We are running two accounting systems on ruby on rails and sometimes we have to do maintenance tasks which cause downtimes, or just that they are simpler to do with downtimes.
i.a. This week we where migrating our whole suite of lxc containers to a set of SSDs, from HDDs.
accounting systems are accessed over HTTPS at fakturabank.no and snotr.no
We are running a LXD server and have one container specifically for serving the maintenance page, a static html page. Which we are planning to move to another server, so we can keep it up across reboots.
To enable the maintenance page now, we boot up the maintenance container and edit the netplan settings with the ip adresses of the accountingsofware containers, then we turn of the accountingsofware container, and run netplan apply && systemctl nginx restart on the maintenance container.
On the accounting systems we have SSL certificates from letsencrypt, as of now the maintenance container only accepts traffic on HTTP as it does not have any SSL certificate. This leads to that users which are in the system at time we start the maintenance will not be redirected to the maintenance page.
I want to keep it as simple as possible to enable the maintenance mode.
the maintenance page will only show information so i don't see how it would be beneficial for it to be on https.
How can i configure nginx to do this? Is this a dumb idea?
Will my users get the warning that this page is insecure?
Another idea :(
Do i have to add to my procedure to request new shared certificate on the maintenance server whenever i want to use it?
