From 0b2ede603556f4176f64983e4f0edeb82a68b54e Mon Sep 17 00:00:00 2001 From: Lauri Ojansivu Date: Wed, 8 Jul 2020 13:13:18 +0300 Subject: [PATCH] Updated Azure (markdown) --- Azure.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/Azure.md b/Azure.md index de52bef..e1d1a4b 100644 --- a/Azure.md +++ b/Azure.md @@ -36,6 +36,35 @@ At Admin Panel / Settings / Email: - Password: `MAILJET-PASSWORD` - TLS Support: `[_]` (not checked) +If you use Caddy Let's Encrypt SSL for public server, that requires SSL cert validation from multiple not-listed IP addresses of Let's Encrypt, file `/var/snap/wekan/common/Caddyfile` + +``` +boards.example.com.com { + tls { + alpn http/1.1 + } + proxy / localhost:3001 { + websocket + transparent + } +} +``` +If you have private server that should be only accessible from private IP (limited by Azure firewall settings), and need SSL, you can not use Let's Encrypt free SSL that validates public availability from multiple non-disclosed IP addresses. For this purpose, you can get SSL certificate. Here is example of SSL cert from with SSL.com . + +Join certificates together to .pem file, in order of: +1) privatekey of example.com +2) wildcard or one subdomain cert of example.com +3) sub ca +4) root ca +5) trusted network ca +``` +cat example_com.key >> example.com.pem +cat STAR_example_com.crt >> example.com.pem +cat SSL_COM_RSA_SSL_SUBCA.crt >> example.com.pem +cat SSL_COM_ROOT_CERTIFICATION_AUTHORITY_RSA.crt >> example.com.pem +cat CERTUM_TRUSTED_NETWORK_CA.crt >> example.com.pem +``` + ### There are two major steps for configuring Wekan to authenticate to Azure AD via OpenID Connect (OIDC) 1. Register the application with Azure. Make sure you capture the application ID as well as generate a secret key.