Browse Source

Use fullchain.cer on graphite for nginx

Nginx doesn't seem to support explcit intermedate cert chains [0] and we
need to supply all of the certs together in a single file. Thankfully
acme.sh does this and calls it the fullchain.cer file. Use that in the
nginx config for graphite to fix issues with ssl verification to this
service.

[0] http://nginx.org/en/docs/http/configuring_https_servers.html#chains

Change-Id: I318fb92a30c1593c2a2e4cb37496b16f17472f1d
changes/03/811803/1
Clark Boylan 8 months ago
parent
commit
c9d6b4d248
  1. 2
      playbooks/roles/graphite/templates/graphite-statsd.conf.j2

2
playbooks/roles/graphite/templates/graphite-statsd.conf.j2

@ -11,7 +11,7 @@ server {
listen [::]:443 ssl;
server_name {{ inventory_hostname }};
ssl_certificate /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.cer;
ssl_certificate /etc/letsencrypt-certs/{{ inventory_hostname }}/fullchain.cer;
ssl_certificate_key /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key;
root /opt/graphite/static;
index index.html;

Loading…
Cancel
Save