certs: split into smaller certs, update infra layout

This commit is contained in:
Johanna Dorothea Reichmann 2020-07-03 11:32:39 +02:00 committed by jdreichmann
parent 92aa3367b4
commit 410db58c94
Signed by untrusted user who does not match committer: transcaffeine
GPG Key ID: 03624C433676E465
5 changed files with 19 additions and 19 deletions

View File

@ -8,17 +8,14 @@ services:
- /opt/docker/Caddy/Caddyfile:/etc/caddy/Caddyfile:z - /opt/docker/Caddy/Caddyfile:/etc/caddy/Caddyfile:z
- /vault/services/web/webhosts:/webhosts:z - /vault/services/web/webhosts:/webhosts:z
- /vault/services/certMgmt/certData/certs:/tls_certs:z - /vault/services/certMgmt/certData/certs:/tls_certs:z
- /vault/services/matrix/ssl/config:/matrix_tls_certs:z
- /vault/services/matrix/static-files:/matrix_static:z - /vault/services/matrix/static-files:/matrix_static:z
- /vault/users/jreichmann/public:/public/transcaffeine:z - /vault/users/jreichmann/public:/public/transcaffeine:z
- /opt/docker/Caddy/webroot:/var/webroot:z - /opt/docker/Caddy/webroot:/var/webroot:z
- /vault/services/masto_dark/public:/services/mastodon/public:z
environment: environment:
- GID=1001 - GID=1001
- UID=1001 - UID=1001
ports: ports:
- "443:443" - "192.168.0.53:443:443"
- "8448:8448"
networks: networks:
- frontend - frontend
- matrix - matrix

View File

@ -1,6 +1,6 @@
https://cloud.finallycoffee.eu { https://cloud.finallycoffee.eu {
gzip gzip
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem tls /tls_certs/cloud.finallycoffee.eu/fullchain.pem /tls_certs/cloud.finallycoffee.eu/privkey.pem
header / { header / {
Referrer-Policy no-referrer Referrer-Policy no-referrer
Strict-Transport-Security "max-age=15552000;" Strict-Transport-Security "max-age=15552000;"
@ -17,7 +17,7 @@ https://cloud.finallycoffee.eu {
https://office.cloud.finallycoffee.eu { https://office.cloud.finallycoffee.eu {
gzip gzip
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem tls /tls_certs/cloud.finallycoffee.eu/fullchain.pem /tls_certs/cloud.finallycoffee.eu/privkey.pem
header / { header / {
Access-Control-Allow-Origin * Access-Control-Allow-Origin *
} }

View File

@ -1,5 +1,5 @@
https://git.finallycoffee.eu { https://git.finallycoffee.eu {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem tls /tls_certs/git.finallycoffee.eu/fullchain.pem /tls_certs/git.finallycoffee.eu/privkey.pem
proxy / git:3000 { proxy / git:3000 {
transparent transparent
websocket websocket

View File

@ -1,5 +1,5 @@
https://admin.finallycoffee.eu { https://admin.finallycoffee.eu {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem tls /tls_certs/admin.finallycoffee.eu/fullchain.pem /tls_certs/admin.finallycoffee.eu/privkey.pem
proxy / https://172.21.0.1:9090 { proxy / https://172.21.0.1:9090 {
transparent transparent
websocket websocket
@ -7,8 +7,13 @@ https://admin.finallycoffee.eu {
} }
} }
https://gateway.finallycoffee.eu {
tls /tls_certs/gateway.finallycoffee.eu/fullchain.pem /tls_certs/gateway.finallycoffee.eu/privkey.pem
}
https://dsl.gateway.finallycoffee.eu { https://dsl.gateway.finallycoffee.eu {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem tls /tls_certs/gateway.finallycoffee.eu/fullchain.pem /tls_certs/gateway.finallycoffee.eu/privkey.pem
basicauth jdreichmann $pass { basicauth jdreichmann $pass {
realm "Intranet karlsruhe.flauschekatze.space" realm "Intranet karlsruhe.flauschekatze.space"
/ /
@ -20,7 +25,7 @@ https://dsl.gateway.finallycoffee.eu {
} }
https://docsis.gateway.finallycoffee.eu { https://docsis.gateway.finallycoffee.eu {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem tls /tls_certs/gateway.finallycoffee.eu/fullchain.pem /tls_certs/gateway.finallycoffee.eu/privkey.pem
basicauth jdreichmann $pass { basicauth jdreichmann $pass {
realm "Intranet karlsruhe.flauschekatze.space" realm "Intranet karlsruhe.flauschekatze.space"
/ /

View File

@ -11,6 +11,11 @@ https://matrix.finallycoffee.eu {
header_downstream Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization" header_downstream Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
transparent transparent
} }
proxy /_matrix/client/r0/user_directory/search matrix-ma1sd:8090 {
header_downstream Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
header_downstream Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
transparent
}
proxy /_matrix/federation matrix-synapse:8048 { proxy /_matrix/federation matrix-synapse:8048 {
transparent transparent
} }
@ -22,6 +27,7 @@ https://matrix.finallycoffee.eu {
header_downstream Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization" header_downstream Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
transparent transparent
} }
proxy /metrics http://matrix-synapse:9100/_synapse/metrics
proxy / https://finallycoffee.eu/.well-known/matrix { proxy / https://finallycoffee.eu/.well-known/matrix {
except /_matrix except /_matrix
} }
@ -41,7 +47,7 @@ https://dimension.matrix.finallycoffee.eu {
} }
https://chat.finallycoffee.eu { https://chat.finallycoffee.eu {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem tls /tls_certs/chat.finallycoffee.eu/fullchain.pem /tls_certs/chat.finallycoffee.eu/privkey.pem
proxy / http://matrix-riot-web:8080 { proxy / http://matrix-riot-web:8080 {
transparent transparent
} }
@ -61,12 +67,4 @@ https://finallycoffee.eu/.well-known/matrix/ {
} }
} }
# Federation listens on all IPs because older Synapse versions do not support SNI
https://:8448 {
tls /tls_certs/finallycoffee.eu/fullchain.pem /tls_certs/finallycoffee.eu/privkey.pem
proxy /_matrix matrix-synapse:8048 {
transparent
}
}