b103a09a25
- CI: workflows updates (cd, ci), remove playwright.yml - E2E: global-setup, auth/playlists/profile specs - Remove playwright-report and test-results artifacts from tracking - Backend: auth, handlers, services, workers, migrations - Frontend: components, features, vite config - Add e2e-results.json to gitignore - Docs: REMEDIATION_PROGRESS, audit archive - Rust: chat-server, stream-server updates |
||
|---|---|---|
| .. | ||
| README.md | ||
HAProxy SSL Certificates
Never commit private keys (.key) or certificate files (.pem) to git.
This directory holds SSL certificates for HAProxy HTTPS. The files are gitignored.
Generating Certificates Locally
Self-Signed (Development/Staging)
From the repository root:
cd docker/haproxy/certs
openssl req -x509 -nodes -days 365 -newkey rsa:4096 \
-keyout veza.key -out veza.crt -subj "/CN=veza.local"
cat veza.crt veza.key > veza.pem
Or use the project script (creates in config/ssl/ — copy to this dir if needed):
./scripts/generate-ssl-cert.sh veza.local
# Then: cp config/ssl/veza.pem config/ssl/key.pem config/ssl/cert.pem docker/haproxy/certs/
Production (Let's Encrypt)
certbot certonly --standalone -d yourdomain.com
cat /etc/letsencrypt/live/yourdomain.com/fullchain.pem \
/etc/letsencrypt/live/yourdomain.com/privkey.pem > docker/haproxy/certs/veza.pem
Certificate Rotation
If a private key may have been exposed:
- Generate new certificate and key (commands above).
- Replace
veza.pem,veza.key,veza.crtin this directory. - Restart HAProxy.
- Document rotation in
veza-docs/if applicable.