summaryrefslogtreecommitdiff
path: root/hieradata/nodes/proxyin.yaml
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2021-02-06 11:33:38 +0100
committerJan Dittberner <jandd@cacert.org>2021-02-06 11:33:38 +0100
commit6de282d26244ddbd5b3880536e5bdcc83cfc012e (patch)
tree300b17e7e9c85123f03f8c001b9b6dba8fa46a15 /hieradata/nodes/proxyin.yaml
parentfb5427166d19a4e46cafdd8b11cdb9539c2a7024 (diff)
downloadcacert-puppet-6de282d26244ddbd5b3880536e5bdcc83cfc012e.tar.gz
cacert-puppet-6de282d26244ddbd5b3880536e5bdcc83cfc012e.tar.xz
cacert-puppet-6de282d26244ddbd5b3880536e5bdcc83cfc012e.zip
Setup nginx to server SNI tls on port 8443
This commit is the first step to migrate away from sniproxy and use nginx only. Nginx now handles port 80 directly and should provide the same forwarding that sniproxy is doing on port 8443 (will be switched to 443 in a later commit if it turns out to work).
Diffstat (limited to 'hieradata/nodes/proxyin.yaml')
-rw-r--r--hieradata/nodes/proxyin.yaml6
1 files changed, 5 insertions, 1 deletions
diff --git a/hieradata/nodes/proxyin.yaml b/hieradata/nodes/proxyin.yaml
index 5f8615f..bd1e96c 100644
--- a/hieradata/nodes/proxyin.yaml
+++ b/hieradata/nodes/proxyin.yaml
@@ -3,9 +3,13 @@ classes:
- roles::proxyin
profiles::base::admins:
- jandd
-profiles::sniproxy::https_forwards:
+profiles::sniproxy::https_forwards_sniproxy:
- "motion\\.cacert\\.org$ 10.0.0.117:8443"
- "selfservice\\.cacert\\.org$ 10.0.0.118:8443"
+profiles::sniproxy::https_forwards:
+ motion.cacert.org: "10.0.0.117:8443"
+ selfservice.cacert.org: "10.0.0.118:8443"
+profiles::sniproxy::https_port: 8443
profiles::icinga2_agent::pki_ticket: >
ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEw
DQYJKoZIhvcNAQEBBQAEggEAVh+d4e8x8Tub+RMVEeyllfUZz2VGaqIL0mW7