Added script etc for ssl on lb

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
rewrite
Tuan-Dat Tran 2024-10-03 17:38:08 +02:00
parent a09448985c
commit c0e81ee277
2 changed files with 34 additions and 0 deletions

View File

@ -45,6 +45,27 @@ http {
server { server {
listen 443; listen 443;
server_name staging.k3s.seyshiro.de *.staging.k3s.seyshiro.de
ssl_certificate /etc/nginx/ssl/staging_tls.crt;
ssl_certificate_key /etc/nginx/ssl/staging_tls.key;
location / {
proxy_pass https://k3s_servers_https;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
server {
listen 443;
server_name production.k3s.seyshiro.de *.production.k3s.seyshiro.de
ssl_certificate /etc/nginx/ssl/production_tls.crt;
ssl_certificate_key /etc/nginx/ssl/production_tls.key;
location / { location / {
proxy_pass https://k3s_servers_https; proxy_pass https://k3s_servers_https;
proxy_set_header Host $host; proxy_set_header Host $host;

13
scripts/get_tls.sh Executable file
View File

@ -0,0 +1,13 @@
#!/bin/bash
kubectl -n staging get secret k3s-seyshiro-de-staging-tls -o jsonpath='{.data.tls\.crt}' | base64 -d >staging_tls.crt
kubectl -n staging get secret k3s-seyshiro-de-staging-tls -o jsonpath='{.data.tls\.key}' | base64 -d >staging_tls.key
kubectl -n production get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.crt}' | base64 -d >production_tls.crt
kubectl -n production get secret k3s-seyshiro-de-tls -o jsonpath='{.data.tls\.key}' | base64 -d >production_tls.key
scp ./{production,staging}_tls.{crt,key} k3s-loadbalancer:~
# onsite
# chmod 600 ./{production,staging}_tls.{crt,key}
# sudo mv ./{production,staging}_tls.{crt,key} /etc/nginx/ssl/