mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[nginx] Use SAN certificates

Browse source 
Use SAN certificates from k8s LE controller 1.3
This commit is contained in:
Vincent Ambo 2016-09-26 01:23:29 +02:00
parent a02148d832
commit e514f9ecff
No known key found for this signature in database
GPG key ID: 66F505681DB8F43B
4 changed files with 6 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
nginx/conf/http.conf
View file

@ -8,6 +8,7 @@ server {
# Simple IP echo thing
server {
listen 80;
listen 443 ssl http2;
server_name ip.tazj.in;
access_log off;
add_header "Content-Type" "text/plain";
@ -27,9 +28,6 @@ server {
listen 443 ssl http2;
server_name git.tazj.in;
ssl_certificate /etc/nginx/ssl/git.tazj.in/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/git.tazj.in/key.pem;
location / {
proxy_pass http://gogs-priv.default.svc.cluster.local:3000;
}
@ -40,9 +38,6 @@ server {
listen 443 ssl http2;
server_name tazj.in;
ssl_certificate /etc/nginx/ssl/tazj.in/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/tazj.in/key.pem;
location / {
return 301 https://www.tazj.in$request_uri;
}

4
nginx/conf/main.conf
View file

@ -38,8 +38,8 @@ http {
access_log /var/log/nginx/access.log logstash;
# Default tazj.in config (certs need to be overriden for other stuff, like oslo.pub)
ssl_certificate /etc/nginx/ssl/www.tazj.in/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/www.tazj.in/key.pem;
ssl_certificate /etc/nginx/ssl/tazj.in/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/tazj.in/key.pem;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;

3
nginx/nginx-svc.yaml
View file

@ -6,7 +6,8 @@ metadata:
labels:
app: nginx
annotations:
acme/certificate: "tazj.in"
acme/certificate: '["tazj.in", "www.tazj.in", "ip.tazj.in", "git.tazj.in"]'
acme/secretName: tazj.in-tls
spec:
type: LoadBalancer
loadBalancerIP: 104.155.119.229

12
nginx/nginx.yaml
View file

@ -19,10 +19,6 @@ spec:
volumeMounts:
- name: tazj-in-tls
mountPath: /etc/nginx/ssl/tazj.in
- name: www-tazj-in-tls
mountPath: /etc/nginx/ssl/www.tazj.in
- name: git-tazj-in-tls
mountPath: /etc/nginx/ssl/git.tazj.in
- name: nginx-dhparam
mountPath: /etc/nginx/ssl/dhparam
- name: nginx-config
@ -44,13 +40,7 @@ spec:
volumes:
- name: tazj-in-tls
secret:
secretName: tazj-in-tls
- name: www-tazj-in-tls
secret:
secretName: www-tazj-in-tls
- name: git-tazj-in-tls
secret:
secretName: git-tazj-in-tls
secretName: tazj.in-tls
- name: nginx-dhparam
secret:
secretName: nginx-dhparam