Use mounted all-in-one cert for nginx ssl
Mount the combined key and cert for nginx ssl using flexvol and point the necessary nginx config at it.
This commit is contained in:
parent
9b8d5e3662
commit
26bb2f4614
@ -39,8 +39,8 @@ data:
|
||||
# access_log /var/log/nginx/access.log json;
|
||||
listen ${PORT_PREFIX}442 ssl;
|
||||
listen [::]:${PORT_PREFIX}442 ssl ipv6only=on;
|
||||
ssl_certificate /etc/ssl/private/atat.crt;
|
||||
ssl_certificate_key /etc/ssl/private/atat.key;
|
||||
ssl_certificate /etc/ssl/atat.crt;
|
||||
ssl_certificate_key /etc/ssl/atat.crt;
|
||||
# additional SSL/TLS settings
|
||||
include /etc/nginx/snippets/ssl.conf
|
||||
|
||||
@ -72,8 +72,8 @@ data:
|
||||
server_name ${AUTH_DOMAIN};
|
||||
listen ${PORT_PREFIX}443 ssl;
|
||||
listen [::]:${PORT_PREFIX}443 ssl ipv6only=on;
|
||||
ssl_certificate /etc/ssl/private/atat.crt;
|
||||
ssl_certificate_key /etc/ssl/private/atat.key;
|
||||
ssl_certificate /etc/ssl/atat.crt;
|
||||
ssl_certificate_key /etc/ssl/atat.crt;
|
||||
# Request and validate client certificate
|
||||
ssl_verify_client on;
|
||||
ssl_verify_depth 10;
|
||||
|
@ -146,8 +146,8 @@ spec:
|
||||
options:
|
||||
usepodidentity: "true"
|
||||
keyvaultname: "atat-vault-test"
|
||||
keyvaultobjectnames: "dhparam4096"
|
||||
keyvaultobjectaliases: "dhparam.pem"
|
||||
keyvaultobjectnames: "dhparam4096;staging-cert"
|
||||
keyvaultobjectaliases: "dhparam.pem;atat.crt"
|
||||
keyvaultobjecttypes: secret
|
||||
tenantid: $TENANT_ID
|
||||
---
|
||||
|
Loading…
x
Reference in New Issue
Block a user