pew
/
scripts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

use proper full chain cert

master
Paul Walko 2020-11-21 13:38:13 -05:00
parent da91fb7e66
commit c28710ec67
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fogcutter/k8s/haproxy.cfg
View File

@ -2,7 +2,7 @@
## Do https://unix.stackexchange.com/a/538901 to fix network-online.target on debian w/ /etc/intefaces
## certbot setup:
## - https://certbot.eff.org/lets-encrypt/debianbuster-haproxy
## - Add "0 0 1 * * systemctl stop haproxy && certbot renew && systemctl start haproxy && cat /etc/letsencrypt/live/seaturtle.pw/{cert,privkey}.pem > /etc/letsencrypt/live/seaturtle.pw/haproxy_cert.pem" to root crontab
## - Add "0 0 1 * * systemctl stop haproxy && certbot renew && systemctl start haproxy && cat /etc/letsencrypt/live/seaturtle.pw/{fullchain,privkey}.pem > /etc/letsencrypt/live/seaturtle.pw/haproxy_cert.pem" to root crontab
## - (Default systemd timer does not have option to stop haproxy before running)
## Ensure microk8s only exposes nodeport on 127.0.0.1:
## - Edit /var/snap/microk8s/current/args/kube-proxy, adding "--nodeport-addresses=127.0.0.1/8"