Configuring DNS & TLS
Based off the root DNS zone set in EE Site Configuration (for instance, stackblitz.example.com), set the following DNS A records to point at your instance's IP (172.16.4.20 in this example):
A stackblitz.example.com 172.16.4.20
A *.stackblitz.example.com 172.16.4.20TLS
For TLS, your certificate should have stackblitz.example.com as the Common Name (CN), and the following Subject Alternative Name (SAN's):
stackblitz.example.com*.stackblitz.example.com
TLS Certificate Renewal
Having trouble updating your TLS cert in StackBlitz? Follow these instructions:
SSH into your StackBlitz host VM
Retrieve the existing StackBlitz application certificate and key via
kubectl get secret -o jsonpath={.data} stackblitz-tls-secretCreate a new yaml file on the host VM called
new-kotsadm-tls.yamlbased on the template below:yamlapiVersion: v1 kind: Secret type: kubernetes.io/tls metadata: annotations: kots.io/app-slug: stackblitz kots.io/when: "true" labels: kots.io/app-slug: stackblitz kots.io/backup: velero name: kotsadm-tls namespace: default stringData: hostname: <your hosted zone> data: tls.crt: <tls.crt value from step 2> tls.key: <tls.key value from step 2>Replace the
stringData.hostnamefield with your existing stackblitz hosted zone (ex:stackblitz.[COMPANY].com). This DNS name should already be configured properly for your instance.Replace the
data.tls.crtanddata.tls.keywith the values you retrieved in step 2. Be sure to copy these values exactly as single lines without adding additional whitespace.Save
new-kotsadm-tls.yamlBack up the existing self-signed cert via
kubectl get secret -o yaml kotsadm-tls > old-kotsadm-tls.yaml.Delete the old self-signed certificate via
kubectl delete secret kotsadm-tls.Apply the new cert via
kubectl apply -f new-kotsadm-tls.yaml.Visit the dashboard by navigating to the hostname you entered in step 4 on port 8800 (ex:
https://stackblitz.COMPANY.com:8800).