senke/veza

senke b103a09a25 chore: consolidate CI, E2E, backend and frontend updates

- CI: workflows updates (cd, ci), remove playwright.yml
- E2E: global-setup, auth/playlists/profile specs
- Remove playwright-report and test-results artifacts from tracking
- Backend: auth, handlers, services, workers, migrations
- Frontend: components, features, vite config
- Add e2e-results.json to gitignore
- Docs: REMEDIATION_PROGRESS, audit archive
- Rust: chat-server, stream-server updates

2026-02-17 16:43:21 +01:00

1.2 KiB

Raw Blame History

HAProxy SSL Certificates

Never commit private keys (.key) or certificate files (.pem) to git.

This directory holds SSL certificates for HAProxy HTTPS. The files are gitignored.

Generating Certificates Locally

Self-Signed (Development/Staging)

From the repository root:

cd docker/haproxy/certs
openssl req -x509 -nodes -days 365 -newkey rsa:4096 \
  -keyout veza.key -out veza.crt -subj "/CN=veza.local"
cat veza.crt veza.key > veza.pem

Or use the project script (creates in config/ssl/ — copy to this dir if needed):

./scripts/generate-ssl-cert.sh veza.local
# Then: cp config/ssl/veza.pem config/ssl/key.pem config/ssl/cert.pem docker/haproxy/certs/

Production (Let's Encrypt)

certbot certonly --standalone -d yourdomain.com
cat /etc/letsencrypt/live/yourdomain.com/fullchain.pem \
    /etc/letsencrypt/live/yourdomain.com/privkey.pem > docker/haproxy/certs/veza.pem

Certificate Rotation

If a private key may have been exposed:

Generate new certificate and key (commands above).
Replace veza.pem, veza.key, veza.crt in this directory.
Restart HAProxy.
Document rotation in veza-docs/ if applicable.

1.2 KiB Raw Blame History