EDGE Manager quick start guide

Provision SSL certificate

root@myem# mkdir /ssl
root@myem# mkdir /ssl/certs
root@myem# cd /ssl/certs

Commercial or Enterprise CA

Provide CSR to CA.

root@myem# openssl req -newkey rsa:2048 -keyout nginx-selfsigned.key -out nginx-selfsigned.csr
root@myem# cat nginx-selfsigned.csr

Upload signed certificate into /ssl/certs.

Put signed certificate into DER, Base-64 encoded form and save it as nginx-selfsigned.crt.

root@myem# openssl x509 -outform der -in mycert.pem -out nginx-selfsigned.crt

NOTE: You may have to include the root & intermediate certificates.

root@myem# cat caroot.crt cainter.crt mycert.crt > nginx-selfsigned.crt

Let’s Encrypt CA (not recommended for production)

Prepare the host:

root@myem# mkdir /letsencrypt
root@myem# mkdir /root/ssl-letsencrypt
root@myem# nano /root/ssl-letsencrypt/nginx.conf

Paste in these contents and replace the domain “my-em.mydomain.com” with your domain:

user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
#include /etc/nginx/conf.d/*.conf;
events {
    worker_connections 1024;
}

http {
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;
    sendfile on;
    keepalive_timeout 65;

    server {
      listen 80;
      server_name my-em.mydomain.com;

      location /.well-known/acme-challenge/ {
        root /letsencrypt;
      }

      location / {
        gzip off;
        root /usr/share/nginx/html/;
        index index.html;
      }

    }
}

TIP: Use CTRL-O to save, CTRL-X to exit, and Return to accept prompts at the bottom of the screen.

Start NGINX container:

root@myem# docker run -it -d --name nginx -v /root/ssl-letsencrypt/nginx.conf:/etc/nginx/nginx.conf -v /letsencrypt:/letsencrypt -v /letsencrypt/certs:/etc/letsencrypt -p 80:80 -p 443:443 nginx

Obtain Certbot container:

root@myem# cp -r /home/ma-admin/.aws /root/
root@myem# aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin 836891784212.dkr.ecr.us-west-2.amazonaws.com

Start Certbot container’s shell:

root@myem# docker run -it --rm --name certbot -v /letsencrypt:/letsencrypt -v /letsencrypt/certs:/etc/letsencrypt 836891784212.dkr.ecr.us-west-2.amazonaws.com/longship:certbot bash

Request certificate from Let’s Encrypt.

root@randomhexstring# certbot certonly --webroot –webroot-path /letsencrypt --no-eff-email --email [email protected] --domain my-em.mydomain.com

Clean up:

root@myem# exit
root@myem# docker kill nginx
root@myem# docker rm nginx

Copy certificates and key:

root@myem# cd /ssl/certs
root@myem# cp /letsencrypt/certs/archive/*/* ./
root@myem# cp fullchain1.pem nginx-selfsigned.crt
root@myem# cp privkey1.pem nginx-selfsigned.key