Netmaker not generating SSL certificates in etc ne...
# installs
some-manchester-10693
11/28/2022, 1:06 PMNetmaker not generating SSL certificates in etc netmaker folder on dockerless install
some-manchester-10693
11/28/2022, 1:06 PMHey all, I am trying to do a dockerless install on my machine and using Nginx for reverse proxying. I am following the Advanced Installation: Linux Install without Docker. I get stuck at the step where I have to set up mosquitto. It feels like the documentation is not exactly correct. First it was missing the password in the configuration, after that I get stuck on the certificates. It tells me I should copy the certificates from /etc/netmaker but there are no certificates there.
If do not specify the certificates in the Mosquitto configuration, netmaker succesfully connects Mosquitto, but still does not generate any certificates. I have NOT yet set up the UI.
Am I missing a step or is the documentation incomplete? My next step would be to generate my own certificates and put them in the /etc/netmaker folder manually, but it seems like the documentation implies that netmaker should generate it's own certs.
b
bored-island-21407
11/28/2022, 1:11 PMwhat version of netmaker are you running?
s
some-manchester-10693
11/28/2022, 1:22 PM0.16.3
b
bored-island-21407
11/28/2022, 1:25 PM0.16.3 no longer uses certs for mq connections
s
some-manchester-10693
11/28/2022, 1:25 PMOh, so I just run MQ without TLS?
b
bored-island-21407
11/28/2022, 1:26 PMdepends on how you are proxing (or not) mq
s
some-manchester-10693
11/28/2022, 1:29 PMNot doing anything in particular yet. TBH I don't know exactly what mq is used for in Netmaker, I assume it is used as a control channel between the server and clients in which case I'd probably want to encrypt it by using an nginx proxy? Is that assumption correct?
b
bored-island-21407
11/28/2022, 1:30 PMyes, it is the control channel between clients and servers. You probably want to encrypt it using a proxy, although you should know that the mq payloads are separately encrpyted
s
some-manchester-10693
11/28/2022, 1:31 PMOh, so what would be the usecase of encrypting the transport in that case?
some-manchester-10693
11/28/2022, 1:32 PMAlso, how would I instruct the clients to use the proxy? Is that a setting I can alter when setting up a network?
b
bored-island-21407
11/28/2022, 1:33 PMit is defined by the MQ_PORT and MQ_SERVER env (config) vars
bored-island-21407
11/28/2022, 1:34 PMit is defined at server start up and if changed on a subsequent startup, previously connected clients will not be able to connect
s
some-manchester-10693
11/28/2022, 1:34 PMRight, but you can instruct client to pull a new config, right?
b
bored-island-21407
11/28/2022, 1:35 PMyes, for now
s
some-manchester-10693
11/28/2022, 1:35 PMAlright, thank you so much for your help. I think I know enough for now
some-manchester-10693
11/28/2022, 1:36 PMAnd I like your avatar 🐧
17 Views