Page MenuHomeDevCentral

Set alternative domain to serve Zed Phabricator files
Open, NormalPublic

Description

Domain: phabricator-files-for-zed.nasqueron.org

https://code.zed.dereckson.be is the oldest Phabricator instance we manage (launched in 2012), and is used by Zed.

We should modernize a little bit this installation, and use an alternate domain for static files.

Event Timeline

DNS

Done.

phabricator-files-for-zed.nasqueron.org. 86400 IN CNAME code.zed.dereckson.be.

Nginx

Temporary configuration to allow Let's encrypt challenge done.

Once SSL certificate has been generated it will be:

/etc/nginx/nginx.conf
server {
    listen 80;
    listen [::]:80;
    server_name phabricator-files-for-zed.nasqueron.org;

    return 301 https://$host$request_uri;
}

server {
    server_name phabricator-files-for-zed.nasqueron.org;

    include letsencrypt;

    include ssl_params;
    ssl_certificate /data/letsencrypt/etc/live/phabricator-files-for-zed.nasqueron.org/fullchain.pem;
    ssl_certificate_key /data/letsencrypt/etc/live/phabricator-files-for-zed.nasqueron.org/privkey.pem;

    include proxy_params;
    location / { proxy_pass http://localhost:36080; }
}

SSL certificate

This one will wait a little bit, as we've consumed our quota with renewals: https://crt.sh/?q=%25nasqueron.org

Dwellers
$ letsencrypt certonly --server https://acme-v01.api.letsencrypt.org/directory -a webroot --webroot-path=/www -d phabricator-files-for-zed.nasqueron.org
[…]
There were too many requests of a given type :: Error creating new cert :: Too many certificates already issued for: nasqueron.org
dereckson removed dereckson as the assignee of this task.Mar 8 2018, 21:07

[ Those tasks have been identified as suitable for the next operations sprint. ]