SSL / Let's Encrypt for Azuracast

floatingtim · October 30, 2020, 9:46pm

I was following this guide:
https://forums.reclaimhosting.com/t/installing-ssl-certificate-on-custom-domain-in-reclaim-cloud/3130
but it’s closed for comments, so please feel free to combine this topic with that one.

I have completed the domain binding, but when I click on the Add-Ons for Azuracast, Let’s Encrypt is not listed:

Is there another process I can follow to have Let’s Encrypt generate a cert for Azuracast?

timmmmyboy · October 30, 2020, 9:58pm

Certain types of containers don’t support the Let’s Encrypt addon. Docker and VPS containers are examples of that. In those cases the best way to do it is to add a Load Balancer to the environment and you can then add the Let’s Encrypt addon to the load balancer which will proxy those requests. Jim models that in this thread https://forums.reclaimhosting.com/t/adding-a-custom-domain-to-a-reclaim-cloud-environment/3133

siruslan · November 5, 2020, 8:56am

My 2 cents if you do not mind, the mentioned approach using load balancer is the simplest way. But just to give you a full picture, there is also a possibility to integrate Jelastic Let’s Encrypt Add-on with custom (aka non-certified) containers via deployHook. A few examples how it works

github.com

jelastic-jps/docker/blob/clustering-1.1/addons/portainer.jps#L103


      
                yes | cp -f ${dir}/* ${globals.CERTS}
                #iptables -t nat -D PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 4848
                #service iptables save
                service docker restart' > ${globals.UNDEPLOY_HOOK}
          
          

          
  - install:
                jps: https://raw.githubusercontent.com/jelastic-jps/lets-encrypt/master/manifest.jps?_r=${fn.random}
                nodeGroup: cp
                settings:
                  deployHook: ${globals.DEPLOY_HOOK_JS}
                  deployHookType: js
                  undeployHook: ${globals.DEPLOY_HOOK_JS}
                  undeployHookType: js
                  _customDomains: ${env.domain}
                  
          add-nat-forwarding:
            cmd[${this.ids}]: |-    
              [[ $HOSTNAME != $MASTER_HOST* ]] && {
                iptables -t nat ${this.act} PREROUTING -p tcp --dport ${this.port} -j DNAT --to-destination ${nodes.cp.master.intIP}:${this.port} 
                iptables ${this.act} FORWARD -p tcp -j ACCEPT

github.com

jelastic-jps/openvpn-as/blob/master/manifest.jps#L184


      
            - caption: Admin UI
              href: https://${env.domain}:${globals.webUiPort}/admin
          
          
  - menu:
                - caption: Change Mode
                  settings: main
                  action: setupMode
          
          
      - caption: Reset Password
                  confirmText: Reset OpenVPN Access Server admin password?
                  loadingText: Resetting password...
                  action: resetPassword
          
          
onInstall:
            - installVPN
            - configureVPN:
                extIp: ${nodes.cp.master.extIPs[0]}
                mode: ${settings.mode}
                leAddon: ${settings.leAddon}
                customDomains: ${settings.customDomains}
                init: true

github.com

jelastic-jps/gitlab/blob/master/manifest.jps#L278


      
              printf '#!/bin/bash
              mkdir -p $(dirname ${globals.UNDEPLOY_HOOK})
              yes | cp -f ${dir}/* ${globals.CERTS}
              iptables -t nat -D PREROUTING -p tcp -m tcp --dport 4848 -j REDIRECT --to-ports 443
              service iptables save
              service docker restart' > ${globals.UNDEPLOY_HOOK}
          
          
- install:
              jps: https://raw.githubusercontent.com/jelastic-jps/lets-encrypt/master/manifest.jps?_r=${fn.random}
              nodeGroup: cp
              settings:
                deployHook: ${globals.DEPLOY_HOOK_JS}
                deployHookType: js
                undeployHook: ${globals.DEPLOY_HOOK_JS}
                undeployHookType: js
                _customDomains: ${env.domain}
          
          
- if (!${this.skipEnvs:false}): 
             cmd[cp]: |-
                cd gitlab
                docker-compose stop &>> /var/log/run.log

timmmmyboy · November 5, 2020, 12:31pm

@siruslan Oh cool, I’ll look into adding that as a possibility for the installers we build, would definitely make the process of using custom domains a bit more straightforward.

taylorjadin · November 9, 2020, 10:46pm

I’m currently moving my azuracast install over to Reclaim Cloud and I’ve had success keeping it behind the Shared Load Balancer (so the built in SSL works), but then using the Endpoints feature in Jelastic to open up the port that I need to connect to stream. I have it configured like this:

Then in my streaming software instead of streaming to azuracast on port 8005, I use 11004. I can go into more detail if thats helpful to anyone.

queenuv · September 24, 2021, 5:45am

I am facing the same problems...

system · October 30, 2021, 9:46pm

This topic was automatically closed after 365 days. New replies are no longer allowed.