nixcfg/cluster
Baptiste Jonglez 7e88a88e04 prod: garage: Enable on-demand-tls check for *.garage S3 endpoint
We were hitting Let's Encrypt rate limits because we were generating
thousands of non-sense certificates like "foo.bar.baz.garage.deuxfleurs.fr"

See https://crt.sh

Subdomains of garage.deuxfleurs.fr only make sense when accessing buckets
through S3 with vhost-style, so let's enable the on-demand-tls check to
make sure that the bucket exists in Garage.

In the long term, we might want to have a wildcard certificate for this
usage, or simply stop supporting vhost-style S3 access.
2024-06-08 17:14:48 +02:00
..
prod prod: garage: Enable on-demand-tls check for *.garage S3 endpoint 2024-06-08 17:14:48 +02:00
staging garage: harmonize staging and prod (checks, services) 2024-06-08 16:43:18 +02:00