Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Validate ssl for mastodon backend #72

Merged
merged 3 commits into from
Jan 8, 2025
Merged

Validate ssl for mastodon backend #72

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f2c3f30
Validate ssl for mastodon backend
james-otten Jan 8, 2025
b2958c8
thanks daniel
james-otten Jan 8, 2025
fa4dff8
Merge remote-tracking branch 'origin/main' into james/mastodon_ssl
james-otten Jan 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions ansible/roles/k8s-lb/files/mastodon_public_certificate_not_sensitive.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIIEFTCCAv2gAwIBAgIUcq7riJ6BLW0hszKyBdP6YZUVc9UwDQYJKoZIhvcNAQEL
BQAwgZkxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwI
TmV3IFlvcmsxETAPBgNVBAoMCE5ZQyBNZXNoMQ8wDQYDVQQLDAZkYW5pZWwxHTAb
BgNVBAMMFG1hc3RvZG9uLm55Y21lc2gubmV0MSEwHwYJKoZIhvcNAQkBFhJkYW5p
ZWxAbnljbWVzaC5uZXQwHhcNMjUwMTA4MDUwOTI1WhcNMjYwMTA4MDUwOTI1WjCB
mTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcg
WW9yazERMA8GA1UECgwITllDIE1lc2gxDzANBgNVBAsMBmRhbmllbDEdMBsGA1UE
AwwUbWFzdG9kb24ubnljbWVzaC5uZXQxITAfBgkqhkiG9w0BCQEWEmRhbmllbEBu
eWNtZXNoLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMpWtHx
SyuIUd8YsbAyQJl/hQEmQG7fWgnHBkePURft4nJpb6OyNzfuaYI99JSE4xN2vhbH
VWal/ol9zqYQwzck35Q1IJ4ejsuu8EBCDw+OT4wjY2Be9HX7BmCoJlD8B06//x/t
Nq5BEtwmra/shXvSF9iIHxmMzzZt/6vkRRmTpUG8HmPTRe5qwNL+8/abXYCACCpO
c5TxK9P9U4fZGDoAFPmV6wOZ2ZTd39ALaq9T2GUOiIB7PLU/GG6kW1pB/vFAicjA
/lZK2C/uK5JDbdw7G6bfWBkNcjjk6AgU0wgdwjf823fVZNF27jVwwmLJUdDg8AKy
BTIlK7JM0dZq2bUCAwEAAaNTMFEwHQYDVR0OBBYEFKieCZYHv0NhD7jlRkdZCQ1K
C61SMB8GA1UdIwQYMBaAFKieCZYHv0NhD7jlRkdZCQ1KC61SMA8GA1UdEwEB/wQF
MAMBAf8wDQYJKoZIhvcNAQELBQADggEBABFypWpWWTeq4lNeGYdH1ixWQM4E7reT
Lkh8+uWkmQaLZkzUQ125tgZ5rXhhxTQ34c7ieZ3B/2z6QYKab6eNABz5WHNVM9Ah
OG/PiXqhi8aoPFTnUsYFLHZwLrVRjJMmM5ebULttvqO0kRLli0VhYMLjpktO9iYc
af/pbSkhm+PMs6CdkHM1VQpCfszH4U7+ZrpVKRh2qZZNuYfhCKo9QXz0tb8OvSZ4
dSMopHKILIu3vyQOKQPXg/8Odx5yzjNhrljaTeRDrJu2bVqlh0GjqkRwYQ5e7blw
gd5hdzRkHD2j7CUhvA9exA8+BTLDwPRvu13hEtX39vPtOm60baMAR74=
-----END CERTIFICATE-----
14 changes: 14 additions & 0 deletions ansible/roles/k8s-lb/tasks/main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,20 @@
state: directory
mode: '0755'

- name: Create external_ssl certs directory if it does not exist
ansible.builtin.file:
path: /etc/haproxy/external_ssl
state: directory
mode: '0755'

- name: Copy mastadon PUBLIC cert
ansible.builtin.copy:
src: mastodon_public_certificate_not_sensitive.pem
dest: /etc/haproxy/external_ssl/mastodon.pem
owner: "root"
group: "root"
mode: "644"

- name: Check if file exists
ansible.builtin.stat:
path: "/etc/haproxy/ssl/lb.pem"
Expand Down
2 changes: 1 addition & 1 deletion ansible/roles/k8s-lb/templates/haproxy.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ backend be_grafana
backend be_mastodon
log global
mode http
server srv_mastodon 10.70.187.12:80
server srv_mastodon 10.70.187.12:443 ssl verify required ca-file /etc/haproxy/external_ssl/mastodon.pem

backend be_gsg-displays
log global
Expand Down
Loading