Same issue for rhyne-wyse.log. Configuration was copied from acme.sh one.

The full /etc/nginx directories on both docker-002 and dwellers use httpd_config_t for every file.

Alternatively, we made a lot of progress on this in T2124.

So, there is a new reason to do the upgrade.

First step is to create a script to renew all needed certificates:

Une fois que tu as retrouvé les accès SSH pour le web statique:

• WindRiver: automatiquement https://windriver.nasqueron.org/~xcombelle est disponible si tu places des fichiers dans /var/home-wwwroot/xcombelle (je ne sais plus si ça se crée automatiquement avec symlink vers $HOME/public_html, à vérifier)
• Eglide: https://www.eglide.org/~xcombelle pour $HOME/public_html

So, to get routing back:

Not sure of the current benefit to use TC2.

This is still needed for acme.sh if we want to provision different *.nasqueron.org certificates on different servers.

Salt SELinux module issue

SELinux context was the default for anything created under /var, which we didn't allow and aren't interested to allow for nginx.

Yes, it's a fork from Vault 1.14 so we've all the features of token generation. back to the shorter s. tokens).

• about the UI it could be usefull managing secrets more easyly

Can't repro

Mumble isn't currently in scope.

Both are already set in DNS:

We use a wildcard certificate, so issuewild is needed, yes.

@Ash-Crow @fauve @rama @replicatorbe @Sandlayth @xcombelle Any feedback on this?

From router-001 network looks good:

Stopped currently not needed salt and node-exporter on router-001 to see if that helps.

Could be at hypervisor level. SSH failed until 13:22 where it worked immediately.

It could be easier to deploy https://github.com/kpetremann/salt-exporter

Key confirmed to work.

Still some issue to connect, SSH2 RSA key not recognized.