To create a certificate - run:
openssl req -x509 -sha256 -nodes -newkey rsa:4096 -keyout infra.key -out infra.crt -days 365 -addext "subjectAltName = DNS:*.${infra.domain}"Note that we use
-nodesto not require a password to not pass it to Traefik
-
Copy the certificates to the
infra/services/core/config/certs/. -
Run
vagrant provision --provision-with=preconfigure,configure -
Run
vagrant provision --provision-with=core-install,core -
Enter virtual machine with
vagrant ssh -
Run
sudo systemctl restart docker.service
To use the Registry with self-signed certificates it's important to add them to each node:
For Linux:
/etc/docker/certs.d/registry.${infra.domain}/ca.crtFor Windows:
Import-Certificate -FilePath "C:\vagrant\..." -CertStoreLocation Cert:\LocalMachine\Root