updating documentation
This commit is contained in:
96
tempnotes.md
96
tempnotes.md
@@ -1,35 +1,33 @@
|
||||
<!-- vscode-markdown-toc -->
|
||||
* [Decoupling](#Decoupling)
|
||||
* [Creating Database + VPC + Subnets in Cloudformation](#CreatingDatabaseVPCSubnetsinCloudformation)
|
||||
* [Single instance (no load balancer)](#Singleinstancenoloadbalancer)
|
||||
* [EC2::VPC](#EC2::VPC)
|
||||
* [Enable DNS](#EnableDNS)
|
||||
* [EC2::Subnet](#EC2::Subnet)
|
||||
* [EC2::InternetGateway](#EC2::InternetGateway)
|
||||
* [EC2::VPCGatewayAttachment](#EC2::VPCGatewayAttachment)
|
||||
* [AWS::EC2::RouteTable](#AWS::EC2::RouteTable)
|
||||
* [AWS::EC2::Route](#AWS::EC2::Route)
|
||||
* [AWS::EC2::SubnetRouteTableAssociation](#AWS::EC2::SubnetRouteTableAssociation)
|
||||
* [Running notes](#Runningnotes)
|
||||
* [Database](#Database)
|
||||
* [Work Commands](#WorkCommands)
|
||||
* [tags](#tags)
|
||||
* [deploy](#deploy)
|
||||
* [delete](#delete)
|
||||
* [describe-stack-resources](#describe-stack-resources)
|
||||
* [Adding SSL to ELB](#AddingSSLtoELB)
|
||||
* [With load balancer](#Withloadbalancer)
|
||||
* [EB Templates/Resources](#EBTemplatesResources)
|
||||
* [Configuring security groups](#Configuringsecuritygroups)
|
||||
* [Elastic Load Balancer](#ElasticLoadBalancer)
|
||||
* [Elastic Scaler](#ElasticScaler)
|
||||
* [RDS](#RDS)
|
||||
* [Security group to allow EC2 instances to talk to each other](#SecuritygrouptoallowEC2instancestotalktoeachother)
|
||||
* [Custom VPC + Subnets in EB](#CustomVPCSubnetsinEB)
|
||||
* [Using cloudformation functions in EB config files](#UsingcloudformationfunctionsinEBconfigfiles)
|
||||
* [Creating a read replica RDS](#CreatingareadreplicaRDS)
|
||||
* [Multiple security groups on the same resource](#Multiplesecuritygroupsonthesameresource)
|
||||
* [Private subnets](#Privatesubnets)
|
||||
|
||||
- [Decoupling](#Decoupling)
|
||||
- [Creating Database + VPC + Subnets in Cloudformation](#CreatingDatabaseVPCSubnetsinCloudformation)
|
||||
- [Single instance (no load balancer)](#Singleinstancenoloadbalancer)
|
||||
_ [EC2::VPC](#EC2::VPC)
|
||||
_ [Enable DNS](#EnableDNS)
|
||||
_ [EC2::Subnet](#EC2::Subnet)
|
||||
_ [EC2::InternetGateway](#EC2::InternetGateway)
|
||||
_ [EC2::VPCGatewayAttachment](#EC2::VPCGatewayAttachment)
|
||||
_ [AWS::EC2::RouteTable](#AWS::EC2::RouteTable)
|
||||
_ [AWS::EC2::Route](#AWS::EC2::Route)
|
||||
_ [AWS::EC2::SubnetRouteTableAssociation](#AWS::EC2::SubnetRouteTableAssociation)
|
||||
- [Running notes](#Runningnotes) \* [Database](#Database)
|
||||
- [Work Commands](#WorkCommands)
|
||||
_ [tags](#tags)
|
||||
_ [deploy](#deploy)
|
||||
_ [delete](#delete)
|
||||
_ [describe-stack-resources](#describe-stack-resources)
|
||||
- [Adding SSL to ELB](#AddingSSLtoELB) \* [With load balancer](#Withloadbalancer)
|
||||
- [EB Templates/Resources](#EBTemplatesResources)
|
||||
- [Configuring security groups](#Configuringsecuritygroups)
|
||||
- [Elastic Load Balancer](#ElasticLoadBalancer)
|
||||
_ [Elastic Scaler](#ElasticScaler)
|
||||
_ [RDS](#RDS) \* [Security group to allow EC2 instances to talk to each other](#SecuritygrouptoallowEC2instancestotalktoeachother)
|
||||
- [Custom VPC + Subnets in EB](#CustomVPCSubnetsinEB)
|
||||
- [Using cloudformation functions in EB config files](#UsingcloudformationfunctionsinEBconfigfiles)
|
||||
- [Creating a read replica RDS](#CreatingareadreplicaRDS)
|
||||
- [Multiple security groups on the same resource](#Multiplesecuritygroupsonthesameresource)
|
||||
- [Private subnets](#Privatesubnets)
|
||||
|
||||
<!-- vscode-markdown-toc-config
|
||||
numbering=false
|
||||
@@ -304,3 +302,39 @@ If you use private subnets, the nat gateway is not cheap - £30 a month.
|
||||
You dont need the nat gateway, you can achieve the same thing with security groups (block all incoming) (explained <https://www.reddit.com/r/aws/comments/75bjei/private_subnets_nats_vs_simply_only_allowing/>).
|
||||
|
||||
An advantage to NAT is all outgoing requests to the internet come from a single IP.
|
||||
|
||||
## Using certbot CLI to generate SSL
|
||||
|
||||
### Wildcard certificate
|
||||
|
||||
In a new virtualenv install certbot:
|
||||
|
||||
```bash
|
||||
pip install certbot
|
||||
```
|
||||
|
||||
Run the `certbot` command:
|
||||
|
||||
```bash
|
||||
sudo certbot certonly --manual --preferred-challenges=dns --email dtomlinson@panaetius.co.uk --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d "*.panaetius.co.uk"
|
||||
```
|
||||
|
||||
Follow the instructions to add a `TXT` record to your DNS server for validation.
|
||||
|
||||
When finished you should see:
|
||||
|
||||
```markdown
|
||||
- Congratulations! Your certificate and chain have been saved at:
|
||||
/etc/letsencrypt/live/panaetius.co.uk/fullchain.pem
|
||||
Your key file has been saved at:
|
||||
/etc/letsencrypt/live/panaetius.co.uk/privkey.pem
|
||||
Your cert will expire on 2020-08-01. To obtain a new or tweaked
|
||||
version of this certificate in the future, simply run certbot
|
||||
again. To non-interactively renew _all_ of your certificates, run
|
||||
"certbot renew"
|
||||
- Your account credentials have been saved in your Certbot
|
||||
configuration directory at /etc/letsencrypt. You should make a
|
||||
secure backup of this folder now. This configuration directory will
|
||||
also contain certificates and private keys obtained by Certbot so
|
||||
making regular backups of this folder is ideal.
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user