aboutsummaryrefslogtreecommitdiffstats
path: root/roles/relayd
diff options
context:
space:
mode:
authorbinary <me@rgoncalves.se>2021-01-24 14:43:34 +0100
committerbinary <me@rgoncalves.se>2021-01-24 14:43:34 +0100
commitcb25a3bc260af7f07f78ec45d0028f9db75e26d9 (patch)
tree7833e9ae4365c129e7ee3a04debde1e453c4895e /roles/relayd
parentb0d50d141c33cb84bef5742599c23d6f5fbc4ecc (diff)
downloadinfrastructure-cb25a3bc260af7f07f78ec45d0028f9db75e26d9.tar.gz
Acme challenges are handled by the domain controller!
Diffstat (limited to 'roles/relayd')
-rw-r--r--roles/relayd/templates/relayd.conf.j26
1 files changed, 6 insertions, 0 deletions
diff --git a/roles/relayd/templates/relayd.conf.j2 b/roles/relayd/templates/relayd.conf.j2
index dbd95ad..8ef03bc 100644
--- a/roles/relayd/templates/relayd.conf.j2
+++ b/roles/relayd/templates/relayd.conf.j2
@@ -41,9 +41,14 @@ http protocol "https" {
{% endif %}
{##}
{% endfor %}
+ return error
}
http protocol "http" {
+
+ # acme
+ pass request quick path "/.well-known/acme-challenge/*" forward to <local>
+
pass request header "Host" value "{{ global.domain_name }}" forward to <local>
{% for h in groups["servers"] %}
{% set h = dict(hostvars[h]) %}
@@ -55,6 +60,7 @@ http protocol "http" {
{% endif %}
{##}
{% endfor %}
+ return error
}
# relays
remember that computers suck.