Fix some configuration errors in ingress, make some changes to better facilitate disabling TLS
This commit is contained in:
parent
13149f2cb9
commit
b5057c4064
@ -6,8 +6,9 @@ ingress_container_image: jonasal/nginx-certbot:latest
|
|||||||
ingress_container_name: ingress
|
ingress_container_name: ingress
|
||||||
|
|
||||||
# Secondary container configuration
|
# Secondary container configuration
|
||||||
ingress_container_http_port: "80"
|
ingress_container_ports:
|
||||||
ingress_container_https_port: "443"
|
- 80:80
|
||||||
|
- 443:443
|
||||||
ingress_container_persist_dir: "/data/nginx-certbot"
|
ingress_container_persist_dir: "/data/nginx-certbot"
|
||||||
ingress_container_timezone: America/Chicago
|
ingress_container_timezone: America/Chicago
|
||||||
|
|
||||||
@ -21,6 +22,10 @@ ingress_container_certbot_email: rehashedsalt@cock.li
|
|||||||
|
|
||||||
# General Nginx configuration
|
# General Nginx configuration
|
||||||
ingress_listen_args: "443 ssl"
|
ingress_listen_args: "443 ssl"
|
||||||
|
# This non-obvious setting controls whether directives for certificates will be added to hosts
|
||||||
|
# Set to "no" if you do not plan on terminating TLS at the ingress controller, like when using
|
||||||
|
# a custom container that *doesn't* automatically-provision LE certs
|
||||||
|
ingress_listen_tls: yes
|
||||||
|
|
||||||
# Vhost configuration
|
# Vhost configuration
|
||||||
# ingress_servers:
|
# ingress_servers:
|
||||||
|
@ -16,9 +16,7 @@
|
|||||||
TZ: "{{ ingress_container_timezone }}"
|
TZ: "{{ ingress_container_timezone }}"
|
||||||
CERTBOT_EMAIL: "{{ ingress_container_certbot_email }}"
|
CERTBOT_EMAIL: "{{ ingress_container_certbot_email }}"
|
||||||
networks: "{{ ingress_container_networks }}"
|
networks: "{{ ingress_container_networks }}"
|
||||||
ports:
|
ports: "{{ ingress_container_ports }}"
|
||||||
- "{{ ingress_container_https_port }}:443"
|
|
||||||
- "{{ ingress_container_http_port }}:80"
|
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ ingress_container_persist_dir }}/letsencrypt:/etc/letsencrypt"
|
- "{{ ingress_container_persist_dir }}/letsencrypt:/etc/letsencrypt"
|
||||||
- "{{ ingress_container_persist_dir }}/user_conf.d:/etc/nginx/user_conf.d:ro"
|
- "{{ ingress_container_persist_dir }}/user_conf.d:/etc/nginx/user_conf.d:ro"
|
||||||
|
@ -7,11 +7,13 @@ server {
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
server_name {{ server.name }};
|
server_name {{ server.name }};
|
||||||
|
|
||||||
|
{% if ingress_listen_tls %}
|
||||||
# TLS configuration
|
# TLS configuration
|
||||||
ssl_certificate /etc/letsencrypt/live/{{ ingress_servers[0].name }}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/{{ ingress_servers[0].name }}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/{{ ingress_servers[0].name }}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/{{ ingress_servers[0].name }}/privkey.pem;
|
||||||
ssl_trusted_certificate /etc/letsencrypt/live/{{ ingress_servers[0].name }}/chain.pem;
|
ssl_trusted_certificate /etc/letsencrypt/live/{{ ingress_servers[0].name }}/chain.pem;
|
||||||
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
|
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% if server.directives is defined %}
|
{% if server.directives is defined %}
|
||||||
# Extra directives
|
# Extra directives
|
||||||
|
Loading…
Reference in New Issue
Block a user