Merge pull request #13 from Diesel-Net/development

Fix broken configuration
Diesel-Net · Nov 25, 2022 · e6f5614 · e6f5614
2 parents 4eb06ca + a938b38
commit e6f5614
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 14 deletions.
diff --git a/.ansible/templates/ca.json b/.ansible/templates/ca.json
@@ -1,6 +1,6 @@
 {
     "root": "/home/step/certs/root_ca.crt",
-    "federatedRoots": [],
+    "federatedRoots": null,
     "crt": "/home/step/certs/intermediate_ca.crt",
     "key": "/home/step/secrets/intermediate_ca_key",
     "address": ":443",
@@ -14,7 +14,7 @@
         "format": "text"
     },
     "db": {
-        "type": "badger",
+        "type": "badgerv2",
         "dataSource": "/home/step/db",
         "badgerFileLoadingMode": ""
     },
@@ -38,19 +38,27 @@
                 "type": "ACME",
                 "name": "acme",
                 "claims": {
-                    "maxTLSCertDuration": "2160h",
-                    "defaultTLSCertDuration": "2160h"
+                    "enableSSHCA": true,
+                    "disableRenewal": false,
+                    "allowRenewalAfterExpiry": false
+                },
+                "options": {
+                    "x509": {},
+                    "ssh": {}
                 }
             }
-        ]
+        ],
+        "template": {},
+        "backdate": "1m0s"
     },
     "tls": {
         "cipherSuites": [
-            "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
+            "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
             "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
         ],
         "minVersion": 1.2,
         "maxVersion": 1.3,
         "renegotiation": false
-    }
+    },
+    "commonName": "Step Online CA"
 }
diff --git a/.ansible/templates/docker-compose.yaml b/.ansible/templates/docker-compose.yaml
@@ -4,21 +4,21 @@ version: '3.8'
 services: 
 
   server:
-    image: smallstep/step-ca:0.16.0
+    image: smallstep/step-ca:0.23.0
     volumes:
       - /etc/localtime:/etc/localtime
-      - /etc/ssl/certs/:/etc/ssl/certs/
+      - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt
       - {{ config_dir }}/:/home/step/
     networks:
       - {{ traefik_network }}
-    #environment:
-      #- STEPDEBUG=1
+    environment:
+      - STEPDEBUG=1
     deploy:
       labels:
         - traefik.enable=true
-        - traefik.tcp.services.{{ git_repository }}.loadbalancer.server.port=443
-        - traefik.tcp.routers.{{ git_repository }}.rule=HostSNI(`{{ domain }}`)
-        - traefik.tcp.routers.{{ git_repository }}.tls.passthrough=true
+        - traefik.tcp.services.{{ repository }}.loadbalancer.server.port=443
+        - traefik.tcp.routers.{{ repository }}.rule=HostSNI(`{{ domain }}`)
+        - traefik.tcp.routers.{{ repository }}.tls.passthrough=true
 networks:
   {{ traefik_network }}:
     external: