5G SD EDGE Manager quick start guide

Provision SSL certificate

[email protected]# mkdir /ssl
[email protected]# mkdir /ssl/certs
[email protected]# cd /ssl/certs

Commercial or Enterprise CA

Provide CSR to CA.

[email protected]# openssl req -newkey rsa:2048 -keyout nginx-selfsigned.key -out nginx-selfsigned.csr
[email protected]# cat nginx-selfsigned.csr

Upload signed certificate into /ssl/certs.

Put signed certificate into DER, Base-64 encoded form and save it as nginx-selfsigned.crt.

[email protected]# openssl x509 -outform der -in mycert.pem -out nginx-selfsigned.crt

NOTE: You may have to include the root & intermediate certificates.

[email protected]# cat caroot.crt cainter.crt mycert.crt > nginx-selfsigned.crt

Let’s Encrypt CA (not recommended for production)

Prepare the host:

[email protected]# mkdir /letsencrypt
[email protected]# mkdir /root/ssl-letsencrypt
[email protected]# nano /root/ssl-letsencrypt/nginx.conf

Paste in these contents and replace the domain “my-em.mydomain.com” with your domain:

user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
#include /etc/nginx/conf.d/*.conf;
events {
    worker_connections 1024;
}

http {
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;
    sendfile on;
    keepalive_timeout 65;

    server {
      listen 80;
      server_name my-em.mydomain.com;

      location /.well-known/acme-challenge/ {
        root /letsencrypt;
      }

      location / {
        gzip off;
        root /usr/share/nginx/html/;
        index index.html;
      }

    }
}

TIP: Use CTRL-O to save, CTRL-X to exit, and Return to accept prompts at the bottom of the screen.

Start NGINX container:

[email protected]# docker run -it -d --name nginx -v /root/ssl-letsencrypt/nginx.conf:/etc/nginx/nginx.conf -v /letsencrypt:/letsencrypt -v /letsencrypt/certs:/etc/letsencrypt -p 80:80 -p 443:443 nginx

Obtain Certbot container:

[email protected]# cp -r /home/ma-admin/.aws /root/
[email protected]# aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin 836891784212.dkr.ecr.us-west-2.amazonaws.com

Start Certbot container’s shell:

[email protected]# docker run -it --rm --name certbot -v /letsencrypt:/letsencrypt -v /letsencrypt/certs:/etc/letsencrypt 836891784212.dkr.ecr.us-west-2.amazonaws.com/longship:certbot bash

Request certificate from Let’s Encrypt.

[email protected]# certbot certonly --webroot –webroot-path /letsencrypt --no-eff-email --email [email protected] --domain my-em.mydomain.com

Clean up:

[email protected]# exit
[email protected]# docker kill nginx
[email protected]# docker rm nginx

Copy certificates and key:

[email protected]# cd /ssl/certs
[email protected]# cp /letsencrypt/certs/archive/*/* ./
[email protected]# cp fullchain1.pem nginx-selfsigned.crt
[email protected]# cp privkey1.pem nginx-selfsigned.key


Inseego
Let's get started.
What are you looking for?
Progress 0%