From 4cdaba46924e1e48e66ae0f49e8117cc565cfaa7 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Mon, 18 Oct 2021 21:59:10 +0100 Subject: [PATCH] Swap certificates for wildcards --- ansible/roles/pages/files/docker-compose.yml | 1 - ansible/roles/plausible/files/docker-compose.yml | 2 -- ansible/roles/privatebin/files/docker-compose.yml | 1 - .../roles/pve_docker/files/calibre/docker-compose.yml | 1 - .../roles/pve_docker/files/librespeed/docker-compose.yml | 1 - .../roles/pve_docker/files/nextcloud/docker-compose.yml | 1 - .../roles/pve_docker/files/synapse/docker-compose.yml | 2 -- ansible/roles/pve_docker/files/tt-rss/docker-compose.yml | 1 - .../roles/pve_docker/files/wallabag/docker-compose.yml | 1 - ansible/roles/pve_docker/files/whoami/docker-compose.yml | 1 - ansible/roles/traefik/files/file-provider-gitlab.yml | 2 -- ansible/roles/traefik/files/file-provider-grafana.yml | 2 -- .../roles/traefik/files/file-provider-homeassistant.yml | 2 -- ansible/roles/traefik/files/file-provider-jellyfin.yml | 2 -- ansible/roles/traefik/files/traefik.yml | 9 +++++++++ ansible/roles/upload/files/docker-compose.yml | 4 ---- ansible/roles/uptime_kuma/files/docker-compose.yml | 1 - ansible/roles/vaultwarden/files/docker-compose.yml | 2 -- ansible/roles/yourls/files/docker-compose.yml | 1 - 19 files changed, 9 insertions(+), 28 deletions(-) diff --git a/ansible/roles/pages/files/docker-compose.yml b/ansible/roles/pages/files/docker-compose.yml index e484f30..b020d97 100644 --- a/ansible/roles/pages/files/docker-compose.yml +++ b/ansible/roles/pages/files/docker-compose.yml @@ -12,7 +12,6 @@ services: labels: - traefik.enable=true - traefik.http.routers.pages.rule=Host(`pages.theorangeone.net`) - - traefik.http.routers.pages.tls.certresolver=le traefik-pages: image: ghcr.io/realorangeone/traefik-pages:latest diff --git a/ansible/roles/plausible/files/docker-compose.yml b/ansible/roles/plausible/files/docker-compose.yml index 6351f65..fd552cb 100644 --- a/ansible/roles/plausible/files/docker-compose.yml +++ b/ansible/roles/plausible/files/docker-compose.yml @@ -12,10 +12,8 @@ services: - traefik.enable=true - traefik.http.routers.plausible.rule=Host(`plausible.theorangeone.net`) - traefik.http.services.plausible-plausible.loadbalancer.server.port=8000 # https://github.com/plausible/analytics/pull/237 - - traefik.http.routers.plausible.tls.certresolver=le - traefik.http.routers.plausible-bare.rule=Host(`elbisualp.theorangeone.net`) - - traefik.http.routers.plausible-bare.tls.certresolver=le - traefik.http.routers.plausible-bare.service=plausible-plausible # https://github.com/plausible/analytics/pull/340 diff --git a/ansible/roles/privatebin/files/docker-compose.yml b/ansible/roles/privatebin/files/docker-compose.yml index 76b89aa..8d6d3dc 100644 --- a/ansible/roles/privatebin/files/docker-compose.yml +++ b/ansible/roles/privatebin/files/docker-compose.yml @@ -12,4 +12,3 @@ services: labels: - traefik.enable=true - traefik.http.routers.privatebin.rule=Host(`bin.theorangeone.net`) - - traefik.http.routers.privatebin.tls.certresolver=le diff --git a/ansible/roles/pve_docker/files/calibre/docker-compose.yml b/ansible/roles/pve_docker/files/calibre/docker-compose.yml index 356331e..b87c80e 100644 --- a/ansible/roles/pve_docker/files/calibre/docker-compose.yml +++ b/ansible/roles/pve_docker/files/calibre/docker-compose.yml @@ -13,4 +13,3 @@ services: labels: - traefik.enable=true - traefik.http.routers.calibre.rule=Host(`calibre.jakehoward.tech`) - - traefik.http.routers.calibre.tls.certresolver=le diff --git a/ansible/roles/pve_docker/files/librespeed/docker-compose.yml b/ansible/roles/pve_docker/files/librespeed/docker-compose.yml index 8c6ad23..8aeff73 100644 --- a/ansible/roles/pve_docker/files/librespeed/docker-compose.yml +++ b/ansible/roles/pve_docker/files/librespeed/docker-compose.yml @@ -12,6 +12,5 @@ services: labels: - traefik.enable=true - traefik.http.routers.librespeed.rule=Host(`speed.jakehoward.tech`) - - traefik.http.routers.librespeed.tls.certresolver=le - traefik.http.routers.librespeed.middlewares=librespeed-auth@docker - traefik.http.middlewares.librespeed-auth.basicauth.users={{ librespeed_basicauth }} diff --git a/ansible/roles/pve_docker/files/nextcloud/docker-compose.yml b/ansible/roles/pve_docker/files/nextcloud/docker-compose.yml index b90130f..9f723e9 100644 --- a/ansible/roles/pve_docker/files/nextcloud/docker-compose.yml +++ b/ansible/roles/pve_docker/files/nextcloud/docker-compose.yml @@ -22,7 +22,6 @@ services: labels: - traefik.enable=true - traefik.http.routers.nextcloud.rule=Host(`intersect.jakehoward.tech`) - - traefik.http.routers.nextcloud.tls.certresolver=le - traefik.http.services.nextcloud-nextcloud.loadbalancer.server.port=443 - traefik.http.services.nextcloud-nextcloud.loadbalancer.server.scheme=https - traefik.http.middlewares.nextcloud-hsts.headers.stsseconds=15552000 diff --git a/ansible/roles/pve_docker/files/synapse/docker-compose.yml b/ansible/roles/pve_docker/files/synapse/docker-compose.yml index 3d02aa2..3599162 100644 --- a/ansible/roles/pve_docker/files/synapse/docker-compose.yml +++ b/ansible/roles/pve_docker/files/synapse/docker-compose.yml @@ -18,7 +18,6 @@ services: labels: - traefik.enable=true - traefik.http.routers.synapse.rule=Host(`matrix.jakehoward.tech`) - - traefik.http.routers.synapse.tls.certresolver=le db: image: postgres:12-alpine @@ -42,6 +41,5 @@ services: labels: - traefik.enable=true - traefik.http.routers.synapse-admin.rule=Host(`matrix.jakehoward.tech`) && PathPrefix(`/admin`) - - traefik.http.routers.synapse-admin.tls.certresolver=le - traefik.http.middlewares.synapse-admin-path.stripprefix.prefixes=/admin - traefik.http.routers.synapse-admin.middlewares=synapse-admin-path@docker diff --git a/ansible/roles/pve_docker/files/tt-rss/docker-compose.yml b/ansible/roles/pve_docker/files/tt-rss/docker-compose.yml index 0b73a6d..209c7d5 100644 --- a/ansible/roles/pve_docker/files/tt-rss/docker-compose.yml +++ b/ansible/roles/pve_docker/files/tt-rss/docker-compose.yml @@ -23,7 +23,6 @@ services: labels: - traefik.enable=true - traefik.http.routers.tt-rss.rule=Host(`tt-rss.jakehoward.tech`) - - traefik.http.routers.tt-rss.tls.certresolver=le depends_on: - db tmpfs: diff --git a/ansible/roles/pve_docker/files/wallabag/docker-compose.yml b/ansible/roles/pve_docker/files/wallabag/docker-compose.yml index 43c3514..a88c42e 100644 --- a/ansible/roles/pve_docker/files/wallabag/docker-compose.yml +++ b/ansible/roles/pve_docker/files/wallabag/docker-compose.yml @@ -13,7 +13,6 @@ services: labels: - traefik.enable=true - traefik.http.routers.wallabag.rule=Host(`wallabag.jakehoward.tech`) - - traefik.http.routers.wallabag.tls.certresolver=le depends_on: - redis diff --git a/ansible/roles/pve_docker/files/whoami/docker-compose.yml b/ansible/roles/pve_docker/files/whoami/docker-compose.yml index d8a7b10..2bf9a7b 100644 --- a/ansible/roles/pve_docker/files/whoami/docker-compose.yml +++ b/ansible/roles/pve_docker/files/whoami/docker-compose.yml @@ -7,4 +7,3 @@ services: labels: - traefik.enable=true - traefik.http.routers.whoami.rule=Host(`whoami.theorangeone.net`) || Host(`who.0rng.one`) - - traefik.http.routers.whoami.tls.certresolver=le diff --git a/ansible/roles/traefik/files/file-provider-gitlab.yml b/ansible/roles/traefik/files/file-provider-gitlab.yml index f24e5a7..130f06f 100644 --- a/ansible/roles/traefik/files/file-provider-gitlab.yml +++ b/ansible/roles/traefik/files/file-provider-gitlab.yml @@ -3,8 +3,6 @@ http: router-gitlab: rule: Host(`git.theorangeone.net`) service: service-gitlab - tls: - certResolver: le services: service-gitlab: loadBalancer: diff --git a/ansible/roles/traefik/files/file-provider-grafana.yml b/ansible/roles/traefik/files/file-provider-grafana.yml index 872a420..e5e02a8 100644 --- a/ansible/roles/traefik/files/file-provider-grafana.yml +++ b/ansible/roles/traefik/files/file-provider-grafana.yml @@ -3,8 +3,6 @@ http: router-grafana: rule: Host(`grafana.jakehoward.tech`) service: service-grafana - tls: - certResolver: le services: service-grafana: loadBalancer: diff --git a/ansible/roles/traefik/files/file-provider-homeassistant.yml b/ansible/roles/traefik/files/file-provider-homeassistant.yml index ac7c20e..684df1d 100644 --- a/ansible/roles/traefik/files/file-provider-homeassistant.yml +++ b/ansible/roles/traefik/files/file-provider-homeassistant.yml @@ -3,8 +3,6 @@ http: router-homeassistant: rule: Host(`homeassistant.jakehoward.tech`) service: service-homeassistant - tls: - certResolver: le services: service-homeassistant: loadBalancer: diff --git a/ansible/roles/traefik/files/file-provider-jellyfin.yml b/ansible/roles/traefik/files/file-provider-jellyfin.yml index 0b7c1a5..05fa340 100644 --- a/ansible/roles/traefik/files/file-provider-jellyfin.yml +++ b/ansible/roles/traefik/files/file-provider-jellyfin.yml @@ -3,8 +3,6 @@ http: router-jellyfin: rule: Host(`media.jakehoward.tech`) service: service-jellyfin - tls: - certResolver: le services: service-jellyfin: loadBalancer: diff --git a/ansible/roles/traefik/files/traefik.yml b/ansible/roles/traefik/files/traefik.yml index 3ed360e..48481f4 100644 --- a/ansible/roles/traefik/files/traefik.yml +++ b/ansible/roles/traefik/files/traefik.yml @@ -17,6 +17,15 @@ entryPoints: middlewares: - floc-block@file - compress@file + tls: + certresolver: le + domains: + - main: theorangeone.net + sans: "*.theorangeone.net" + - main: jakehoward.tech + sans: "*.jakehoward.tech" + - main: 0rng.one + sans: "*.0rng.one" proxyProtocol: trustedIPs: - "{{ wireguard.cidr }}" diff --git a/ansible/roles/upload/files/docker-compose.yml b/ansible/roles/upload/files/docker-compose.yml index b56f618..2b72265 100644 --- a/ansible/roles/upload/files/docker-compose.yml +++ b/ansible/roles/upload/files/docker-compose.yml @@ -12,7 +12,6 @@ services: labels: - traefik.enable=true - traefik.http.routers.upload.rule=Host(`upload.theorangeone.net`) - - traefik.http.routers.upload.tls.certresolver=le img: image: ghcr.io/realorangeone/static-server:latest @@ -24,7 +23,6 @@ services: labels: - traefik.enable=true - traefik.http.routers.img.rule=Host(`img.theorangeone.net`) || Host(`img.0rng.one`) - - traefik.http.routers.img.tls.certresolver=le bg: image: ghcr.io/realorangeone/static-server:latest @@ -37,7 +35,6 @@ services: labels: - traefik.enable=true - traefik.http.routers.bg.rule=Host(`bg.theorangeone.net`) - - traefik.http.routers.bg.tls.certresolver=le dl: image: ghcr.io/realorangeone/static-server:latest @@ -49,4 +46,3 @@ services: labels: - traefik.enable=true - traefik.http.routers.dl.rule=Host(`dl.theorangeone.net`) || Host(`dl.0rng.one`) - - traefik.http.routers.dl.tls.certresolver=le diff --git a/ansible/roles/uptime_kuma/files/docker-compose.yml b/ansible/roles/uptime_kuma/files/docker-compose.yml index 97598f3..c0c1e2b 100644 --- a/ansible/roles/uptime_kuma/files/docker-compose.yml +++ b/ansible/roles/uptime_kuma/files/docker-compose.yml @@ -13,4 +13,3 @@ services: labels: - traefik.enable=true - traefik.http.routers.uptime-kuma.rule=Host(`status.theorangeone.net`) - - traefik.http.routers.uptime-kuma.tls.certresolver=le diff --git a/ansible/roles/vaultwarden/files/docker-compose.yml b/ansible/roles/vaultwarden/files/docker-compose.yml index 798b60d..a15e9fc 100644 --- a/ansible/roles/vaultwarden/files/docker-compose.yml +++ b/ansible/roles/vaultwarden/files/docker-compose.yml @@ -16,12 +16,10 @@ services: - traefik.http.routers.vaultwarden-ui.rule=Host(`bw.jakehoward.tech`) || Host(`vaultwarden.jakehoward.tech`) - traefik.http.routers.vaultwarden-ui.service=vaultwarden-ui - traefik.http.services.vaultwarden-ui.loadbalancer.server.port=80 - - traefik.http.routers.vaultwarden-ui.tls.certresolver=le - traefik.http.routers.vaultwarden-websocket.rule=(Host(`bw.jakehoward.tech`) || Host(`vaultwarden.jakehoward.tech`) )&& Path(`/notifications/hub`) - traefik.http.routers.vaultwarden-websocket.service=vaultwarden-websocket - traefik.http.services.vaultwarden-websocket.loadbalancer.server.port=3012 - - traefik.http.routers.vaultwarden-websocket.tls.certresolver=le - traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.average=5 - traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.burst=1000 diff --git a/ansible/roles/yourls/files/docker-compose.yml b/ansible/roles/yourls/files/docker-compose.yml index d814f06..2e024bc 100644 --- a/ansible/roles/yourls/files/docker-compose.yml +++ b/ansible/roles/yourls/files/docker-compose.yml @@ -18,7 +18,6 @@ services: labels: - traefik.enable=true - traefik.http.routers.yourls.rule=Host(`0rng.one`) - - traefik.http.routers.yourls.tls.certresolver=le mariadb: image: mariadb:10.5