Human Connection
1.0.0
1.0.0
  • Introduction
  • Edit this Documentation
  • Installation
  • Neo4J
  • Backend
    • GraphQL
    • neo4j-graphql-js
  • Webapp
    • Components
    • HTML
    • SCSS
    • Vue
  • Testing Guide
    • End-to-end tests
    • Frontend tests
    • Backend tests
  • Contributing
  • Kubernetes Deployment
    • Minikube
    • Digital Ocean
      • Kubernetes Dashboard
      • HTTPS
    • Human Connection
      • Error Reporting
      • Mailserver
      • Maintenance
    • Volumes
      • Neo4J Offline-Backups
      • Neo4J Online-Backups
      • Volume Snapshots
      • Reclaim Policy
      • Velero
    • Metrics
    • Legacy Migration
  • Feature Specification
  • Code of conduct
  • License
Powered by GitBook
On this page

Was this helpful?

  1. Kubernetes Deployment
  2. Digital Ocean

HTTPS

PreviousKubernetes DashboardNextHuman Connection

Last updated 5 years ago

Was this helpful?

Follow and install certmanager via helm and tiller:

$ kubectl create serviceaccount tiller --namespace=kube-system
$ kubectl create clusterrolebinding tiller-admin --serviceaccount=kube-system:tiller --clusterrole=cluster-admin
$ helm init --service-account=tiller
$ helm repo add jetstack https://charts.jetstack.io
$ helm repo update
$ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.11/deploy/manifests/00-crds.yaml
$ helm install --name cert-manager --namespace cert-manager --version v0.11.0 jetstack/cert-manager

Create Letsencrypt Issuers and Ingress Services

Copy the configuration templates and change the file according to your needs.

# in folder deployment/digital-ocean/https/
cp templates/issuer.template.yaml ./issuer.yaml
cp templates/ingress.template.yaml ./ingress.yaml

At least, change email addresses in issuer.yaml. For sure you also want to change the domain name in ingress.yaml.

Once you are done, apply the configuration:

# in folder deployment/digital-ocean/https/
$ kubectl apply -f .

By now, your cluster should have a load balancer assigned with an external IP address. On Digital Ocean, this is how it should look like:

Check the ingress server is working correctly:

$ curl -kivL -H 'Host: <DOMAIN_NAME>' 'https://<IP_ADDRESS>'

If the response looks good, configure your domain registrar for the new IP address and the domain.

Now let's get a valid HTTPS certificate. According to the tutorial above, check your tls certificate for staging:

$ kubectl describe --namespace=human-connection certificate tls
$ kubectl describe --namespace=human-connection secret tls

If everything looks good, update the issuer of your ingress. Change the annotation certmanager.k8s.io/issuer from letsencrypt-staging to letsencrypt-prod in your ingress configuration in ingress.yaml.

# in folder deployment/digital-ocean/https/
$ kubectl apply -f ingress.yaml

Delete the former secret to force a refresh:

$ kubectl  --namespace=human-connection delete secret tls

Now, HTTPS should be configured on your domain. Congrats.

this quick start guide
This resource was also helpful
Screenshot of Digital Ocean dashboard showing external ip address