modified backup and restore script to capture the /certs directory. Also added a section tot eh readme

This commit is contained in:
sadnub 2020-10-18 15:10:54 -04:00
parent 0524f6bc0b
commit 91782e1ce8
4 changed files with 16 additions and 1 deletions

View File

@ -125,3 +125,14 @@ wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/develop/restore.sh
chmod +x restore.sh
./restore.sh rmm-backup-xxxxxxx.tar
```
## Using another ssl certificate
During the install you can opt out of using the Let's Encrypt certificate. If you do this the script will create a self-signed certificate, so that https continues to work. You can replace the certificates in /certs/example.com/(privkey.pem | pubkey.pem) with your own.
If you are migrating from Let's Encrypt to another certificate provider, you can create the /certs directory and copy your certificates there. It is recommended to do this because this directory will be backed up with the backup script provided. Then modify the nginx configurations to use your new certificates
The cert that is generated in a wildcard certificate and is used in the nginx configurations: rmm.conf, api.conf, and mesh.conf. If you can't generate wildcard certificates you can create a cert for each subdomain and configure each nginx configuration file to use it's own certificate. Then restart nginx:
```
sudo systemctl restart nginx
```

View File

@ -39,6 +39,7 @@ sudo tar -czvf ${tmp_dir}/salt/etc-salt.tar.gz -C /etc/salt .
tar -czvf ${tmp_dir}/salt/srv-salt.tar.gz -C /srv/salt .
sudo tar -czvf ${tmp_dir}/certs/etc-letsencrypt.tar.gz -C /etc/letsencrypt .
sudo tar -czvf ${tmp_dir}/certs/certs.tar.gz -C /certs .
sudo tar -czvf ${tmp_dir}/nginx/etc-nginx.tar.gz -C /etc/nginx .

View File

@ -133,6 +133,8 @@ sudo apt install -y software-properties-common
sudo apt update
sudo apt install -y certbot openssl
sudo mkdir /certs
until [[ $LETS_ENCRYPT =~ (y|n) ]]; do
echo -ne "${YELLOW}Do you want to generate a Let's Encrypt certificate?[y,n]${NC}: "
read LETS_ENCRYPT
@ -160,7 +162,6 @@ if [[ $LETS_ENCRYPT == "y" ]]; then
else
echo -ne "\n${GREEN}We will generate a self-signed certificate for you.${NC}\n"
echo "\n${GREEN}You can replace this certificate later by generating the certificates and editting the nginx configuration\n"
sudo mkdir /certs
sudo mkdir /certs/${rootdomain}
sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out /certs/${rootdomain}/pubkey.pem -keyout /certs/${rootdomain}/privkey.pem -subj "/C=US/ST=Some-State/L=city/O=Internet Widgits Pty Ltd/CN=*.${rootdomain}"

View File

@ -122,6 +122,8 @@ sudo apt install -y certbot
sudo rm -rf /etc/letsencrypt
sudo mkdir /etc/letsencrypt
sudo tar -xzf $tmp_dir/certs/etc-letsencrypt.tar.gz -C /etc/letsencrypt
sudo mkdir /certs
sudo tar -xzf $tmp_dir/certs/certs.tar.gz -C /certs
print_green 'Restoring celery configs'