Add support for externally-sourced wildcard certificates #45
No reviewers
Labels
No Label
No Milestone
No Assignees
4 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: coop-cloud/traefik#45
Loading…
Reference in New Issue
No description provided.
Delete Branch "wolcen/traefik:master"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
LETS_ENCRYPT_ENV=staging
as the resolver has not been actively disabled here!Looking good, tysm for working on this!
@ -0,0 +9,4 @@
secrets:
ssl_cert:
name: ${STACK_NAME}_ssl_cert_${SECRET_WILDCARD_CERT_VERSION}
${STACK_NAME}_ssl_cert_${SECRET_SSL_CERT_VERSION}
I think you need to make a specific env var for this in the
.env.sample
also?If I understand you correctly, you are asking to have two version vars? I already included SECRET_WILDCARD_CERT_VERSION, used for both as typically both change for me at the same time.
I guess in theory you could reuse the pwd/key, is that correct, or is it just "best practice" to allow a version var per variable, regardless of anything else?
Generally it's env var per secret, yep. So more convention at this point. But if you feel strongly against, please then document and sure just move on 👍
@ -0,0 +12,4 @@
name: ${STACK_NAME}_ssl_cert_${SECRET_WILDCARD_CERT_VERSION}
external: true
ssl_key:
name: ${STACK_NAME}_ssl_key_${SECRET_WILDCARD_CERT_VERSION}
name: ${STACK_NAME}_ssl_key_${SECRET_SSL_KEY_VERSION}
I think you need to make a specific env var for this in the
.env.sample
also?@ -25,7 +25,6 @@ http:
security:
headers:
frameDeny: true
sslRedirect: true
Does this break some expectations?
My understanding is that the already existing:
is the correct method to use/all that is needed. I'm pretty new to traefik still however, so ...🧂
For reference, this is the message I was getting:
level=warning msg="SSLRedirect is deprecated, please use entrypoint redirection instead."
Great stuff, let's drop that and hope 🏄♀️
5e7e16a707
toe3c1df83fa
WIP: Add support for externally-sourced wildcard certificatesto Add support for externally-sourced wildcard certificatesLGTM, looks safe to merge, shall we? Thanks!
If you were asking me: yes, I think it's good. Always nice to get a thumbs up from CI, but I'm guessing that's currently broken (or maybe won't load vars against a PR)?
I've checked on my end too your changes @wolcen and they look good 👍
Indeed it's this ☝️
For "security" reasons, otherwise PRs (which could come from anyone, including people who log in via Gitlab / Github) could exfiltrate secrets, including SSH keys for the test server, and login credentials to publish Gitea packages.