2018-06-24

How to use Viettel CDN for Website in VietNam

How to use Viettel CDN for Website in VietNam

VIETTEL provided this CDN without any document or direction
A/ Import SSL CERT for domain or subdomain you want to push content to VIETTEL CDN
B/ Config domain or subdomain to CDN
#THE-END
P.S: They seem to use OpenResty for their "CDN". I don't think so this is really CDN like Akamai Technologies, , CloudFlare,...

[x]CDN Services -> Setting -> SSL
1/ SSLNAME: <domain or subdomain>
ex: img.example.com
2/ SSL CERT (.crt): fullchain.pem.crt
3/ SSL KEY (.key): privkey.pem.key
4/ SSL Description: Type what you want
5/ SAVE 


CDN Services -> Web Accelerator -> "Add new WEB CDN"
1/ CDN Name: Domain or subdomain want to push content to VIETTEL CDN
2/ CDN CName: Domain or subdomain want to push content to VIETTEL CDN 
3/ CDN Description: Type what you want
4/ CDN Domain Host:
4.1/ any keyword what you want. ex: abc
4.2/ subdomain auto-generated by VIETTEL CDN. ex: web.4656460e.viettel-cdn.vn
-->This field is CNAME Value on your Domain DNS RECORD. ex:
img -> abc.web.4656460e.viettel-cdn.vn
5/ Cache Popular Resources:
[x] Images (jpg,jpeg,png,gif)
6/ Available Origins: point to IP HOST that contain your static content
7/ SSL Option: 
(x) HTTPS
8/ SSL CERT: ref A.1
9/ CDN Status: 
(x) Active CDN: if you want to ACTIVE this CDN CONTENT
(x) Inactive CDN: If you want to DISABLE this CDN CONTENT

2018-06-22

CONVERT LETSENCRYPT .PEM FILE TO .CRT and .KEY

1/ CONVERT LETSENCRYPT [.PEM] FILE TO [.CRT] and [.KEY]
#/etc/letsencrypt/live/
cert.pem 2,719 2018.06.22 11:51p -a--
chain.pem 1,647 2018.06.22 11:51p -a--
fullchain.pem 4,366 2018.06.22 11:51p -a--
fullchain.pem.crt 4,366 2018.06.22 11:51p -a--
privkey.pem 3,272 2018.06.22 11:51p -a--
privkey.pem.key 3,272 2018.06.22 11:51p -a--
README 968 2018.06.23 12:03a -a--
The are just different “extensions” but are all essentially text files.
+your key file (mysite.com.key) will be privkey.pem
+your cert file (mysite.com.crt) will be cert.pem
+your ca file ( AlphaSSL.crt in your example) will be chain.pem or fullchain.pem ( depending exactly what you need )


2/ LETSENCRYPT TO [.PEM] FILE FOR HAPROXY
2.1/ combined_file="/etc/haproxy/certs/${domain}.pem"
2.2/ cat /etc/letsencrypt/live/$domain/fullchain.pem /etc/letsencrypt/live/$domain/privkey.pem > $combined_file



3/ BONUS
cd /etc/haproxy/certs/
DOMAIN_NAME=mgiay.com
PEM_FILE=$DOMAIN_NAME.pem
CRT_FILE=$DOMAIN_NAME.crt
KEY_FILE=$DOMAIN_NAME.key
openssl x509 -outform der -in $PEM_FILE -out $CRT_FILE

openssl pkey -in $PEM_FILE -out $KEY_FILE


#Convert PEM to PFX:
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt