Re: [debops-users] Fwd: [ SSL concentrator hub ]
On 07 Nov 2018, at 13:13 , Sergiusz Pawlowicz
<sergiusz(a)pawlowicz.name> wrote:
Hi debopsers, I need to build a SSL concentrator hub which receives SSL traffic
from outside and proxies to backstage non-SSL servers. This hub is
going to be built from ~10 nginx servers.
Question is: how can I utilise debops/ansible to synchronise
letscencrypt key between servers? Do you have any other useful hints?
Whenever I got to these multiple server certificates, *my* advice would be to consider the
DNS authentication/validation method of the ACME protocol, and then deploy the certificate
fetched that way, as it is “out-of-band” from the HTTP/HTTPS to the actual servers, as
then the certificate & keys just become a simple file transfer process from the
controller (doing the ACME DNS stuff) to the nginx servers.
Attachments:
- signature.asc (application/pgp-signature — 488 bytes)