Appearance
Configuring DNS & TLS
Based off the root DNS zone set in EE Site Configuration (for instance, stackblitz.example.com
), set the following DNS A
records to point at your instance's IP (172.16.4.20
in this example):
A stackblitz.example.com 172.16.4.20
A *.stackblitz.example.com 172.16.4.20
A *.preview.stackblitz.example.com 172.16.4.20
TLS
For TLS, your certificate should have stackblitz.example.com
as the Common Name (CN), and the following Subject Alternative Name (SAN's):
stackblitz.example.com
*.stackblitz.example.com
*.preview.stackblitz.example.com
TLS Certificate Renewal
Having trouble renewing your TLS cert? Follow these instructions (extracted from this gist):
- SSH into your StackBlitz host VM
- Retrieve the existing StackBlitz application certificate and key via
kubectl get secret -o jsonpath={.data} stackblitz-tls-secret
- Create a new yaml file on the host VM called new-kotsadm-tls.yaml based on this template.
- Replace the stringData.hostname field with your existing stackblitz hosted zone (ex:
stackblitz.[COMPANY].com
). This DNS name should already be configured properly for your instance. - Replace the data."tls.crt" and data."tls.key" with the values you retrieved in step 2. Be sure to copy these values exactly as single lines without adding additional whitespace.
- Save new-kotsadm-tls.yaml
- Back up the existing self-signed cert via
kubectl get secret -o yaml kotsadm-tls > old-kotsadm-tls.yaml
. - Delete the old self-signed certificate via
kubectl delete secret kotsadm-tls
. - Apply the new cert via
kubectl apply -f new-kotsadm-tls.yaml
. - Visit the dashboard by navigating to the hostname you entered in step 4 on port 8800 (ex:
https://stackblitz.COMPANY.com:8800
).