From 1b72abb549f974da930817b936a0c0a7ad311c5f Mon Sep 17 00:00:00 2001 From: Emmanuel Garette Date: Mon, 17 Oct 2022 18:40:07 +0200 Subject: [PATCH] reverse-proxy-client must include reverse proxy CA --- seed/apache/dictionaries/20_web.xml | 1 - seed/gitea/dictionaries/31_gitea.xml | 6 +++++- seed/ldap-client/templates/ldap-client.service | 1 - seed/nginx-common/dictionaries/21_nginx.xml | 1 - seed/nginx-reverse-proxy/dictionaries/20_nginx.xml | 1 + .../reverse-proxy-client/dictionaries/21_nginx_client.xml | 8 ++++++++ 6 files changed, 14 insertions(+), 4 deletions(-) diff --git a/seed/apache/dictionaries/20_web.xml b/seed/apache/dictionaries/20_web.xml index 984ed98..dfc519f 100644 --- a/seed/apache/dictionaries/20_web.xml +++ b/seed/apache/dictionaries/20_web.xml @@ -2,7 +2,6 @@ - /etc/pki/ca-trust/source/anchors/ca_InternalReverseProxy.crt /etc/httpd/conf/httpd.conf /etc/httpd/conf.d/risotto.conf /etc/httpd/conf.d/ssl.conf diff --git a/seed/gitea/dictionaries/31_gitea.xml b/seed/gitea/dictionaries/31_gitea.xml index 094c691..7a52cfe 100644 --- a/seed/gitea/dictionaries/31_gitea.xml +++ b/seed/gitea/dictionaries/31_gitea.xml @@ -2,7 +2,6 @@ - /etc/pki/ca-trust/source/anchors/ca_InternalReverseProxy.crt /sysusers.d/0gitea.conf /tmpfiles.d/0gitea.conf /etc/gitea/app.ini @@ -15,6 +14,11 @@ 2222 + + + gitea + + Gitea: Git avec une tasse de thé diff --git a/seed/ldap-client/templates/ldap-client.service b/seed/ldap-client/templates/ldap-client.service index 6cbf68c..f0d1194 100644 --- a/seed/ldap-client/templates/ldap-client.service +++ b/seed/ldap-client/templates/ldap-client.service @@ -5,4 +5,3 @@ Before=risotto.target [Service] Type=oneshot ExecStart=/usr/bin/timeout 90 bash -c 'while ! 3<> /dev/tcp/%%ldap_server_address/%%ldap_port; do sleep 1; done' - diff --git a/seed/nginx-common/dictionaries/21_nginx.xml b/seed/nginx-common/dictionaries/21_nginx.xml index 0d34c37..210676f 100644 --- a/seed/nginx-common/dictionaries/21_nginx.xml +++ b/seed/nginx-common/dictionaries/21_nginx.xml @@ -10,7 +10,6 @@ /var/www/html/error.html /sysusers.d/nginx.conf /tmpfiles.d/nginx.conf - revprox_ca_file revprox_crt_file revprox_key_file /tests/nginx-common.yml diff --git a/seed/nginx-reverse-proxy/dictionaries/20_nginx.xml b/seed/nginx-reverse-proxy/dictionaries/20_nginx.xml index 85ac9c5..6e87739 100644 --- a/seed/nginx-reverse-proxy/dictionaries/20_nginx.xml +++ b/seed/nginx-reverse-proxy/dictionaries/20_nginx.xml @@ -3,6 +3,7 @@ /etc/pki/ca-trust/source/anchors/ca_HTTP.crt + revprox_ca_file diff --git a/seed/reverse-proxy-client/dictionaries/21_nginx_client.xml b/seed/reverse-proxy-client/dictionaries/21_nginx_client.xml index eb3ccbb..723dd6e 100644 --- a/seed/reverse-proxy-client/dictionaries/21_nginx_client.xml +++ b/seed/reverse-proxy-client/dictionaries/21_nginx_client.xml @@ -4,6 +4,7 @@ revprox_client_cert_file revprox_client_key_file + revprox_client_ca_file @@ -33,6 +34,7 @@ @@ -58,5 +60,11 @@ / revprox_client_key_file + + tls_ca_directory + ca_InternalReverseProxy.crt + / + revprox_client_ca_file +