Add support for externally-sourced wildcard certificates #45
11
.env.sample
11
.env.sample
|
@ -46,6 +46,17 @@ COMPOSE_FILE="compose.yml"
|
|||
#GANDI_ENABLED=1
|
||||
#SECRET_GANDIV5_API_KEY_VERSION=v1
|
||||
|
||||
#####################################################################
|
||||
# Manual wildcard certificate insertion #
|
||||
#####################################################################
|
||||
# Set wildcards = 1, and uncomment compose_file to enable.
|
||||
# Create your certs elsewhere and add them like:
|
||||
# abra app secrets insert v1 {myapp.example.coop} ssl_cert "$(cat /path/to/fullchain.pem)"
|
||||
# abra app secrets insert v1 {myapp.example.coop} ssl_key "$(cat /path/to/privkey.pem)"
|
||||
#WILDCARDS_ENABLED=1
|
||||
#SECRET_WILDCARD_CERT_VERSION=v1
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.wildcard.yml"
|
||||
|
||||
#####################################################################
|
||||
# Keycloak log-in #
|
||||
#####################################################################
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
secrets:
|
||||
- ssl_cert
|
||||
- ssl_key
|
||||
|
||||
secrets:
|
||||
ssl_cert:
|
||||
name: ${STACK_NAME}_ssl_cert_${SECRET_WILDCARD_CERT_VERSION}
|
||||
decentral1se marked this conversation as resolved
Outdated
|
||||
external: true
|
||||
ssl_key:
|
||||
name: ${STACK_NAME}_ssl_key_${SECRET_WILDCARD_CERT_VERSION}
|
||||
decentral1se marked this conversation as resolved
Outdated
decentral1se
commented
I think you need to make a specific env var for this in the `name: ${STACK_NAME}_ssl_key_${SECRET_SSL_KEY_VERSION}`
I think you need to make a specific env var for this in the `.env.sample` also?
|
||||
external: true
|
|
@ -45,3 +45,8 @@ tls:
|
|||
- CurveP521
|
||||
- CurveP384
|
||||
sniStrict: true
|
||||
{{ if eq (env "WILDCARDS_ENABLED") "1" }}
|
||||
certificates:
|
||||
- certFile: /run/secrets/ssl_cert
|
||||
keyFile: /run/secrets/ssl_key
|
||||
{{ end }}
|
|
@ -114,4 +114,4 @@ certificatesResolvers:
|
|||
resolvers:
|
||||
- "1.1.1.1:53"
|
||||
- "9.9.9.9:53"
|
||||
{{ end }}
|
||||
{{ end }}
|
Loading…
Reference in New Issue
${STACK_NAME}_ssl_cert_${SECRET_SSL_CERT_VERSION}
I think you need to make a specific env var for this in the
.env.sample
also?If I understand you correctly, you are asking to have two version vars? I already included SECRET_WILDCARD_CERT_VERSION, used for both as typically both change for me at the same time.
I guess in theory you could reuse the pwd/key, is that correct, or is it just "best practice" to allow a version var per variable, regardless of anything else?
Generally it's env var per secret, yep. So more convention at this point. But if you feel strongly against, please then document and sure just move on 👍