Deploy with Self-Signed Certificates
Deploy a Core with self-signed certificates.
This guide will walk you through every step of deploying a Core using self-signed certificates. We’ll assume you have a remote Core with a reachable IP address (and an optional domain name), and you have a local machine you’d like to use to connect to the Core.
Prerequisites
Install the Synnax Core binary
This guide assumes you’ve installed the Synnax Core binary onto the remote machine, and
it’s available in your PATH via the synnax command. For operating system-specific
instructions, see the installation guide.
Install the Synnax Console
This guide assumes you’ve installed the Synnax Console on your local machine.
Starting the Core
On the remote machine, start the Synnax Core with the following command:
synnax start -l synnax.example.com:9090 --auto-cert --certs-dir=/usr/local/synnax/certs -d /usr/local/synnax/dataThis command will start a Core that listens on port 9090, stores its data in the
/usr/local/synnax/data directory, and automatically generates self-signed certificates
in the /usr/local/synnax/certs directory.
The host name is important, as it will be the reachable domain authorized by the
self-signed certificate (the common name). If you have a domain name pointing to the
remote machine, you can use that instead of synnax.example.com.
If you don’t have a domain name, don’t use the IP address, as the certificate will not
be valid for an IP address. Instead, stick with synnax.example.com or something
similar. We’ll configure a local host alias for this domain on the local machine in a
later step.
Installing the CA Certificate Locally
In order to connect to the secure Core, you’ll need to add the CA certificate to the trusted store on your local machine. You’ll need to do this for any machine you want to connect to the Core from. See the operating system specific instructions below:
We’ll start off by copying the CA certificate from the remote machine to your local machine. You can do this with the following command:
scp REMOTE_USER@REMOTE_IP:/usr/local/synnax/certs/ca.crt /tmp/synnax-ca.crtNext, you’ll need to add the CA certificate to your local machine’s trust store. To do this, first move the CA certificate to the linux certificate directory:
sudo cp /tmp/synnax-ca.crt /usr/local/share/ca-certificates/synnax-ca.crtThen, update the certificate store:
sudo update-ca-certificatesWe’ll start off by copying the CA certificate from the remote machine to your local machine. You can do this with the following command:
scp REMOTE_USER@REMOTE_IP:/usr/local/synnax/certs/ca.crt /tmp/synnax-ca.crtNext, you’ll need to add the CA certificate to your local machine’s trust store. You can do this with the following command:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /tmp/synnax-ca.crtWe’ll start off by copying the CA certificate from the remote machine to your local machine. You can do this with the following command:
scp REMOTE_USER@REMOTE_IP:/usr/local/synnax/certs/ca.crt C:\Users\LOCAL_USER\Downloads\synnax-ca.crtNext, you’ll need to add the CA certificate to your local machine’s trust store. You can do that by running the following PowerShell command:
Import-Certificate -FilePath C:\Users\LOCAL_USER\Downloads\synnax-ca.crt -CertStoreLocation Cert:\LocalMachine\RootConfiguring a Local Host Alias
If you don’t have a domain name pointing to the remote machine, you’ll need to configure an alias on your local machine that maps the IP address of the remote machine to the host name you used when starting the Synnax Core. This is necessary because the CA certificate you installed on your local machine will only be valid for the host name you used when generating it.
To do this, follow the operating system specific instructions below:
You can add an entry to your /etc/hosts file that maps the IP address of the remote
machine to the host name you used when starting the Synnax Core. You can do this with the
following command:
echo "REMOTE_IP synnax.example.com" | sudo tee -a /etc/hostsYou can add an entry to your /etc/hosts file that maps the IP address of the remote
machine to the host name you used when starting the Synnax Core. You can do this with the
following command:
echo "REMOTE_IP synnax.example.com" | sudo tee -a /etc/hostsYou can add an entry to your C:\Windows\System32\drivers\etc\hosts file that maps the
IP address of the remote machine to the host name you used when starting the Synnax Core.
You can do this by opening the file in a text editor with administrator privileges and
adding the following line:
REMOTE_IP synnax.example.com