KokaKiwi/nixcfg
1
0
Fork 0
forked from Deuxfleurs/nixcfg
Code Pull requests Activity
nixcfg/cluster/prod/app/garage
History
Baptiste Jonglez 7e88a88e04 prod: garage: Enable on-demand-tls check for *.garage S3 endpoint 
We were hitting Let's Encrypt rate limits because we were generating
thousands of non-sense certificates like "foo.bar.baz.garage.deuxfleurs.fr"

See https://crt.sh

Subdomains of garage.deuxfleurs.fr only make sense when accessing buckets
through S3 with vhost-style, so let's enable the on-demand-tls check to
make sure that the bucket exists in Garage.

In the long term, we might want to have a wildcard certificate for this
usage, or simply stop supporting vhost-style S3 access.
2024-06-08 17:14:48 +02:00
..
config prod: garage v1.0.0-rc1 2024-04-01 20:11:24 +02:00
deploy prod: garage: Enable on-demand-tls check for *.garage S3 endpoint 2024-06-08 17:14:48 +02:00
secrets.toml Migrate prod cluster secrets to new format 2022-12-25 22:31:18 +01:00