-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Standardize ACME instruction details
Backports #9556 * Standardize ACME instruction details Our Getting Started guides often include instructions for configuring Let's Encrypt and ACME before starting Teleport, but not all of these instructions have the same level of detail, and some are missing some context around how Teleport uses ACME and why you need to open port 443 on your Proxy Service host. This change adds an include that spells out these instructions and invokes the include in the appropriate guides. The intention was to include as much relevant information within the guides themselves to prevent the reader from having to navigate to other pages. Closes #6448 * Respond to PR feedback - Substitute "proxy" for "node" where it was incorrectly used - Some small stylistic fixes - Clarify that "teleport configure" does not write the config itself
Showing
7 changed files
with
99 additions
and
78 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
Let's Encrypt verifies that you control the domain name of your Teleport deployment by communicating with the HTTPS server listening on port 443 of your Teleport Proxy Service. | ||
|
||
You can configure the Teleport Proxy service to complete the Let's Encrypt verification process when it starts up. | ||
|
||
Run the following `teleport configure` command, where `tele.example.com` is the domain name of your Teleport cluster and `user@example.com` is an email address used for notifications (you can use any domain): | ||
|
||
```code | ||
teleport configure --acme --acme-email=user@example.com --cluster-name=tele.example.com > /etc/teleport.yaml | ||
``` | ||
|
||
The `--acme`, `--acme-email`, and `--cluster-name` flags will add the following settings to your Teleport configuration file: | ||
|
||
```yaml | ||
proxy_service: | ||
enabled: "yes" | ||
web_listen_addr: :443 | ||
public_addr: tele.example.com:443 | ||
acme: | ||
enabled: "yes" | ||
email: user@example.com | ||
``` | ||
Port 443 on your Teleport Proxy Service host must allow traffic from all sources. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters