staging: garage: Handle *.garage.staging for vhost-style S3 and add on-demand TLS checks

This commit is contained in:
Baptiste Jonglez 2024-06-08 16:35:35 +02:00
parent d4fb14347d
commit cbb0093f2c
2 changed files with 9 additions and 0 deletions

View file

@ -25,6 +25,7 @@ tls_skip_verify = true
[s3_api] [s3_api]
s3_region = "garage-staging" s3_region = "garage-staging"
api_bind_addr = "0.0.0.0:3990" api_bind_addr = "0.0.0.0:3990"
root_domain = ".garage.staging.deuxfleurs.org"
[k2v_api] [k2v_api]
api_bind_addr = "0.0.0.0:3993" api_bind_addr = "0.0.0.0:3993"

View file

@ -84,7 +84,9 @@ job "garage-staging" {
tags = [ tags = [
"garage-staging-api", "garage-staging-api",
"tricot garage.staging.deuxfleurs.org", "tricot garage.staging.deuxfleurs.org",
"tricot *.garage.staging.deuxfleurs.org",
"tricot-add-header Access-Control-Allow-Origin *", "tricot-add-header Access-Control-Allow-Origin *",
"tricot-on-demand-tls-ask http://garage-staging-admin.service.staging.consul:3909/check",
"tricot-site-lb", "tricot-site-lb",
] ]
port = "s3" port = "s3"
@ -119,10 +121,16 @@ job "garage-staging" {
name = "garage-staging-web" name = "garage-staging-web"
tags = [ tags = [
"garage-staging-web", "garage-staging-web",
"tricot * 1",
"tricot *.web.staging.deuxfleurs.org", "tricot *.web.staging.deuxfleurs.org",
"tricot staging.deuxfleurs.org", "tricot staging.deuxfleurs.org",
"tricot matrix.home.adnab.me/.well-known/matrix/server", "tricot matrix.home.adnab.me/.well-known/matrix/server",
"tricot-add-header Strict-Transport-Security max-age=63072000; includeSubDomains; preload",
"tricot-add-header X-Frame-Options SAMEORIGIN",
"tricot-add-header X-XSS-Protection 1; mode=block",
"tricot-add-header X-Content-Type-Options nosniff",
"tricot-add-header Access-Control-Allow-Origin *", "tricot-add-header Access-Control-Allow-Origin *",
"tricot-on-demand-tls-ask http://garage-staging-admin.service.staging.consul:3909/check",
"tricot-site-lb", "tricot-site-lb",
] ]
port = "web" port = "web"