Assumptions/Prerequisites for this article:
- You're running HEAVY.AI v6.0+ via docker container
- Your operating system is Ubuntu 18.04
- You have a valid public DNS configuration pointing to this server. EG, the server is accessible currently via http://somedomain.tld:6273 (assuming Immerse is running on 6273)
- Your container has security group settings that, for the purpose of running the steps in this article ONLY, has port 80 opened.
Setting up Certbot
First, let's make sure certbot is not already installed:
Expected: Returns nothing.
Now, let's install/configure snap package manager to be able to install certbot.
sudo snap install core; sudo snap refresh core
and, let's install certbot:
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo snap set certbot trust-plugin-with-root=o
Request a certificate
Now, double check in your firewall/cloud provider settings that you have port 80 open to public traffic. This is only required for this next step and can be removed once complete. If you're ready, proceed with this command and answer the subsequent step by step instructions in the terminal.
sudo certbot certonly --standalone
If completed successfully, you should now have certificates in /etc/letsencrypt/live/yourdomain.tld/
Configure Docker & HEAVY.AI
Add this volume mapping to the container(s) running HEAVY.AI components: /etc/letsencrypt:/var/lib/heavyai/certificates
(TODO: Add more detailed instructions)
Edit your heavy.conf file, adding these lines in the [web] section, replacing example.sandbox.heavy.ai with your domain.
cert = "/var/lib/heavyai/certificates/live/example.sandbox.heavy.ai/fullchain.pem"
key = "/var/lib/heavyai/certificates/live/example.sandbox.heavy.ai/privkey.pem"
Restart containers. Enjoy certificates!