Skip to content

Commit a06a089

Browse files
mrnicegyu11kaiser
mrnicegyu11
and
kaiser
authored
πŸ› Fix certificate generation bugs (#249)
* Add CERTIFICATE_FQDN * Fix osparc-public certificate generation j2 magic --------- Co-authored-by: kaiser <[email protected]>
1 parent f6ab951 commit a06a089

File tree

4 files changed

+5
-3
lines changed

4 files changed

+5
-3
lines changed

β€Žservices/traefik/Makefileβ€Ž

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -91,7 +91,7 @@ ${TEMP_COMPOSE}-public: docker-compose.yml docker-compose.public.yml docker-comp
9191
@set -o allexport; \
9292
source .env; \
9393
set +o allexport; \
94-
${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.public.yml > $@
94+
${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.public.yml docker-compose.letsencrypt.dns.yml > $@
9595

9696
.PHONY: ${TEMP_COMPOSE}-master
9797
${TEMP_COMPOSE}-master: docker-compose.yml docker-compose.master.yml docker-compose.letsencrypt.dns.yml .env

β€Žservices/traefik/docker-compose.letsencrypt.dns.yml.j2β€Ž

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,13 @@ services:
77
- traefik.http.routers.api.tls.certresolver=myresolver
88
- traefik.http.middlewares.ops_whitelist_ips.ipwhitelist.sourcerange=${TRAEFIK_IPWHITELIST_SOURCERANGE}
99
# What follows is a tested workaround to ensure letsencrypt certificates for products' domains are generated
10-
{% for j2item in DEPLOYMENT_FQDNS.split(",") + [MACHINE_FQDN] %}
10+
{% for j2item in DEPLOYMENT_FQDNS.split(",") + [MACHINE_FQDN] + CERTIFICATE_GENERATION_FQDNS.split(",") %}
11+
{% if j2item and j2item.replace('@','').replace(' ','').replace('.','').replace('-','').replace('\'','') != "" %}
1112
- traefik.http.routers.{{j2item.replace('@','').replace(' ','').replace('.','').replace('-','').replace('\'','')}}.tls.domains[0].main=service.{{j2item.replace(' ','').replace('\'','')}}
1213
- traefik.http.routers.{{j2item.replace('@','').replace(' ','').replace('.','').replace('-','').replace('\'','')}}.tls.domains[0].sans=*.services.{{j2item.replace(' ','').replace('\'','')}}
1314
- traefik.http.routers.{{j2item.replace('@','').replace(' ','').replace('.','').replace('-','').replace('\'','')}}testing.tls.domains[0].main=service.testing.{{j2item.replace(' ','').replace('\'','')}}
1415
- traefik.http.routers.{{j2item.replace('@','').replace(' ','').replace('.','').replace('-','').replace('\'','')}}testing.tls.domains[0].sans=*.services.testing.{{j2item.replace(' ','').replace('\'','')}}
1516
- traefik.http.routers.{{j2item.replace('@','').replace(' ','').replace('.','').replace('-','').replace('\'','')}}testing.tls.certresolver=myresolver
1617
- traefik.http.routers.{{j2item.replace('@','').replace(' ','').replace('.','').replace('-','').replace('\'','')}}.tls.certresolver=myresolver
18+
{% endif %}
1719
{% endfor %}

β€Žservices/traefik/docker-compose.yml.j2β€Ž

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -121,7 +121,6 @@ services:
121121
# prometheus labels
122122
- prometheus-job=traefik_ops
123123
- prometheus-port=8082
124-
125124
# wildcard certificate
126125
- traefik.http.routers.api.tls.domains[0].main=service.${MACHINE_FQDN}
127126
- traefik.http.routers.api.tls.domains[0].sans=*.services.${MACHINE_FQDN}

β€Žservices/traefik/template.envβ€Ž

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,3 +28,4 @@ S3_ENDPOINT=${S3_ENDPOINT}
2828
OPS_TRAEFIK_REPLICAS=${OPS_TRAEFIK_REPLICAS}
2929
OSPARC_DEVOPS_MAIL_ADRESS=${OSPARC_DEVOPS_MAIL_ADRESS}
3030
DEPLOYMENT_FQDNS='${DEPLOYMENT_FQDNS}'
31+
CERTIFICATE_GENERATION_FQDNS='${CERTIFICATE_GENERATION_FQDNS}'

0 commit comments

Comments
Β (0)