Fix some configuration errors in ingress, make some changes to better facilitate disabling TLS

This commit is contained in:
Salt 2021-09-18 07:13:33 -05:00
parent 13149f2cb9
commit b5057c4064
3 changed files with 10 additions and 5 deletions

View File

@ -6,8 +6,9 @@ ingress_container_image: jonasal/nginx-certbot:latest
ingress_container_name: ingress
# Secondary container configuration
ingress_container_http_port: "80"
ingress_container_https_port: "443"
ingress_container_ports:
- 80:80
- 443:443
ingress_container_persist_dir: "/data/nginx-certbot"
ingress_container_timezone: America/Chicago
@ -21,6 +22,10 @@ ingress_container_certbot_email: rehashedsalt@cock.li
# General Nginx configuration
ingress_listen_args: "443 ssl"
# This non-obvious setting controls whether directives for certificates will be added to hosts
# Set to "no" if you do not plan on terminating TLS at the ingress controller, like when using
# a custom container that *doesn't* automatically-provision LE certs
ingress_listen_tls: yes
# Vhost configuration
# ingress_servers:

View File

@ -16,9 +16,7 @@
TZ: "{{ ingress_container_timezone }}"
CERTBOT_EMAIL: "{{ ingress_container_certbot_email }}"
networks: "{{ ingress_container_networks }}"
ports:
- "{{ ingress_container_https_port }}:443"
- "{{ ingress_container_http_port }}:80"
ports: "{{ ingress_container_ports }}"
volumes:
- "{{ ingress_container_persist_dir }}/letsencrypt:/etc/letsencrypt"
- "{{ ingress_container_persist_dir }}/user_conf.d:/etc/nginx/user_conf.d:ro"

View File

@ -7,11 +7,13 @@ server {
{% endif %}
server_name {{ server.name }};
{% if ingress_listen_tls %}
# TLS configuration
ssl_certificate /etc/letsencrypt/live/{{ ingress_servers[0].name }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ ingress_servers[0].name }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ ingress_servers[0].name }}/chain.pem;
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
{% endif %}
{% if server.directives is defined %}
# Extra directives