diff --git a/.env.sample b/.env.sample index 62c6352..c4d3597 100644 --- a/.env.sample +++ b/.env.sample @@ -46,6 +46,17 @@ COMPOSE_FILE="compose.yml" #GANDI_ENABLED=1 #SECRET_GANDIV5_API_KEY_VERSION=v1 +##################################################################### +# Manual wildcard certificate insertion # +##################################################################### +# Set wildcards = 1, and uncomment compose_file to enable. +# Create your certs elsewhere and add them like: +# abra app secrets insert v1 {myapp.example.coop} ssl_cert "$(cat /path/to/fullchain.pem)" +# abra app secrets insert v1 {myapp.example.coop} ssl_key "$(cat /path/to/privkey.pem)" +#WILDCARDS_ENABLED=1 +#SECRET_WILDCARD_CERT_VERSION=v1 +#COMPOSE_FILE="$COMPOSE_FILE:compose.wildcard.yml" + ##################################################################### # Keycloak log-in # ##################################################################### diff --git a/compose.wildcard.yml b/compose.wildcard.yml new file mode 100644 index 0000000..0637680 --- /dev/null +++ b/compose.wildcard.yml @@ -0,0 +1,16 @@ +--- +version: "3.8" + +services: + app: + secrets: + - ssl_cert + - ssl_key + +secrets: + ssl_cert: + name: ${STACK_NAME}_ssl_cert_${SECRET_WILDCARD_CERT_VERSION} + external: true + ssl_key: + name: ${STACK_NAME}_ssl_key_${SECRET_WILDCARD_CERT_VERSION} + external: true \ No newline at end of file diff --git a/file-provider.yml.tmpl b/file-provider.yml.tmpl index a7d3d48..f63bc46 100644 --- a/file-provider.yml.tmpl +++ b/file-provider.yml.tmpl @@ -45,3 +45,8 @@ tls: - CurveP521 - CurveP384 sniStrict: true + {{ if eq (env "WILDCARDS_ENABLED") "1" }} + certificates: + - certFile: /run/secrets/ssl_cert + keyFile: /run/secrets/ssl_key + {{ end }} \ No newline at end of file diff --git a/traefik.yml.tmpl b/traefik.yml.tmpl index b734a8a..0c94743 100644 --- a/traefik.yml.tmpl +++ b/traefik.yml.tmpl @@ -114,4 +114,4 @@ certificatesResolvers: resolvers: - "1.1.1.1:53" - "9.9.9.9:53" - {{ end }} + {{ end }} \ No newline at end of file