Linode 实例 SSL 安装和使用 Cloudflare 自动分配 DNS
这是我的实现。
resource "linode_instance" "server" {
count = 1
label = "server-${count.index}"
region = "ap-west"
image = "linode/ubuntu21.10"
type = "g6-nanode-1"
tags = ["prod"]
root_pass = var.linode_instance_root_password
stackscript_id = linode_stackscript.nodejs_script.id
stackscript_data = {
"dns" = "server-${count.index}"
"email" = var.ssl_certificate_email
}
}
resource "cloudflare_record" "server" {
zone_id = var.cloudflare_zone_id
name = "server-${count.index}"
count = "${length(linode_instance.server)}"
value = "${linode_instance.server[count.index].ip_address}"
ttl = 1
type = "A"
}
我可以在 Linode 脚本中使用 certbot 创建certificate.pem 和 private key.pem 文件,但是由于我在创建 Linode 实例后创建了 DNS 资源,所以不可能这样做。这方面的最佳实践是什么?
注意:我还尝试创建通配符认证(如此处所述),但我不确定如何将证书文件复制到我的服务器?
更新
sudo apt-get --assume-yes install certbot
# <UDF name="dns" label="System Package to Install" example=“server" default="">
sudo certbot certonly --standalone --non-interactive --agree-tos -m [email protected] -d $DNS
Here it’s my implementation.
resource "linode_instance" "server" {
count = 1
label = "server-${count.index}"
region = "ap-west"
image = "linode/ubuntu21.10"
type = "g6-nanode-1"
tags = ["prod"]
root_pass = var.linode_instance_root_password
stackscript_id = linode_stackscript.nodejs_script.id
stackscript_data = {
"dns" = "server-${count.index}"
"email" = var.ssl_certificate_email
}
}
resource "cloudflare_record" "server" {
zone_id = var.cloudflare_zone_id
name = "server-${count.index}"
count = "${length(linode_instance.server)}"
value = "${linode_instance.server[count.index].ip_address}"
ttl = 1
type = "A"
}
I can create the certificate.pem and private key.pem files with certbot in Linode Script however since I create the DNS resource after the Linode instance creation it’s not possible to do that. What are the best practices for this?
Note: I've also tried to create wildcard certification (as explained in here) but I'm not sure how can I copy the certificate files to my servers?
Update
sudo apt-get --assume-yes install certbot
# <UDF name="dns" label="System Package to Install" example=“server" default="">
sudo certbot certonly --standalone --non-interactive --agree-tos -m [email protected] -d $DNS
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论