[Nix-dev] Testing Nginx public entry points with NixOps/libvirtd
Jörg Thalheim
joerg at higgsboson.tk
Wed Dec 21 21:32:49 CET 2016
If you have a public domain somewhere, where you control the dns,
you can also issue certificates via dns validation. But I think this currently not possible
with the existing module presented here. You can use dehydrated for instance:
https://github.com/lukas2511/dehydrated/wiki/Examples-for-DNS-01-hooks
This should also work in private networks. The domains do not even have to point to public ips in this case.
On 2016-12-21 19:47, zimbatm wrote:
>
> Hi,
>
> Your VM needs to be reachable from the internet for letsencrypt to work. If it's only for internal usage the best thing to do is to provision the machine with certificates that you generate yourself and add a condition for production. Alternatively keep it plain HTTP and have a tunnel in production that does TLS termination.
>
>
> On Wed, 21 Dec 2016, 11:20 Daniel Hlynskyi, <abcz2.uprola at gmail.com <mailto:abcz2.uprola at gmail.com>> wrote:
>
> Hello all NixOps users. I'd like to build my production system with libvirtd backend, but I'm stopped with a problem. SSL certificates can't be obtained in virtualized environment.
>
> {
> services.nginx.virtualHosts."example.domain" = {
> enableSSL = true;
> enableACME = true;
> };
> }
>
> As far as I understand, letsencrypt tries to verify "example.domain", but it points to production system, not to virtualized.
>
> What are my options to fix this issue? In the end I'd like to add virtual server to VPN and test public entry points from developer machine.
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl <mailto:nix-dev at lists.science.uu.nl>
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
More information about the nix-dev
mailing list