nginx/conf.d 
with the next content:
+
+.. code-block:: console
+
+   $ # Taler SSL defaults
+   $ # We're using one certificate with taler.net as primary name
+   $ # and everything else as alt name.
+   $ # These 2 next lines are the important ones, which refer to the 
certificates file (.crt), and its private key (.key)
+   $ ssl_certificate /etc/ssl/certs/taler.net.crt;
+   $ ssl_certificate_key /etc/ssl/private/taler.net.key;
+   $ ssl_session_cache shared:SSL:10m;
+   $ ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+   $ add_header Strict-Transport-Security "max-age=63072000; 
includeSubDomains; preload";
+
+
+Presence of Lego in our servers
+######################################
+
+* TUE - University of Eindhoven
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/taler-monitoring-infrastructure.rst 
b/system-administration/taler-monitoring-infrastructure.rst
similarity index 100%
rename from taler-monitoring-infrastructure.rst
rename to system-administration/taler-monitoring-infrastructure.rst

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.