Deploy with Self-Signed Certificates
Deploy a single node cluster with self-signed certificates.
This guide will walk you through every step of deploying a single-node cluster using self-signed certificates. We’ll assume you have a remote server with a reachable IP address (and an optional domain name), and you have a local machine you’d like to use to connect to the cluster.
Prerequisites
Install the Synnax Node binary
This guide assumes you’ve installed the Synnax node binary onto the remote machine, and
it’s available in your PATH via the synnax command. For operating system-specific
instructions, see the installation guide.
Install the Synnax Console
This guide assumes you’ve installed the Synnax Console on your local machine. You can find the latest release here.
Starting the Node
On the remote machine, start the Synnax node with the following command:
synnax start -l synnax.example.com:9090 --auto-cert --certs-dir=/usr/local/synnax/certs -d /usr/local/synnax/data
This command will start a Synnax node that listens on port 9090, stores
its data in the /usr/local/synnax/data directory, and automatically generates self-signed
certificates in the /usr/local/synnax/certs directory.
The host name is important, as it will be the reachable domain authorized by the self-signed
certificate (the common name). If you have a domain name pointing to the remote machine,
you can use that instead of synnax.example.com.
If you don’t have a domain name, don’t use the IP address, as the certificate will not
be valid for an IP address. Instead, stick with synnax.example.com or something similar.
We’ll configure a local host alias for this domain on the local machine in a later step.
Installing the CA Certificate Locally
In order to connect to the secure cluster, you’ll need to add the CA certificate to the trusted store on your local machine. You’ll need to do this for any machine you want to connect to the cluster from. See the operating system specific instructions below:
Linux
MacOS
Windows
We’ll start off by copying the CA certificate from the remote machine to your local machine. You can do this with the following command:
scp REMOTE_USER@REMOTE_IP:/usr/local/synnax/certs/ca.crt /tmp/synnax-ca.crt
Next, you’ll need to add the CA certificate to your local machine’s trust store. To do this, first move the CA certificate to the linux certificate directory:
sudo cp /tmp/synnax-ca.crt /usr/local/share/ca-certificates/synnax-ca.crt
Then, update the certificate store:
sudo update-ca-certificates
We’ll start off by copying the CA certificate from the remote machine to your local machine. You can do this with the following command:
scp REMOTE_USER@REMOTE_IP:/usr/local/synnax/certs/ca.crt /tmp/synnax-ca.crt
Next, you’ll need to add the CA certificate to your local machine’s trust store. You can do this with the following command:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /tmp/synnax-ca.crt
We’ll start off by copying the CA certificate from the remote machine to your local machine. You can do this with the following command:
scp REMOTE_USER@REMOTE_IP:/usr/local/synnax/certs/ca.crt C:\Users\LOCAL_USER\Downloads\synnax-ca.crt
Next, you’ll need to add the CA certificate to your local machine’s trust store. You can do that by running the following PowerShell command:
Import-Certificate -FilePath C:\Users\LOCAL_USER\Downloads\synnax-ca.crt -CertStoreLocation Cert:\LocalMachine\Root
Configuring a Local Host Alias
If you don’t have a domain name pointing to the remote machine, you’ll need to configure an alias on your local machine that maps the IP address of the remote machine to the host name you used when starting the Synnax node. This is necessary because the CA certificate you installed on your local machine will only be valid for the host name you used when generating it.
To do this, follow the operating system specific instructions below:
Linux
MacOS
Windows
You can add an entry to your /etc/hosts file that maps the IP address of the remote
machine to the host name you used when starting the Synnax node. You can do this with the
following command:
echo "REMOTE_IP synnax.example.com" | sudo tee -a /etc/hosts
You can add an entry to your /etc/hosts file that maps the IP address of the remote
machine to the host name you used when starting the Synnax node. You can do this with the
following command:
echo "REMOTE_IP synnax.example.com" | sudo tee -a /etc/hosts
You can add an entry to your C:\Windows\System32\drivers\etc\hosts file that maps the
IP address of the remote machine to the host name you used when starting the Synnax node.
You can do this by opening the file in a text editor with administrator privileges and
adding the following line:
REMOTE_IP synnax.example.com