SSL certificates

Add SSL certificates to your virtual machines.

Overview

Instruqt can automatically generate SSL certificates for VMs using Let's Encrypt. Automatic SSL certificate generation simplifies the process of securing virtual machines within your Instruqt sandbox environments.

Add SSL certificates

You can add an SSL certificate to a VM using the web UI or the Instruqt CLI.

Select a VM in your track's sandbox.
Click Show optional settings.
Select Provision SSL certificate.
Click Save host.

Within a track's config.yml file, add the provision_ssl_certificate flag to a virtualmachine config to enable SSL certificate generation:

config.yml

version: "3"
virtualmachines:
- name: host01
  image: ubuntu-minimal-2004-lts
  shell: /bin/bash
  machine_type: n1-standard-1
  allow_external_ingress:
  - http
  - https
  - high-ports
  provision_ssl_certificate: true

Enable external ingress to port 443 (HTTPS) or high-ports on the VM to make use of the new certificates.

Use SSL certificates

When enabled, Instruqt will provision a certificate for the following domain names:

${hostname}.${_SANDBOX_ID}.instruqt.io
*.${hostname}.${_SANDBOX_ID}.instruqt.io

The certificate is made available via the GCP metadata service for that virtual machine instance. The public key is available under the ssl-certificate attribute, the private key under the ssl-certificate-key attribute. You can download them using a curl statement to the metadata service.

Here is an example of how to retrieve the SSL certificate using curl:

curl -s -o /etc/ssl/certs/sandbox.crt -H "Metadata-Flavor: Google" \
    "http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssl-certificate"

curl -s -o /etc/ssl/private/sandbox.key -H "Metadata-Flavor: Google" \
    "http://metadata.google.internal/computeMetadata/v1/instance/attributes/ssl-certificate-key"

The certificates can retrieved and configured using a track or challenge's setup scripts.

PreviousWebsite service NextCloud accounts

Last updated 1 month ago