From 26bb2f46141a5c25a83b0fe92561bc891f4bb4db Mon Sep 17 00:00:00 2001 From: tomdds Date: Tue, 26 Nov 2019 17:01:16 -0500 Subject: [PATCH] Use mounted all-in-one cert for nginx ssl Mount the combined key and cert for nginx ssl using flexvol and point the necessary nginx config at it. --- deploy/azure/atst-nginx-configmap.yml | 8 ++++---- deploy/azure/azure.yml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy/azure/atst-nginx-configmap.yml b/deploy/azure/atst-nginx-configmap.yml index b702924c..77de51f9 100644 --- a/deploy/azure/atst-nginx-configmap.yml +++ b/deploy/azure/atst-nginx-configmap.yml @@ -39,8 +39,8 @@ data: # access_log /var/log/nginx/access.log json; listen ${PORT_PREFIX}442 ssl; listen [::]:${PORT_PREFIX}442 ssl ipv6only=on; - ssl_certificate /etc/ssl/private/atat.crt; - ssl_certificate_key /etc/ssl/private/atat.key; + ssl_certificate /etc/ssl/atat.crt; + ssl_certificate_key /etc/ssl/atat.crt; # additional SSL/TLS settings include /etc/nginx/snippets/ssl.conf @@ -72,8 +72,8 @@ data: server_name ${AUTH_DOMAIN}; listen ${PORT_PREFIX}443 ssl; listen [::]:${PORT_PREFIX}443 ssl ipv6only=on; - ssl_certificate /etc/ssl/private/atat.crt; - ssl_certificate_key /etc/ssl/private/atat.key; + ssl_certificate /etc/ssl/atat.crt; + ssl_certificate_key /etc/ssl/atat.crt; # Request and validate client certificate ssl_verify_client on; ssl_verify_depth 10; diff --git a/deploy/azure/azure.yml b/deploy/azure/azure.yml index ddbbfe18..e391fc54 100644 --- a/deploy/azure/azure.yml +++ b/deploy/azure/azure.yml @@ -146,8 +146,8 @@ spec: options: usepodidentity: "true" keyvaultname: "atat-vault-test" - keyvaultobjectnames: "dhparam4096" - keyvaultobjectaliases: "dhparam.pem" + keyvaultobjectnames: "dhparam4096;staging-cert" + keyvaultobjectaliases: "dhparam.pem;atat.crt" keyvaultobjecttypes: secret tenantid: $TENANT_ID ---