diff options
| author | Elizabeth <elizabeth@simponic.xyz> | 2024-04-11 15:34:03 -0600 |
|---|---|---|
| committer | Elizabeth <elizabeth@simponic.xyz> | 2024-04-11 15:34:03 -0600 |
| commit | db88a4a8cc41ff604a112bda803f50b21865e3aa (patch) | |
| tree | 9aebbba40e6d7a25ebba9f0f30362f1f0ee70947 | |
| parent | 27b3e1b24b3b816ecdbedf75759951fcc65ad84c (diff) | |
| download | proxy-db88a4a8cc41ff604a112bda803f50b21865e3aa.tar.gz proxy-db88a4a8cc41ff604a112bda803f50b21865e3aa.zip | |
traefik!
| -rw-r--r-- | dynamic.yml | 38 | ||||
| -rwxr-xr-x | plugin.sh | 18 | ||||
| -rw-r--r-- | traefik.yml | 13 |
3 files changed, 35 insertions, 34 deletions
diff --git a/dynamic.yml b/dynamic.yml index 27aeec3..c54cfd9 100644 --- a/dynamic.yml +++ b/dynamic.yml @@ -1,39 +1,19 @@ http: routers: - dashboard: - rule: "Host(`traefik.armin.internal.simponic.xyz`)" + dev: + rule: "Host(`dev.rl.internal.simponic.xyz`)" service: "noop@internal" entryPoints: - "http" middlewares: - "secured-redirect" - dashboard-secured: + dev-secured: entryPoints: - "https" - rule: "Host(`traefik.armin.internal.simponic.xyz`)" - service: "api@internal" + rule: "Host(`dev.rl.internal.simponic.xyz`)" + service: "local" tls: - certResolver: "local" - domains: - - main: "traefik.armin.internal.simponic.xyz" - - karan: - rule: "Host(`dev.armin.internal.simponic.xyz`)" - service: "noop@internal" - entryPoints: - - "http" - middlewares: - - "secured-redirect" - karan-secured: - entryPoints: - - "https" - rule: "Host(`dev.armin.internal.simponic.xyz`)" - service: "example-service" - tls: - certResolver: "local" - options: acmeClient - domains: - - main: "dev.armin.internal.simponic.xyz" + certResolver: stepca middlewares: secured-redirect: @@ -42,7 +22,7 @@ http: permanent: true services: - example-service: + local: loadBalancer: passHostHeader: true servers: @@ -53,9 +33,9 @@ tls: acmeClient: clientAuth: caFiles: - - /Users/lizzy/armin/roots.pem + - /home/lizzy/proxy/roots.pem clientAuthType: RequireAndVerifyClientCert log: - filePath: log-file.log # relative to current location, will be created + filePath: log-file.log level: DEBUG diff --git a/plugin.sh b/plugin.sh new file mode 100755 index 0000000..ae234b9 --- /dev/null +++ b/plugin.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +unset REQUESTS_CA_BUNDLE + +API_KEY_FILE=/home/lizzy/git/hc-cert-dns/apikey.secret +ENDPOINT=https://hatecomputers.club +PUBLIC_SUFFIXES=.hatecomputers.club + +CERTBOT_DOMAIN=$(echo $2 | sed 's/^_acme-challenge\.//') +CERTBOT_VALIDATION=$3 + +/home/lizzy/git/hc-cert-dns/main.py --certbot \ + --public-suffixes=$PUBLIC_SUFFIXES \ + --certbot-domain=$CERTBOT_DOMAIN \ + --certbot-validation=$CERTBOT_VALIDATION \ + --endpoint=$ENDPOINT \ + --api-key-file=$API_KEY_FILE \ + --dns-propogate-time=5 diff --git a/traefik.yml b/traefik.yml index 2ee3550..9dd7b8a 100644 --- a/traefik.yml +++ b/traefik.yml @@ -16,13 +16,16 @@ log: level: DEBUG providers: file: - filename: /Users/lizzy/armin/dynamic.yml + filename: /home/lizzy/proxy/dynamic.yml serversTransport: insecureSkipVerify: true certificatesResolvers: - local: + stepca: acme: + certificatesDuration: 12 caserver: https://ca.internal.simponic.xyz/acme/ACME/directory - storage: /Users/lizzy/armin/acme.json - httpChallenge: - entryPoint: http + storage: /home/lizzy/proxy/acme.json + email: elizabeth@simponic.xyz + dnsChallenge: + provider: "exec" + disablePropagationCheck: true |