Importing a Hub certificate to Upsource
If your Hub instance is available through HTTPS via a self-signed certificate or a certificate signed by a private CA, you won't be able to connect to Hub because such certificates are not trusted.
Follow this instruction to import a Hub certificate to Upsource and configure the Upsource services running in the cluster to accept it.
Prepare keystore.jks containing Hub certificate
Download your host's certificate from the browser (the instruction is for Google Chrome):
- Open the Hub home page (for instance https://myhub.com)
- Click the lock icon in the address bar to display information about the host.
- Go to the Connections tab and click Certificate information. A dialog with information about the host's certificate will be displayed.
- Go to the Details tab and click the Export... button at the bottom.
- Save the certificate in the "Base64-encoded ASCII, single certificate" format (let's call it myhub.com.cer
Create a new keystore and import the certificate into it. Give it a new password (it must be at least 6 characters) and confirm that you trust the certificate.
keytool -import -trustcacerts -file myhub.com.cer -alias myhub.com -keystore keystore.jks Enter keystore password: <keystore password> Re-enter new password: <keystore password> ... <Certificate info shown here> ... Trust this certificate? [no]: yes Certificate was added to keystore
Go through the following steps for each swarm node
Set volumes for all the services (except haproxy):
analyzer: volumes: - /opt/hub/cert:/opt/upsource-analyzer/conf/cert ... frontend: volumes: - /opt/hub/cert:/opt/upsource-frontend/conf/cert ... psi-broker: volumes: - /opt/hub/cert:/opt/upsource-psi-broker/conf/cert ... opscenter: volumes: - /opt/hub/cert:/opt/upsource-opscenter/conf/cert ... file-clustering: volumes: - /opt/hub/cert:/opt/upsource-file-clustering/conf/cert
cluster-init: volumes: - /opt/hub/cert:/opt/upsource-cluster-init/conf/cert ...
An uncommented volume defines the directory on a swarm node the actual keystore.jks file will be stored in. If you'd like to store it in a swarm node directory other than the default one (/opt/hub/cert), you will have to replace the default value /opt/hub/cert in the uncommented volume definition with the actual directory containing keystore.jks.
HUB_KEYSTORE_PASSWORD=<master password from provided keystore should be set here>