Fix some configuration errors in ingress, make some changes to better facilitate disabling TLS
This commit is contained in:
parent
13149f2cb9
commit
b5057c4064
@ -6,8 +6,9 @@ ingress_container_image: jonasal/nginx-certbot:latest
|
||||
ingress_container_name: ingress
|
||||
|
||||
# Secondary container configuration
|
||||
ingress_container_http_port: "80"
|
||||
ingress_container_https_port: "443"
|
||||
ingress_container_ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
ingress_container_persist_dir: "/data/nginx-certbot"
|
||||
ingress_container_timezone: America/Chicago
|
||||
|
||||
@ -21,6 +22,10 @@ ingress_container_certbot_email: rehashedsalt@cock.li
|
||||
|
||||
# General Nginx configuration
|
||||
ingress_listen_args: "443 ssl"
|
||||
# This non-obvious setting controls whether directives for certificates will be added to hosts
|
||||
# Set to "no" if you do not plan on terminating TLS at the ingress controller, like when using
|
||||
# a custom container that *doesn't* automatically-provision LE certs
|
||||
ingress_listen_tls: yes
|
||||
|
||||
# Vhost configuration
|
||||
# ingress_servers:
|
||||
|
@ -16,9 +16,7 @@
|
||||
TZ: "{{ ingress_container_timezone }}"
|
||||
CERTBOT_EMAIL: "{{ ingress_container_certbot_email }}"
|
||||
networks: "{{ ingress_container_networks }}"
|
||||
ports:
|
||||
- "{{ ingress_container_https_port }}:443"
|
||||
- "{{ ingress_container_http_port }}:80"
|
||||
ports: "{{ ingress_container_ports }}"
|
||||
volumes:
|
||||
- "{{ ingress_container_persist_dir }}/letsencrypt:/etc/letsencrypt"
|
||||
- "{{ ingress_container_persist_dir }}/user_conf.d:/etc/nginx/user_conf.d:ro"
|
||||
|
@ -7,11 +7,13 @@ server {
|
||||
{% endif %}
|
||||
server_name {{ server.name }};
|
||||
|
||||
{% if ingress_listen_tls %}
|
||||
# TLS configuration
|
||||
ssl_certificate /etc/letsencrypt/live/{{ ingress_servers[0].name }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ ingress_servers[0].name }}/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/{{ ingress_servers[0].name }}/chain.pem;
|
||||
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
|
||||
{% endif %}
|
||||
|
||||
{% if server.directives is defined %}
|
||||
# Extra directives
|
||||
|
Loading…
Reference in New Issue
Block a user