Browse Source

[nginx/app/tls] ++update

master
Nico Schottelius 1 year ago
parent
commit
cda1990935
  1. 5
      apps/nginx-certbot/README.md
  2. 40
      apps/nginx-certbot/base/deployment.yaml
  3. 11
      apps/nginx-certbot/base/kustomization.yaml
  4. 15
      apps/nginx-certbot/base/nginx-443
  5. 16
      apps/nginx-certbot/base/nginx-80
  6. 1
      generic/nginx-deployment-url

5
apps/nginx-certbot/README.md

@ -0,0 +1,5 @@
## nginx service for getting letsencrypt certificates
### Architecture
* nginx/port 80 serves only the root for letsencrypt

40
apps/nginx-certbot/base/deployment.yaml

@ -1,40 +1,50 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: etherpadlite
name: tls1
spec:
selector:
matchLabels:
app: etherpadsooooolite
app: tls1
replicas: 1
template:
metadata:
labels:
app: etherpadsooooolite
app: tls1
spec:
containers:
- name: etherpad
image: etherpad/etherpad:1.8.13
- name: nginx-80
image: nginx:1.20.0-alpine
ports:
- containerPort: 9001
- containerPort: 80
volumeMounts:
- name: etherpadconfig
mountPath: "/opt/etherpad-lite/settings.json"
subPath: settings.json
- name: nginx-config-80
mountPath: "/etc/nginx/conf.d/"
- name: nginx-443
image: nginx:1.20.0-alpine
ports:
- containerPort: 443
volumeMounts:
- name: nginx-config-443
mountPath: "/etc/nginx/conf.d/"
volumes:
- name: etherpadconfig
- name: nginx-config-80
configMap:
name: nginx-80-config
- name: nginx-config-443
configMap:
name: etherpadliteconfig
name: nginx-443-config
---
apiVersion: v1
kind: Service
metadata:
name: etherpad
name: tls1
labels:
app: etherpadsooooolite
app: tls1
spec:
type: ClusterIP
ports:
- port: 9001
- port: 80
- port: 443
selector:
app: etherpadsooooolite
app: tls1-nginx

11
apps/nginx-certbot/base/kustomization.yaml

@ -1,10 +1,9 @@
configMapGenerator:
- name:
- name: nginx-80-config
files:
- settings.json=settings.json
commonLabels:
app: etherpadlite
customer: xyz
- default.conf=nginx-80
- name: nginx-443-config
files:
- default.conf=nginx-443
resources:
- deployment.yaml

15
apps/nginx-certbot/base/nginx-443

@ -0,0 +1,15 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name tls1.svc.c2.k8s.ooo;
ssl_certificate /etc/letsencrypt/live/tls1.svc.c2.k8s.ooo/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/tls1.svc.c2.k8s.ooo/privkey.pem;
client_max_body_size 256m;
root /usr/share/nginx/html;
autoindex on;
}

16
apps/nginx-certbot/base/nginx-80

@ -0,0 +1,16 @@
server {
listen *:80;
listen [::]:80;
server_name _;
# Forward for certbot
location /.well-known/acme-challenge/ {
root /usr/share/nginx/html;
}
# Everything else -> ssl
location / {
return 301 https://$host$request_uri;
}
}

1
generic/nginx-deployment-url

@ -1 +0,0 @@
kubectl apply -f https://k8s.io/examples/application/deployment.yaml
Loading…
Cancel
Save