conn Posted September 1, 2018 Report Share Posted September 1, 2018 Hello, I am familiar with setting up a server and am using Digitalocean to do so: https://docs.2600hz.com/sysadmin/doc/install/install_via_centos7/ I was just wondering about setting up SSL with it. Would a Godaddy Extended Domain & Business Validation (EV) certificate work? Quote Link to comment Share on other sites More sharing options...
2600Hz Employees mc_ Posted September 4, 2018 2600Hz Employees Report Share Posted September 4, 2018 There's a page from a while ago: https://docs.2600hz.com/dev/applications/crossbar/doc/securing_crossbar/ It shows setting up a self-signed certificate but you can just skip to where the guide configures Crossbar. Should work as expected once you restart Crossbar. Another option is to use HAProxy or similar in front of Crossbar to handle SSL termination. Quote Link to comment Share on other sites More sharing options...
conn Posted September 5, 2018 Author Report Share Posted September 5, 2018 On 9/4/2018 at 9:50 AM, mc_ said: There's a page from a while ago: https://docs.2600hz.com/dev/applications/crossbar/doc/securing_crossbar/ It shows setting up a self-signed certificate but you can just skip to where the guide configures Crossbar. Should work as expected once you restart Crossbar. Another option is to use HAProxy or similar in front of Crossbar to handle SSL termination. Does that mean I cannot use something like Godaddy's Godaddy EV SSL Certificates? Quote Link to comment Share on other sites More sharing options...
2600Hz Employees mc_ Posted September 6, 2018 2600Hz Employees Report Share Posted September 6, 2018 You just need to get the cert in the right location. Honestly HAProxy fronting it is probably a better solution anyway, since you can load balance among servers running Crossbar, stay up-to-date on the encryption/cipher suites better, etc. Quote Link to comment Share on other sites More sharing options...
conn Posted September 6, 2018 Author Report Share Posted September 6, 2018 37 minutes ago, mc_ said: You just need to get the cert in the right location. Honestly HAProxy fronting it is probably a better solution anyway, since you can load balance among servers running Crossbar, stay up-to-date on the encryption/cipher suites better, etc. Interesting. So, do you guys have any tutorials for the HAProxy option? Or is this just something I have to "go google"? Quote Link to comment Share on other sites More sharing options...
2600Hz Employees mc_ Posted September 6, 2018 2600Hz Employees Report Share Posted September 6, 2018 Yeah, its a pretty straightforward setup of pointing DNS to your HAProxy instead of Crossbar, configuring it with the SSL certs, and setting up the backends with your Crossbar instances. Any HAProxy guide should do the trick. Quote Link to comment Share on other sites More sharing options...
conn Posted September 7, 2018 Author Report Share Posted September 7, 2018 7 hours ago, mc_ said: Yeah, its a pretty straightforward setup of pointing DNS to your HAProxy instead of Crossbar, configuring it with the SSL certs, and setting up the backends with your Crossbar instances. Any HAProxy guide should do the trick. Got it. Thanks a ton! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.