6 changed files with 66 additions and 22 deletions
@ -0,0 +1,5 @@
|
||||
## nginx service for getting letsencrypt certificates |
||||
|
||||
### Architecture |
||||
|
||||
* nginx/port 80 serves only the root for letsencrypt |
@ -1,40 +1,50 @@
|
||||
apiVersion: apps/v1 |
||||
kind: Deployment |
||||
metadata: |
||||
name: etherpadlite |
||||
name: tls1 |
||||
spec: |
||||
selector: |
||||
matchLabels: |
||||
app: etherpadsooooolite |
||||
app: tls1 |
||||
replicas: 1 |
||||
template: |
||||
metadata: |
||||
labels: |
||||
app: etherpadsooooolite |
||||
app: tls1 |
||||
spec: |
||||
containers: |
||||
- name: etherpad |
||||
image: etherpad/etherpad:1.8.13 |
||||
- name: nginx-80 |
||||
image: nginx:1.20.0-alpine |
||||
ports: |
||||
- containerPort: 9001 |
||||
- containerPort: 80 |
||||
volumeMounts: |
||||
- name: etherpadconfig |
||||
mountPath: "/opt/etherpad-lite/settings.json" |
||||
subPath: settings.json |
||||
- name: nginx-config-80 |
||||
mountPath: "/etc/nginx/conf.d/" |
||||
- name: nginx-443 |
||||
image: nginx:1.20.0-alpine |
||||
ports: |
||||
- containerPort: 443 |
||||
volumeMounts: |
||||
- name: nginx-config-443 |
||||
mountPath: "/etc/nginx/conf.d/" |
||||
volumes: |
||||
- name: etherpadconfig |
||||
- name: nginx-config-80 |
||||
configMap: |
||||
name: nginx-80-config |
||||
- name: nginx-config-443 |
||||
configMap: |
||||
name: etherpadliteconfig |
||||
name: nginx-443-config |
||||
--- |
||||
apiVersion: v1 |
||||
kind: Service |
||||
metadata: |
||||
name: etherpad |
||||
name: tls1 |
||||
labels: |
||||
app: etherpadsooooolite |
||||
app: tls1 |
||||
spec: |
||||
type: ClusterIP |
||||
ports: |
||||
- port: 9001 |
||||
- port: 80 |
||||
- port: 443 |
||||
selector: |
||||
app: etherpadsooooolite |
||||
app: tls1-nginx |
||||
|
@ -1,10 +1,9 @@
|
||||
configMapGenerator: |
||||
- name: |
||||
- name: nginx-80-config |
||||
files: |
||||
- settings.json=settings.json |
||||
|
||||
commonLabels: |
||||
app: etherpadlite |
||||
customer: xyz |
||||
- default.conf=nginx-80 |
||||
- name: nginx-443-config |
||||
files: |
||||
- default.conf=nginx-443 |
||||
resources: |
||||
- deployment.yaml |
||||
|
@ -0,0 +1,15 @@
|
||||
server { |
||||
listen 443 ssl; |
||||
listen [::]:443 ssl; |
||||
|
||||
server_name tls1.svc.c2.k8s.ooo; |
||||
|
||||
ssl_certificate /etc/letsencrypt/live/tls1.svc.c2.k8s.ooo/fullchain.pem; |
||||
ssl_certificate_key /etc/letsencrypt/live/tls1.svc.c2.k8s.ooo/privkey.pem; |
||||
|
||||
client_max_body_size 256m; |
||||
|
||||
root /usr/share/nginx/html; |
||||
|
||||
autoindex on; |
||||
} |
@ -0,0 +1,16 @@
|
||||
server { |
||||
listen *:80; |
||||
listen [::]:80; |
||||
|
||||
server_name _; |
||||
|
||||
# Forward for certbot |
||||
location /.well-known/acme-challenge/ { |
||||
root /usr/share/nginx/html; |
||||
} |
||||
|
||||
# Everything else -> ssl |
||||
location / { |
||||
return 301 https://$host$request_uri; |
||||
} |
||||
} |
Loading…
Reference in new issue