Keep internal certs separately deployed

2018-02-28 01:05:47 +05:30 · 2018-02-28 01:05:47 +05:30 · 9575ccae48
parent 08caa8086b
commit 9575ccae48
2 changed files with 14 additions and 3 deletions
--- a/docker/conf/traefik.toml
+++ b/docker/conf/traefik.toml
@ -17,6 +17,10 @@ InsecureSkipVerify = true
  [[entryPoints.https.tls.certificates]]
    certFile = "/etc/traefik/rss.captnemo.in.crt"
    keyFile  = "/etc/traefik/rss.captnemo.in.key"
+  # This contains 2 domains: {emby|airsonic}.bb8.fun
+  [[entryPoints.https.tls.certificates]]
+    certFile = "/etc/traefik/emby.in.bb8.fun.crt"
+    keyFile  = "/etc/traefik/emby.in.bb8.fun.key"

 [docker]
  # Make sure you mount this as readonly
@ -92,10 +96,8 @@ sans = [
  "airsonic.bb8.fun",
  "apps.bb8.fun",
  "cadvisor.bb8.fun",
-  "debug.in.bb8.fun",
  "dns.bb8.fun",
  "emby.bb8.fun",
-  "emby.in.bb8.fun",
  "falcon.bb8.fun",
  "ghost.bb8.fun",
  "grafana.bb8.fun",
@ -108,7 +110,6 @@ sans = [
  "monitoring.bb8.fun",
  "ombi.bb8.fun",
  "pics.bb8.fun",
-  "pics.in.bb8.fun",
  "radarr.bb8.fun",
  "read.bb8.fun",
  "rey.bb8.fun",
--- a/docker/traefik.tf
+++ b/docker/traefik.tf
@ -67,6 +67,16 @@ resource "docker_container" "traefik" {
    file    = "/etc/traefik/rss.captnemo.in.key"
  }

+  upload {
+    content = "${file("/home/nemo/projects/personal/certs/emby.in.bb8.fun/privkey.pem")}"
+    file    = "/etc/traefik/emby.in.bb8.fun.key"
+  }
+
+  upload {
+    content = "${file("/home/nemo/projects/personal/certs/emby.in.bb8.fun/fullchain.pem")}"
+    file    = "/etc/traefik/emby.in.bb8.fun.crt"
+  }
+
  volumes {
    host_path      = "/var/run/docker.sock"
    container_path = "/var/run/docker.sock"