woodpecker-grpc: fix tls certificate and increase nginx timeout

2025-01-04 17:48:43 +01:00 · 2025-01-04 17:48:43 +01:00 · 27e7a6b179
commit 27e7a6b179
parent 19a8069f19
1 changed files with 9 additions and 3 deletions
--- a/cluster/prod/app/woodpecker-ci/deploy/server.hcl
+++ b/cluster/prod/app/woodpecker-ci/deploy/server.hcl
@ -93,6 +93,10 @@ EOH
        name = "woodpecker-grpc"
        tags = [
          "woodpecker-grpc",
          # The tricot tag is necessary for tricot to get us a tls certificate,
          # but it will not make the grpc endpoint work as tricot cannot
          # proxy grpc traffic by itself.
          "tricot woodpecker-grpc.deuxfleurs.fr",
        ]
        port = "grpc_port"
        address_mode = "host"
@ -120,7 +124,7 @@ http {
    listen 0.0.0.0:14453 ssl;
    listen [::]:14453 ssl;
    http2 on;
-    server_name woodpecker.deuxfleurs.fr;
+    server_name woodpecker-grpc.deuxfleurs.fr;
    resolver 127.0.0.1 valid=30s;
    ssl_certificate "/etc/ssl/certs/woodpecker.cert";
@ -128,6 +132,8 @@ http {
    location / {
        grpc_pass grpc://woodpecker-grpc.service.prod.consul:14090;
        grpc_read_timeout 1800s;
        grpc_send_timeout 1800s;
    }
  }
 }
@ -136,11 +142,11 @@ EOH
      }
      template {
-        data = "{{ with $d := key \"tricot/certs/woodpecker.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}"
+        data = "{{ with $d := key \"tricot/certs/woodpecker-grpc.deuxfleurs.fr\" | parseJSON }}{{ $d.key_pem }}{{ end }}"
        destination = "secrets/ssl/certs/woodpecker.key"
      }
      template {
-        data = "{{ with $d := key \"tricot/certs/woodpecker.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}"
+        data = "{{ with $d := key \"tricot/certs/woodpecker-grpc.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}"
        destination = "secrets/ssl/certs/woodpecker.cert"
      }