nixcfg

History

Baptiste Jonglez 7e88a88e04 prod: garage: Enable on-demand-tls check for *.garage S3 endpoint We were hitting Let's Encrypt rate limits because we were generating thousands of non-sense certificates like "foo.bar.baz.garage.deuxfleurs.fr" See https://crt.sh Subdomains of garage.deuxfleurs.fr only make sense when accessing buckets through S3 with vhost-style, so let's enable the on-demand-tls check to make sure that the bucket exists in Garage. In the long term, we might want to have a wildcard certificate for this usage, or simply stop supporting vhost-style S3 access.	2024-06-08 17:14:48 +02:00
..
prod	prod: garage: Enable on-demand-tls check for *.garage S3 endpoint	2024-06-08 17:14:48 +02:00
staging	garage: harmonize staging and prod (checks, services)	2024-06-08 16:43:18 +02:00

Baptiste Jonglez 7e88a88e04 prod: garage: Enable on-demand-tls check for *.garage S3 endpoint

We were hitting Let's Encrypt rate limits because we were generating
thousands of non-sense certificates like "foo.bar.baz.garage.deuxfleurs.fr"

See https://crt.sh

Subdomains of garage.deuxfleurs.fr only make sense when accessing buckets
through S3 with vhost-style, so let's enable the on-demand-tls check to
make sure that the bucket exists in Garage.

In the long term, we might want to have a wildcard certificate for this
usage, or simply stop supporting vhost-style S3 access.

2024-06-08 17:14:48 +02:00

prod

prod: garage: Enable on-demand-tls check for *.garage S3 endpoint

2024-06-08 17:14:48 +02:00

staging

garage: harmonize staging and prod (checks, services)

2024-06-08 16:43:18 +02:00