From 32e700f0767f8893fe2a0f5fd0b65fdd4b96a7b6 Mon Sep 17 00:00:00 2001 From: plui29989 Date: Tue, 28 Feb 2023 21:07:16 +0100 Subject: [PATCH] Add doc for self-signed certificates --- docs/configuring-playbook-ssl-certificates.md | 43 ++++++++++++++++++- 1 file changed, 41 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-ssl-certificates.md b/docs/configuring-playbook-ssl-certificates.md index 60d5b1351..a2fab7c3e 100644 --- a/docs/configuring-playbook-ssl-certificates.md +++ b/docs/configuring-playbook-ssl-certificates.md @@ -29,6 +29,45 @@ devture_traefik_config_entrypoint_web_secure_enabled: false ## Using self-signed SSL certificates -Using self-signed certificates with Traefik is a somewhat involved processes, where you need to manually mount the files into the container and adjust the "static" configuration to refer to them. +To use self-signed SSL certificates, you need to disable the certResolvers and the traefik-certs-dumper tool. +You also need to override the providers.file setting in the Traefik configs. +Create a file 'certificates.yml' in /devture-traefik/config/ with the following content: -Feel free to research this approach on your own and improve this guide! +```yaml +tls: + certificates: + - certFile: /ssl/cert.pem + keyFile: /ssl/privkey.pem + stores: + default: + defaultCertificate: + certFile: /ssl/cert.pem + keyFile: /ssl/privkey.pem +``` + +Place the key and your certificate in /devture-traefik/ssl/ +You can use the matrix-aux role for this: + +```yaml +matrix_aux_file_definitions: + - dest: /devture-traefik/ssl/privkey.pem + src: /path/to/privkey.pem + - dest: /devture-traefik/ssl/cert.pem + src: /path/to/cert.pem + - dest: /devture-traefik/config/certificates.yml + src: /path/to/certificates.yml +``` + +Then add the following to your vars.yml: + +```yaml +devture_traefik_config_certificatesResolvers_acme_enabled: false +devture_traefik_certResolver_primary: '' +devture_traefik_ssl_dir_enabled: true +devture_traefik_configuration_extension_yaml: | + providers: + file: + filename: /config/certificates.yml + watch: true +matrix_playbook_traefik_certs_dumper_role_enabled: false +```