feat: add support for wildcard certs via secrets
This commit is contained in:
parent
5f2fd0bf37
commit
3c5333ba71
11
.env.sample
11
.env.sample
|
@ -46,6 +46,17 @@ COMPOSE_FILE="compose.yml"
|
|||
#GANDI_ENABLED=1
|
||||
#SECRET_GANDIV5_API_KEY_VERSION=v1
|
||||
|
||||
#####################################################################
|
||||
# Manual wildcard certificate insertion #
|
||||
#####################################################################
|
||||
# Set wildcards = 1, and uncomment compose_file to enable.
|
||||
# Create your certs elsewhere and add them like:
|
||||
# abra app secrets insert v1 {myapp.example.coop} ssl_cert "$(cat /path/to/fullchain.pem)"
|
||||
# abra app secrets insert v1 {myapp.example.coop} ssl_key "$(cat /path/to/privkey.pem)"
|
||||
#WILDCARDS_ENABLED=1
|
||||
#SECRET_WILDCARD_CERT_VERSION=v1
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.wildcard.yml"
|
||||
|
||||
#####################################################################
|
||||
# Keycloak log-in #
|
||||
#####################################################################
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
secrets:
|
||||
- ssl_cert
|
||||
- ssl_key
|
||||
|
||||
secrets:
|
||||
ssl_cert:
|
||||
name: ${STACK_NAME}_ssl_cert_${SECRET_WILDCARD_CERT_VERSION}
|
||||
external: true
|
||||
ssl_key:
|
||||
name: ${STACK_NAME}_ssl_key_${SECRET_WILDCARD_CERT_VERSION}
|
||||
external: true
|
|
@ -45,3 +45,8 @@ tls:
|
|||
- CurveP521
|
||||
- CurveP384
|
||||
sniStrict: true
|
||||
{{ if eq (env "WILDCARDS_ENABLED") "1" }}
|
||||
certificates:
|
||||
- certFile: /run/secrets/ssl_cert
|
||||
keyFile: /run/secrets/ssl_key
|
||||
{{ end }}
|
|
@ -114,4 +114,4 @@ certificatesResolvers:
|
|||
resolvers:
|
||||
- "1.1.1.1:53"
|
||||
- "9.9.9.9:53"
|
||||
{{ end }}
|
||||
{{ end }}
|
Loading…
Reference in New Issue