wildcard certs are here!!!
This commit is contained in:
parent
078891a0a9
commit
8e90029a84
|
@ -37,6 +37,14 @@ resource "cloudflare_record" "internet-wildcard" {
|
||||||
ttl = 3600
|
ttl = 3600
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "cloudflare_record" "acme-no-cname-1" {
|
||||||
|
domain = "${var.domain}"
|
||||||
|
name = "_acme-challenge.${var.domain}"
|
||||||
|
type = "A"
|
||||||
|
value = "127.0.0.1"
|
||||||
|
ttl = "300"
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* vpn.bb8.fun
|
* vpn.bb8.fun
|
||||||
* *.vpn.bb8.fun
|
* *.vpn.bb8.fun
|
||||||
|
|
|
@ -85,13 +85,13 @@ acmelogging = true
|
||||||
[acme.httpChallenge]
|
[acme.httpChallenge]
|
||||||
entryPoint = "http"
|
entryPoint = "http"
|
||||||
|
|
||||||
# Keep DNS challenge disabled
|
[acme.dnsChallenge]
|
||||||
# for now
|
provider = "cloudflare"
|
||||||
# [acme.dnsChallenge]
|
delayBeforeCheck = 30
|
||||||
# provider = "cloudflare"
|
|
||||||
# delayBeforeCheck = 5
|
|
||||||
# Get wildcard once possible
|
|
||||||
|
|
||||||
|
# This is a legacy certificate
|
||||||
|
# From when traefik did not support
|
||||||
|
# wildcard certs
|
||||||
[[acme.domains]]
|
[[acme.domains]]
|
||||||
main = "bb8.fun"
|
main = "bb8.fun"
|
||||||
sans = [
|
sans = [
|
||||||
|
@ -126,3 +126,9 @@ sans = [
|
||||||
"wifi.bb8.fun",
|
"wifi.bb8.fun",
|
||||||
"wiki.bb8.fun"
|
"wiki.bb8.fun"
|
||||||
]
|
]
|
||||||
|
# Primary 2 wildcard certs
|
||||||
|
[[acme.domains]]
|
||||||
|
main = "*.bb8.fun"
|
||||||
|
# Internal services are also protected!
|
||||||
|
[[acme.domains]]
|
||||||
|
main = "*.in.bb8.fun"
|
||||||
|
|
|
@ -17,7 +17,7 @@ data "docker_registry_image" "transmission" {
|
||||||
}
|
}
|
||||||
|
|
||||||
data "docker_registry_image" "traefik" {
|
data "docker_registry_image" "traefik" {
|
||||||
name = "traefik:cancoillotte-alpine"
|
name = "traefik:1.6"
|
||||||
}
|
}
|
||||||
|
|
||||||
data "docker_registry_image" "wikijs" {
|
data "docker_registry_image" "wikijs" {
|
||||||
|
|
Loading…
Reference in New Issue