Dynamiczne domeny dla serwisów deployowanych w jenkinsie
Wildcardowy certyfikat dla domeny:
certbot certonly --agree-tos --email kontakt@sealcode.org --manual -d '*.dep.sealco.de'
Konfiguracja nginx:
server {
listen 80;
listen [::]:80;
server_name *.dep.sealco.de;
return 301 https://$host$request_uri;
}
log_format jenkins $proxy_host $upstream_addr;
server {
listen 443 ssl;
server_name ~^(?<hostport>[0-9]+)\.dep\.sealco\.de$;
ssl_certificate /etc/letsencrypt/live/dep.sealco.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dep.sealco.de/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
access_log /var/log/nginx/jenkins.access.log jenkins;
location / {
proxy_pass http://127.0.0.1:$hostport$request_uri;
access_log /var/log/nginx/jenkins.access.log jenkins;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_pass_request_headers on;
}
}