Deploy with Self-Signed Certificates

Deploy a single node cluster with self-signed certificates.

This guide will walk you through every step of deploying a single-node cluster using self-signed certificates. We’ll assume you have a remote server with a reachable IP address (and an optional domain name), and you have a local machine you’d like to use to connect to the cluster.

Prerequisites

Install the Synnax Node binary

This guide assumes you’ve installed the Synnax node binary onto the remote machine, and it’s available in your PATH via the synnax command. For operating system-specific instructions, see the installation guide.

Install the Synnax Console

This guide assumes you’ve installed the Synnax Console on your local machine. You can find the latest release here.

Starting the Node

On the remote machine, start the Synnax node with the following command:

synnax start -l synnax.example.com:9090 --auto-cert --certs-dir=/usr/local/synnax/certs -d /usr/local/synnax/data

This command will start a Synnax node that listens on port 9090, stores its data in the /usr/local/synnax/data directory, and automatically generates self-signed certificates in the /usr/local/synnax/certs directory.

The host name is important, as it will be the reachable domain authorized by the self-signed certificate (the common name). If you have a domain name pointing to the remote machine, you can use that instead of synnax.example.com.

If you don’t have a domain name, don’t use the IP address, as the certificate will not be valid for an IP address. Instead, stick with synnax.example.com or something similar. We’ll configure a local host alias for this domain on the local machine in a later step.

Installing the CA Certificate Locally

In order to connect to the secure cluster, you’ll need to add the CA certificate to the trusted store on your local machine. You’ll need to do this for any machine you want to connect to the cluster from. See the operating system specific instructions below:

Linux

MacOS

Windows

We’ll start off by copying the CA certificate from the remote machine to your local machine. You can do this with the following command:

scp REMOTE_USER@REMOTE_IP:/usr/local/synnax/certs/ca.crt /tmp/synnax-ca.crt

Next, you’ll need to add the CA certificate to your local machine’s trust store. To do this, first move the CA certificate to the linux certificate directory:

sudo cp /tmp/synnax-ca.crt /usr/local/share/ca-certificates/synnax-ca.crt

Then, update the certificate store:

sudo update-ca-certificates

Configuring a Local Host Alias

If you don’t have a domain name pointing to the remote machine, you’ll need to configure an alias on your local machine that maps the IP address of the remote machine to the host name you used when starting the Synnax node. This is necessary because the CA certificate you installed on your local machine will only be valid for the host name you used when generating it.

To do this, follow the operating system specific instructions below:

Linux

MacOS

Windows

You can add an entry to your /etc/hosts file that maps the IP address of the remote machine to the host name you used when starting the Synnax node. You can do this with the following command:

echo "REMOTE_IP synnax.example.com" | sudo tee -a /etc/hosts