From c383d97fee463111b2a4e672f5e62e5737a640e5 Mon Sep 17 00:00:00 2001 From: Athanasius Date: Fri, 4 Jun 2021 15:24:40 +0100 Subject: [PATCH] docs: Basic instructions on putting existing LetsEncrypt cert files in place --- docs/Running-this-software.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/docs/Running-this-software.md b/docs/Running-this-software.md index 2bac49d..84607a4 100644 --- a/docs/Running-this-software.md +++ b/docs/Running-this-software.md @@ -45,11 +45,36 @@ need to install netdata. On Debian-based systems: The default configuration should be all you need, listening on `127.0.0.1:19999`. +### LetsEncrypt: certbot +It will be necessary to renew the TLS certificate using certbot (or some +alternative ACME client). + + apt install certbot + ### Reverse Proxy with nginx If you don't yet have nginx installed then start with: apt install nginx-light +#### LetsEncrypt TLS Certificates + +You will need a LetsEncrupt/ACME client in order to keep the TLS certificate +renewed. + + cd /etc/letsencrypt + mkdir -p archive/eddn.edcd.io + mkdir -p live/eddn.edcd.io + cd archive/eddn.edcd.io + cp . + chmod 644 *.pem + chmod 600 privkey*.pem + cd ../../live/eddn.edcd.io + # NB: You need to check what the *newest* file is. The `1` will be a + # greater number if the certificate has ever been renewed. + ln -s ../../archive/eddn.edcd.io/fullchain1.pem fullchain.pem + ln -s ../../archive/eddn.edcd.io/privkey1.pem privkey.pem + +#### nginx configuration There is an example configuration in `contrib/nginx-eddn.conf` which makes some assumptions: