Commit bee09293 authored by Dominik Hebeler's avatar Dominik Hebeler
Browse files

switched to custom certificate

parent 2906db0d
...@@ -92,7 +92,6 @@ stop_review: ...@@ -92,7 +92,6 @@ stop_review:
- auto-deploy delete rollout - auto-deploy delete rollout
- auto-deploy persist_environment_url - auto-deploy persist_environment_url
variables: variables:
ADDITIONAL_HOSTS: "www.metager3.de,test.metager.de"
HELM_UPGRADE_VALUES_FILE: .gitlab/development-values.yaml HELM_UPGRADE_VALUES_FILE: .gitlab/development-values.yaml
ROLLOUT_RESOURCE_TYPE: deployment ROLLOUT_RESOURCE_TYPE: deployment
environment: environment:
...@@ -120,7 +119,7 @@ development: ...@@ -120,7 +119,7 @@ development:
production: production:
variables: variables:
ADDITIONAL_HOSTS: "www.metager.de,metager.org,www.metager.org,metager.es,www.metager.es,klassik.metager.org" ADDITIONAL_HOSTS: "metager.org,metager.es"
HELM_UPGRADE_VALUES_FILE: .gitlab/production-values.yaml HELM_UPGRADE_VALUES_FILE: .gitlab/production-values.yaml
ROLLOUT_RESOURCE_TYPE: deployment ROLLOUT_RESOURCE_TYPE: deployment
environment: environment:
......
...@@ -50,8 +50,11 @@ podAnnotations: ...@@ -50,8 +50,11 @@ podAnnotations:
prometheus.io/port: "80" prometheus.io/port: "80"
deploymentApiVersion: apps/v1 deploymentApiVersion: apps/v1
ingress: ingress:
tls:
enabled: true
acme: false
secretName: "metager-tls"
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/client-body-buffer-size: "30m" nginx.ingress.kubernetes.io/client-body-buffer-size: "30m"
nginx.ingress.kubernetes.io/proxy-body-size: "30m" nginx.ingress.kubernetes.io/proxy-body-size: "30m"
nginx.ingress.kubernetes.io/configuration-snippet: | nginx.ingress.kubernetes.io/configuration-snippet: |
...@@ -64,6 +67,3 @@ ingress: ...@@ -64,6 +67,3 @@ ingress:
if ($arg_out = "results-with-style") { if ($arg_out = "results-with-style") {
more_set_headers "X-Frame-Options: allow-from https://scripts.zdv.uni-mainz.de/"; more_set_headers "X-Frame-Options: allow-from https://scripts.zdv.uni-mainz.de/";
} }
if ($host = "www.metager3.de") {
return 301 https://metager3.de$request_uri;
}
...@@ -52,23 +52,9 @@ resources: ...@@ -52,23 +52,9 @@ resources:
ingress: ingress:
tls: tls:
enabled: true enabled: true
custom: acme: false
tls: secretName: "metager-tls"
- hosts:
- metager.de
- www.metager.de
secretName: metager-de-tls
- hosts:
- metager.org
- www.metager.org
- klassik.metager.org
secretName: metager-org-tls
- hosts:
- metager.es
- www.metager.es
secretName: production-auto-deploy-tls
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/client-body-buffer-size: "30m" nginx.ingress.kubernetes.io/client-body-buffer-size: "30m"
nginx.ingress.kubernetes.io/proxy-body-size: "30m" nginx.ingress.kubernetes.io/proxy-body-size: "30m"
nginx.ingress.kubernetes.io/configuration-snippet: | nginx.ingress.kubernetes.io/configuration-snippet: |
...@@ -80,16 +66,4 @@ ingress: ...@@ -80,16 +66,4 @@ ingress:
more_set_headers "Permissions-Policy: interest-cohort=()"; more_set_headers "Permissions-Policy: interest-cohort=()";
if ($arg_out = "results-with-style") { if ($arg_out = "results-with-style") {
more_set_headers "X-Frame-Options: allow-from https://scripts.zdv.uni-mainz.de/"; more_set_headers "X-Frame-Options: allow-from https://scripts.zdv.uni-mainz.de/";
} }
if ($host = "www.metager.de") { \ No newline at end of file
return 301 https://metager.de$request_uri;
}
if ($host = "www.metager.org") {
return 301 https://metager.org$request_uri;
}
if ($host = "www.metager.es") {
return 301 https://metager.es$request_uri;
}
if ($host = "klassik.metager.org") {
return 301 https://metager.de$request_uri;
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment