{"id":107,"date":"2018-03-09T20:33:25","date_gmt":"2018-03-09T20:33:25","guid":{"rendered":"http:\/\/tonysbit.blog\/?p=107"},"modified":"2018-03-09T20:33:25","modified_gmt":"2018-03-09T20:33:25","slug":"deploying-a-ssl-protected-containerized-app-part-2","status":"publish","type":"post","link":"https:\/\/tonysbit.blog\/?p=107","title":{"rendered":"Deploying a SSL Protected Containerized App: Part 2"},"content":{"rendered":"

Checklist<\/h1>\n

Let’s quickly do a checklist of what we have so far<\/p>\n

    \n
  1. SSH Accessible Virtual Machine (Running Centos 7.4)<\/li>\n
  2. Ports 22, 443, 80 are open on the virtual machine<\/li>\n
  3. Domain pointed at the public IP of the Virtual machine<\/li>\n<\/ol>\n

    If you have not done these things, you can deploy your virtual machine following the steps in part 1<\/a>.<\/p>\n

    Preparing the Host<\/h1>\n

    Start this part by initializing a SSH session into the virtual machine.<\/p>\n

    Swap to the root user by running <\/code><\/p>\n

    su root<\/code><\/p>\n

    Installing Docker<\/h2>\n

    Install docker<\/a><\/h3>\n

    On the virtual machine that you have deployed run the following commands:<\/p>\n

    sudo yum install -y yum-utils\u00a0 device-mapper-persistent-data\u00a0 lvm2<\/code><\/p>\n

    \u200b\u200b\u200b\u200b\u200b\u200bsudo yum-config-manager\u00a0 \u00a0 --add-repo https:\/\/download.docker.com\/linux\/centos\/docker-ce.repo<\/code><\/p>\n

    sudo yum install docker-ce<\/code><\/p>\n

    Note: These are the quick commands to install docker, for more information as to what they do exactly visit the docs<\/a>.<\/p>\n

    Downloading CertBot<\/h2>\n

    Certbot is a nifty client that will fetch SSL\/TLS certificates and is used as the client for Let’s Encrypt.<\/strong><\/p>\n

    Download Cert Bot<\/p>\n

    Pre-requisites:<\/p>\n

    yum -y install yum-utils<\/code>
    \nyum install epel-release<\/code><\/p>\n

    Run installation:<\/p>\n

    sudo yum install certbot<\/code>
    \n<\/span><\/b><\/p>\n

    Note: These are the quick commands to install certbot, for more information as to what they do exactly visit the docs<\/a>.<\/p>\n

    Generating a SSL Certificate<\/h2>\n

    On the virtual machine that you have deployed run the following commands:<\/p>\n

    When running certbot to obtain a SSL certificate, too many attempts will result in a lockout of the domain of up to a hour. To prevent a lockout we will be testing the creation of the certificate with a –staging command.<\/p>\n

    sudo certbot certonly --staging<\/code><\/p>\n

    Run through the prompts and at the very end enter your domain address (domain.com.au).<\/p>\n

    The successful output is shown below<\/p>\n

    \"92f0915b-1ae6-4894-b127-899415893848\"<\/p>\n

    Once you can confirm that a staging certificate can be generated, run the process again without the --staging<\/code> tag.<\/p>\n

    Once you have completed the deployment of a production ready SSL certificate, you can now move on to part 3<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

    Checklist Let’s quickly do a checklist of what we have so far SSH Accessible Virtual Machine (Running Centos 7.4) Ports 22, 443, 80 are open on the virtual machine Domain pointed at the public IP of the Virtual machine If you have not done these things, you can deploy your virtual machine following the steps […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/tonysbit.blog\/index.php?rest_route=\/wp\/v2\/posts\/107"}],"collection":[{"href":"https:\/\/tonysbit.blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tonysbit.blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tonysbit.blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tonysbit.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=107"}],"version-history":[{"count":0,"href":"https:\/\/tonysbit.blog\/index.php?rest_route=\/wp\/v2\/posts\/107\/revisions"}],"wp:attachment":[{"href":"https:\/\/tonysbit.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tonysbit.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=107"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tonysbit.blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}