forked from labring/sealos
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
11 changed files
with
105 additions
and
0 deletions.
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
--- | ||
sidebar_position: 8 | ||
--- | ||
|
||
# Set a Custom Domain Certificate | ||
|
||
Successfully set up a custom domain in "App Launchpad" but cannot access the domain, and it shows the certificate is not | ||
secure. This is because cert-manager did not successfully issue the certificate. To resolve this issue, we can manually | ||
set up the certificate. | ||
|
||
First, make sure you have successfully set up CNAME in your cloud provider and have downloaded the certificate | ||
corresponding to your domain. | ||
|
||
Open "App Launchpad", set a custom domain. | ||
|
||
![](./images/set-cert1.png) | ||
|
||
Open the "Terminal", and execute the following commands in sequence. | ||
|
||
```bash | ||
# Create tls.crt using the certificate file information (replace xxxx with the actual certificate file information). | ||
cat > tls.crt <<EOF | ||
-----BEGIN CERTIFICATE----- | ||
xxxx | ||
-----END CERTIFICATE----- | ||
EOF | ||
|
||
# Create tls.key using the certificate private key information (replace xxxx with the actual private key information). | ||
cat > tls.key <<EOF | ||
-----BEGIN RSA PRIVATE KEY----- | ||
xxxx | ||
-----END RSA PRIVATE KEY----- | ||
EOF | ||
|
||
# Create a secret using tls.crt and tls.key. | ||
kubectl create secret tls network-test --cert tls.crt --key tls.key | ||
|
||
# Check the ingress for the corresponding application. | ||
kubectl get ingress | ||
``` | ||
|
||
![](./images/set-cert2.png) | ||
|
||
Modify the ingress (replace xzy-dev.sealos.run with your own custom domain). | ||
|
||
```bash | ||
kubectl patch ingress network-twvuqmjzckur -p '{"spec":{"tls":[{"hosts":["xzy-dev.sealos.run"],"secretName":"network-test"}]}}' | ||
``` | ||
|
||
![](./images/set-cert3.png) | ||
|
||
Test the effect. | ||
|
||
![](./images/set-cert4.png) |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
--- | ||
sidebar_position: 8 | ||
--- | ||
|
||
# 设置自定义域名证书 | ||
|
||
在「应用管理」中成功设置自定义域名,但是无法访问域名并显示证书不安全。 这是因为 cert-manager 没有成功签发证书。为了解决这个问题,我们可以手动设置证书。 | ||
|
||
首先,确认在云厂商中成功设置 CNAME,并且下载域名对应的证书。 | ||
|
||
打开「应用管理」,设置自定义域名。 | ||
|
||
![](./images/set-cert1.png) | ||
|
||
打开「终端」,依次执行以下命令。 | ||
|
||
```bash | ||
# 用证书文件信息创建 tls.crt(使用证书文件信息替换掉 xxxx) | ||
cat > tls.crt <<EOF | ||
-----BEGIN CERTIFICATE----- | ||
xxxx | ||
-----END CERTIFICATE----- | ||
EOF | ||
|
||
# 用证书私钥信息创建 tls.key(使用证书私钥信息替换掉 xxxx) | ||
cat > tls.key <<EOF | ||
-----BEGIN RSA PRIVATE KEY----- | ||
xxxx | ||
-----END RSA PRIVATE KEY----- | ||
EOF | ||
|
||
# 使用 tls.crt 和 tls.key 创建 secret | ||
kubectl create secret tls network-test --cert tls.crt --key tls.key | ||
|
||
# 查看应用对应的 ingress | ||
kubectl get ingress | ||
``` | ||
|
||
![](./images/set-cert2.png) | ||
|
||
修改 ingress(使用自己的自定义域名替换掉 xzy-dev.sealos.run)。 | ||
|
||
```bash | ||
kubectl patch ingress network-twvuqmjzckur -p '{"spec":{"tls":[{"hosts":["xzy-dev.sealos.run"],"secretName":"network-test"}]}}' | ||
``` | ||
|
||
![](./images/set-cert3.png) | ||
|
||
测试效果。 | ||
|
||
![](./images/set-cert4.png) |