main
ROOT /
pages /
install-key-and-cert.md
42 lines | ISO-8859-1 | 2 KB

Install Private Key and Certificate


  1. Run below command to generate pkcs#12 keystore file from your certificate and private key:

    openssl pkcs12 -export -out onedev.pfx -inkey /path/to/your-private-key.pem -in /path/to/your-cert.pem
    
  2. If you are running OneDev as docker container, restart the container with below command to enable https support:

    docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock -v $(which docker):/usr/bin/docker -v $(pwd)/onedev:/opt/onedev -v <onedev-keystore>:/opt/onedev/conf/onedev.pfx -e https_port=6643 -e keystore=/opt/onedev/conf/onedev.pfx -e keystore_password=<onedev-keystore-password> -p 6643:6643 -p 6611:6611 1dev/server
    

    Here <onedev-keystore> should be replaced with absolute path to onedev.pfx generated above, and <onedev-keystore-password> should be replaced with specified password when generate the keystore

  3. If you are deploying OneDev into Kubernetes:

    • Run below command to generate base64 encoded keystore into ssl directory of Kubernetes resources:

      base64 <onedev-keystore> > /path/to/k8s-resources/ssl/onedev.pfx.base64
      

      Here <onedev-keystore> should be replaced with path to onedev.pfx generated above

    • Edit file /path/to/k8s-resources/ssl/kustomization.yaml to set keystore and password as below:

      ...
      files:
       - keystore=onedev.pfx.base64
      ...
      literals:
       - password=<specified password when generate keystore>
      ...
      
    • Run kubectl apply -k . from the ssl directory to redeploy OneDev with https enabled
  4. If you are running OneDev on bare metal machine:

    • Copy file onedev.pfx into directory /opt/onedev/conf (assume OneDev is installed in /opt/onedev, same below)
    • Edit file /opt/onedev/conf/server.properties to specify keystore and password as below:

      https_port=6643
      ...
      keystore=onedev.pfx
      keystore_password=<password specified when generate the keystore>
      
    • Then restart OneDev to take the change into effect
Please wait...
Page is in error, reload to recover