From 089aaca1ed6fe672f01c5049f1bf3956bdd35065 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Javier=20B=C3=A9rtoli?= Date: Mon, 18 Oct 2021 19:42:43 -0300 Subject: [PATCH] 17742: update docs addressing review suggestions MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Arvados-DCO-1.1-Signed-off-by: Javier Bértoli --- doc/install/salt-multi-host.html.textile.liquid | 4 ++-- doc/install/salt-single-host.html.textile.liquid | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/doc/install/salt-multi-host.html.textile.liquid b/doc/install/salt-multi-host.html.textile.liquid index f3afcd5031..da86c443af 100644 --- a/doc/install/salt-multi-host.html.textile.liquid +++ b/doc/install/salt-multi-host.html.textile.liquid @@ -106,11 +106,11 @@ cp -r config_examples/multi_host/aws local_config_dir Edit the variables in the local.params file. Pay attention to the *_INT_IP, *_TOKEN and *KEY variables. Those variables will be used to do a search and replace on the pillars/* in place of any matching __VARIABLE__. -The multi_host include LetsEncrypt salt code to automatically request and install the certificates for the public-facing hosts (API/controller, Workbench, Keepproxy/Keepweb) using AWS' Route53. +The multi_host example includes LetsEncrypt salt code to automatically request and install the certificates for the public-facing hosts (API/controller, Workbench, Keepproxy/Keepweb) using AWS' Route53. If you plan to use custom certificates, please set the variable USE_LETSENCRYPT=no and copy your certificates to the directory specified with the variable @CUSTOM_CERTS_DIR@ (usually "./certs") in the remote directory where you copied the @provision.sh@ script. From this dir, the provision script will install the certificates required for the role you're installing. -The script expects cert/key files with these basenames (matching the role except for keepweb, which is split in both downoad / collections): +The script expects cert/key files with these basenames (matching the role except for keepweb, which is split in both download / collections): * "controller" * "websocket" diff --git a/doc/install/salt-single-host.html.textile.liquid b/doc/install/salt-single-host.html.textile.liquid index 857cdb0dce..11c8991e9a 100644 --- a/doc/install/salt-single-host.html.textile.liquid +++ b/doc/install/salt-single-host.html.textile.liquid @@ -55,9 +55,11 @@ cp -r config_examples/single_host/single_hostname local_config_dir Edit the variables in the local.params file. Pay attention to the *_PORT, *_TOKEN and *KEY variables. +The single_host examples use self-signed SSL certificates, which are deployed using the same mechanism used to deploy custom certificates. + If you plan to use custom certificates, please set the variable USE_LETSENCRYPT=no and copy your certificates to the directory specified with the variable @CUSTOM_CERTS_DIR@ (usually "./certs") in the remote directory where you copied the @provision.sh@ script. From this dir, the provision script will install the certificates required for the role you're installing. -The script expects cert/key files with these basenames (matching the role except for keepweb, which is split in both downoad / collections): +The script expects cert/key files with these basenames (matching the role except for keepweb, which is split in both download / collections): * "controller" * "websocket" @@ -76,6 +78,8 @@ ${CUSTOM_CERTS_DIR}/keepproxy.key +If you want to use valid certificates provided by LetsEncrypt, please set the variable USE_LETSENCRYPT=yes and make sure that all the FQDNs that you will use for the public-facing applications (API/controller, Workbench, Keepproxy/Keepweb) are reachable. + h3(#single_host_multiple_hostnames). Single host / multiple hostnames (Alternative configuration) 
cp local.params.example.single_host_multiple_hostnames local.params
-- 
2.30.2