switch to wildcard certs

This commit is contained in:
Emelie 2021-09-23 09:08:09 +02:00
parent 5c7c56e598
commit 3ed18d33fc
Signed by: emelie
GPG key ID: 49D33365A7E22D12
3 changed files with 6 additions and 21 deletions

View file

@ -5,25 +5,10 @@
acceptTerms = true;
email = "admin+certs@graven.dev";
certs."graven.dev" = {
extraDomainNames = "*.graven.dev";
dnsProvider = "hurricane";
credentialsFile = config.secrets.files.acme_graven_dev.file;
};
certs."turn.graven.dev" = {
dnsProvider = "hurricane";
credentialsFile = config.secrets.files.acme_turn_graven_dev.file;
};
certs."rss.graven.dev" = {
dnsProvider = "hurricane";
credentialsFile = config.secrets.files.acme_rss_graven_dev.file;
};
certs."git.graven.dev" = {
dnsProvider = "hurricane";
credentialsFile = config.secrets.files.acme_git_graven_dev.file;
};
certs."vault.graven.dev" = {
dnsProvider = "hurricane";
credentialsFile = config.secrets.files.acme_vault_graven_dev.file;
};
};
}

View file

@ -17,8 +17,8 @@
no-multicast-peers
";
secure-stun = true;
cert = "/var/lib/acme/turn.graven.dev/fullchain.pem";
pkey = "/var/lib/acme/turn.graven.dev/key.pem";
cert = "/var/lib/acme/graven.dev/fullchain.pem";
pkey = "/var/lib/acme/graven.dev/key.pem";
min-port = 49152;
max-port = 49999;
};

View file

@ -60,17 +60,17 @@
};
};
"rss.graven.dev" = {
useACMEHost = "rss.graven.dev";
useACMEHost = "graven.dev";
forceSSL = true;
};
"git.graven.dev" = {
useACMEHost = "git.graven.dev";
useACMEHost = "graven.dev";
forceSSL = true;
locations."/".proxyPass = "http://unix:/run/gitea/gitea.sock:";
};
"vault.graven.dev" = {
forceSSL = true;
useACMEHost = "vault.graven.dev";
useACMEHost = "graven.dev";
locations."/" = {
proxyPass = "http://localhost:8812";
proxyWebsockets = true;