Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 28 Next »

The new software stack for SolusVM is compatible with v1.x and will allow you to use a maintained NGINX version instead of the standard lighttpd version shipped with v1.x

This documentation is for Master (UI) servers and Slave servers

The following port changes have been made to UI (master) servers:

  • Port 5353 has been disabled
  • Port 443 is now standard and active
  • Port 5656 is still active and must remain active
  • Port 80 has been disabled and is only used for certificate validation

Installing the Repositories

If /etc/yum.repos.d/solusvm.repo already exists it means it's already installed and you can skip this step

Refer to the following docs SolusVM 2 Enterprise Linux Yum Repository

Installing the NGINX Stack

You will need to shutdown the current lighttpd service:

SSH:
service lighttpd stop
chkconfig lighttpd off

 

Next install NGINX and the legacy configs:

Master (UI) Server

SSH:
yum install svmstack-nginx svmstack-nginx-legacy-master-config

Slave Server

SSH:
yum install svmstack-nginx svmstack-nginx-legacy-slave-config

 

Start the new service:

SSH:
service svmstack-nginx start

SSL Certificate

Master

LetsEncrypt

You can install our letsencrypt stack component to issue a certificate with automatic renewal:

SSH:
yum install svmstack-letsencrypt

Once installed run the following to setup the correct domain. Please note the domain must already resolve to your master server:

SSH:
/usr/local/svmstack/letsencrypt/letsencrypt -i

You will be asked two questions:

  • Enter domain name: Enter the domain name you wish to use. Don't include the www. prefix. i.e: mycp.vpscontrol.com
  • Include the www prefix in the certificate? (y/n): Do you also want to include the www. prefix in the certificate. Generally it's not needed but if you want to use this feature www.mycp.vpscontrol.com must also resolve

Once you have answered the 2 questions a certificate will be generated and if successful will be updated in the nginx config and reloaded.

When you have completed these steps, you don't need to do this again unless you change the domain name. The certificate will be automatically updated to keep it valid. If you need to force an update of the certificate with the same domain settings you can run the same command without the -i flag. Just be aware that you can only issue the certificate 5 times per 7 days due to the current letsencrypt rate limiting.

Manual Setup

In most cases you will already have a valid certificate for your master which lighttpd would have been using. You can use this certificate with the new stack by copying the existing certificate to the following locations:

/usr/local/svmstack/nginx/ssl/ssl.crt
/usr/local/svmstack/nginx/ssl/ssl.key

/usr/local/svmstack/nginx/ssl/ssl.crt should contain the certificate.

/usr/local/svmstack/nginx/ssl/ssl.key should contain the private key.

It is advised you use the default locations specified above when copying the certificates. This is an experimental feature so the configuration files may change on updates. Keeping the default locations will ensure the service continues to run and extra modules can automatically use the certificates without further intervention.

 

Now restart the service:

SSH:
service svmstack-nginx restart

Slave

A slave can usually function on a self-signed certificate. If you require a valid certificate you can use the same process as the master certificate setup.

Configuring Additional Ports

There is no longer a need to add additional ports. Port 443 is now standard in the new stack and the non SSL ports have been disabled, however port 5656 is still required.
  • No labels