diff options
author | Baptiste Jonglez <git@bitsofnetworks.org> | 2024-06-08 16:35:35 +0200 |
---|---|---|
committer | Baptiste Jonglez <git@bitsofnetworks.org> | 2024-06-08 16:35:35 +0200 |
commit | cbb0093f2c6a31a0f2ce3ad1e12f2137f2f18c14 (patch) | |
tree | be166c193ae0cb2cc910da99eba209e24238518f /cluster/staging | |
parent | d4fb14347d13a4a5fe92c18b26172ba58bb7e865 (diff) | |
download | nixcfg-cbb0093f2c6a31a0f2ce3ad1e12f2137f2f18c14.tar.gz nixcfg-cbb0093f2c6a31a0f2ce3ad1e12f2137f2f18c14.zip |
staging: garage: Handle *.garage.staging for vhost-style S3 and add on-demand TLS checks
Diffstat (limited to 'cluster/staging')
-rw-r--r-- | cluster/staging/app/garage/config/garage.toml | 1 | ||||
-rw-r--r-- | cluster/staging/app/garage/deploy/garage.hcl | 8 |
2 files changed, 9 insertions, 0 deletions
diff --git a/cluster/staging/app/garage/config/garage.toml b/cluster/staging/app/garage/config/garage.toml index 6c92bf3..01eb237 100644 --- a/cluster/staging/app/garage/config/garage.toml +++ b/cluster/staging/app/garage/config/garage.toml @@ -25,6 +25,7 @@ tls_skip_verify = true [s3_api] s3_region = "garage-staging" api_bind_addr = "0.0.0.0:3990" +root_domain = ".garage.staging.deuxfleurs.org" [k2v_api] api_bind_addr = "0.0.0.0:3993" diff --git a/cluster/staging/app/garage/deploy/garage.hcl b/cluster/staging/app/garage/deploy/garage.hcl index 67655e4..7a7b44b 100644 --- a/cluster/staging/app/garage/deploy/garage.hcl +++ b/cluster/staging/app/garage/deploy/garage.hcl @@ -84,7 +84,9 @@ job "garage-staging" { tags = [ "garage-staging-api", "tricot garage.staging.deuxfleurs.org", + "tricot *.garage.staging.deuxfleurs.org", "tricot-add-header Access-Control-Allow-Origin *", + "tricot-on-demand-tls-ask http://garage-staging-admin.service.staging.consul:3909/check", "tricot-site-lb", ] port = "s3" @@ -119,10 +121,16 @@ job "garage-staging" { name = "garage-staging-web" tags = [ "garage-staging-web", + "tricot * 1", "tricot *.web.staging.deuxfleurs.org", "tricot staging.deuxfleurs.org", "tricot matrix.home.adnab.me/.well-known/matrix/server", + "tricot-add-header Strict-Transport-Security max-age=63072000; includeSubDomains; preload", + "tricot-add-header X-Frame-Options SAMEORIGIN", + "tricot-add-header X-XSS-Protection 1; mode=block", + "tricot-add-header X-Content-Type-Options nosniff", "tricot-add-header Access-Control-Allow-Origin *", + "tricot-on-demand-tls-ask http://garage-staging-admin.service.staging.consul:3909/check", "tricot-site-lb", ] port = "web" |