SSL cert for website

[ThaiQ]

@IsitaB and I (@ThaiQ ) worked on the old cert-deployment. Reach out to either for further helps if needed.

The general concept is fairly straight forward, you only need to feed nginx-load_balancer the certificate since users access the website through nginx-LBalancer.

Look at nginx.conf

# actual nginx server
    server {

        #443(https)
        listen 443 ssl;

        # ssl certificate
        ssl_certificate sce_engr_sjsu_edu.cer;
        ssl_certificate_key sce.key;
        # TLS protocol (remember to update to the newest protocols for best security)
        ssl_protocols TLSv1.3;
        
        #stuffs...
    }

Keep in mind that the orchestration is organized by docker-compose.yml

#...
  web:
    image: 'nginx'
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      - ./sce_engr_sjsu_edu.cer:/etc/nginx/sce_engr_sjsu_edu.cer
      - ./sce.key:/etc/nginx/sce.key
    command: [nginx-debug, '-g', 'daemon off;']
    ports:
      - '80:80'
      - '443:443'
    restart: 'on-failure'
    depends_on:
      - frontend

You can see that we try to mount the .cer and .key files to from the host directory to the container.

As long as files are in the right directory - docker-compose up should work.
With that, for future replacement of the certificate - I suspect that we only need to replace old files with the new files (keep same filenames).

[ThaiQ]

FYI SSL certs are irrelevant for discord bot.

[evanugarte]

I have the certificate files, but it seems like they were signed with a private key other than the one on the Core-v4 prod machine. Will reply with updates here

[evanugarte]

this is resolved