How to add SSL certificate?
Learn how to setup SSL certificate using certbot or another SSL certificate
- Server must have Domain Name System (DNS) set up
- Ports 80 and 443 must be opened on firewall
Stop RevDeBug Server if it is running
sudo docker run -it --rm --name certbot -p 80:80 -p 443:443 \
-v "/var/rdb/etc/letsencrypt:/etc/letsencrypt" \
-v "/var/rdb/var/lib/letsencrypt:/var/lib/letsencrypt" \
certbot/certbot certonly
To minimize the impact of erroneously issued certificates, the Let's Encrypt license expires every three months - you can use another SSL certificate
Remember that the certificate file should contain the full certificate chain and be in a PEM format - more on how to create this type of file here
- 1.How would you like to authenticate with the ACME CA?
- Select: Spin up a temporary webserver (standalone)
- 2.If you are doing this for the first time then you will need to provide your contact email and accept the terms and conditions.
- 3.Please enter the domain name(s) you would like on your certificate (comma and/or space separated)
- You must specify the fully qualified server name (DNS), for example: revdebug.company.com
- 4.After the certificate generation was successful you should see a message similar to the one below:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/[host_name]/fullchain.pem
Key is saved at: /etc/letsencrypt/live/[host_name]/privkey.pem
This certificate expires on [date].
These files will be updated when the certificate renews.
- Change directory
cd /var/rdb/etc/letsencrypt/live/[your_dns_adress]
- Copy the fullchain.pem and privkey.pem key to a pre-selected location of your choice (default path is
/var/revdebug/cert
) Commands to copy the files:
mkdir -p /var/revdebug/cert
cp fullchain.pem /var/revdebug/cert/[yourCert].crt
cp privkey.pem /var/revdebug/cert/[yourCert].key
Files must have the same name with the correct extension
Name | Explanation |
---|---|
REVDEBUG_CERTIFICATE_PATH | Location of ssl certificates files e.g.: /var/revdebug/cert |
REVDEBUG_CERTIFICATE_NAME | Name of the .crt and .key files in the certificate directory e.g.: yourCert |
- To change the default path where the certificates are located, you must also change the
REVDEBUG_CERTIFICATE_PATH
setting in the .env file.
After enabling the options in the .env file, start RevDeBug Server and access its HTTPS address to verify the changes work.
Set
<RevDeBugForceTLS>true</RevDeBugForceTLS>
in Directory.Build.props for example:Directory.Build.props
<Project>
<PropertyGroup Condition="'$(RevDeBugDisableNuget)' != 'true'">
<RevDeBugActive>true</RevDeBugActive>
<UseRevDeBugOnThisProject>true</UseRevDeBugOnThisProject>
<RevDeBugStateStorageType>CrashRecorder</RevDeBugStateStorageType>
<SendToServer>true</SendToServer>
<RecorderAddress>[host_name]</RecorderAddress>
<RecorderTCPPort>42734</RecorderTCPPort>
<RevDeBugForceTLS>true</RevDeBugForceTLS>
<ImportGitInfo>true</ImportGitInfo>
</PropertyGroup>
<PropertyGroup Condition="'$(TargetFrameworkIdentifier)' != '.NETFramework'">
<isNetCore>true</isNetCore>
</PropertyGroup>
</Project>
Set
"ForceTLS": true
in skyapm.json for example:skyapm.json
{
"SkyWalking": {
"ServiceName": "ServiceName",
"Namespace": "",
"HeaderVersions": [
"sw8"
],
"Sampling": {
"SamplePer3Secs": -1
"Percentage": -1.0
},
"Logging": {
"Level": "Information",
"FilePath": "logs\\skyapm-{Date}.log"
},
"Transport": {
"Interval": 3000
"ProtocolVersion": "v8",
"QueueSize": 30000,
"BatchSize": 3000,
"gRPC": {
"Servers": "[host_name]:11800",
"Timeout": 10000,
"ConnectTimeout": 10000,
"ReportTimeout": 600000,
"ForceTLS": true
}
}
}
}
You would need to recompile/rebuild your application after those changes.
Maven
Gradle
Set
AforceTLS=true
in pom.xml for example:pom.xml
<project>
...
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.1</version>
<configuration>
<compilerArgs>
<arg>-ArecordServerAddress=[host_name]</arg>
<arg>-ArecordServerPort=42734</arg>
<arg>-ArecordingMode=OnEvent</arg>
<arg>-AapplicationName=[APP_NAME]</arg>
<arg>-AsolutionName=[PROJECT_NAME]</arg>
<arg>-AreleaseId=${git.commit.id}</arg>
<arg>-AreleaseDisplayName=[DISPLAY_NAME]</arg>
<arg>-ArepositoryPath=[STORAGE_PATH]</arg>
<arg>-AuploadMetadata=true</arg>
<arg>-AforceTLS=true</arg>
</compilerArgs>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
</plugins>
...
</project>
Set
AforceTLS=true
in build.gradle for example:build.gradle
compileJava {
options.compilerArgs = [
"-ArecordServerAddress=[host_name]",
"-ArecordServerPort=42734",
"-ArecordingMode=OnEvent",
"-AapplicationName=[APP_NAME]",
"-AsolutionName=[PROJECT_NAME]",
"-AreleaseId=[HASH_COMMIT]",
"-AreleaseDisplayName=[DISPLAY_NAME]",
"-ArepositoryPath=[STORAGE_PATH]",
"-AuploadMetadata=true",
"-AlogErrorClass=[LOG_CLASS]",
"-AlogErrorMethod=[LOG_METHOD]",
"-AREVDEBUG_TRACE_LOG_ERROR=true",
"-AforceTLS=true"
]}
agent.force_tls
set to true
if your RevDeBug DevOps Monitor instance has been configured to work with an SSL certificate.You would need to recompile/rebuild your application after those changes.
Set
"secure": true
in revdebug.json for example:revdebug.json
{
"host": "[host_name]",
"apm": true,
"mode": "onevent",
"solution": "Node.js Application",
"secure": true
}
You would need to recompile/rebuild your application after those changes.
Set
force_tls = 1
in revdebug.cfg for example:revdebug.cfg
solution = Solution_Name
application = App_Name
mode = OnEvent
host = [host_name]
apm = 1
force_tls = 0 # 0 or 1, whether the RevDeBug server uses a secure connection