Difference between revisions of "Setting up a new sub-provider"

From regify WIKI
Jump to navigation Jump to search
Line 14: Line 14:
  
 
=== Certificate ===
 
=== Certificate ===
Buy a SSL certificate for the needed sub-provider domain:
+
How to buy a SSL certificate for the needed sub-provider domain:
 
# While setting up the new sub-provider in your appliance menu, a new certificate is generated.
 
# While setting up the new sub-provider in your appliance menu, a new certificate is generated.
 
# You can display the signing request by choosing "Show Cert Request" in appliance menu. Fill in the fields.
 
# You can display the signing request by choosing "Show Cert Request" in appliance menu. Fill in the fields.

Revision as of 14:02, 19 February 2018

Prerequisites and information

IMPORTANT: Before setting up a new sub-provider, please read the generic article about sub-providers: Subprovider

Network

  1. You need a new public IPv4 IP address for a sub-provider.
  2. If the regify provider is directly connected to the internet
    • Enter the public IP to the regify provider appliance
  3. If the regify provider is behind a firewall / NAT router / Loadbalancer
    • The public IP must be configured to route to your regify provider software appliance or load-balancer (depending on your configuration).
    • Internal routing IP address must get added in provider appliance menu.
  4. A new DNS A-record must be made to route your new domain (like sub-provider.company.com) to the new public IP address.
  5. If your provider appliance runs with own MTA settings (one setting for all (sub)provider instances), you also need a reverse DNS entry for email to make it work. Also, SPF records may be needed.

Certificate

How to buy a SSL certificate for the needed sub-provider domain:

  1. While setting up the new sub-provider in your appliance menu, a new certificate is generated.
  2. You can display the signing request by choosing "Show Cert Request" in appliance menu. Fill in the fields.
  3. Copy and use the signing request to order your certificate.
  4. If received, collect the certificate and all intermediate certificates in a text editor.
  5. Import certificate using "Import Cert & Optionally Key" from appliance menu and past text editor content.
  6. Check correct certificate chain here at digicert (maybe only possible after you finished setup).

Setting up the sub-provider

Please ensure that all prerequisites are fulfilled. Now follow these steps:

Setting up in appliance menu

  1. Enter appliance menu and chose "Network..." -> "Add IP" to add the public IP address (if not yet done).
  2. Enter "Provider..." -> "Add sub-provider" option.
  3. Choose the added IP address (internal address if behind firewall, router or load-balancer).
  4. Enter the server name of the new sub-provider and answer all questions asked by the system.
  5. Select "Edit Subprovider..." in the appliance menu and chose the added sub-provider from the menu
  6. Import the SSL certificate using "Import Cert & Optionally key" from the appliance menu (not needed if the load balancer holds the certificates)
  7. If the provider system is running a cross-master replication, ensure that you also configure the other system in the same manner

Setting up in web administration

After setting up the system in the appliance menu (on all systems), you can continue with the setup by using the web administration

  1. Login to the web administration of the main provider as a master admin and select "Manage sub-providers". The new sub-provider should appear in the list of sub-providers
  2. Selecting the new sub-provider in the list of sub-providers allows you to edit the settings in the lower area "Edit provider settings"
  3. Complete the settings of the new sub-provider and finish it by clicking "Save changes"

Admin-Account and Customization

Upon successful sub-provider creation, you need some administrator user for this sub-provider to edit customization:

  1. Let the new admin sign up for a regify account on the new sub-provider.
  2. Activate from the email and note your password.
  3. Login to main(!) provider administration -> "Manage sub-providers" (with existing main(!) provider admin account).
  4. Go "Manage sub-providers".
  5. Select the sub-provider in the list to add the admin user to.
  6. Click on "Manage portal administration roles" in the "Common" tab below.
  7. Enter the new user as "Sub-Provider Admin" (you can user the "..." button to search the user ID).
  8. Log-out from administration.
  9. The new admin now can log-in to https://sub-provider-domain/ADMINISTRATION

ToDo's

Upon the new admin log-in to his web-administration, he will see some ToDo's for sure. Please follow these to make sure that everything is set up correctly. Do not only click on "Done" if it is not really done.