Update letsencrypt docs

After haproxy base service was added in [1], dummy service is not needed for deployments without horizon. [1] https://review.opendev.org/c/openstack/openstack-ansible/+/876160/ Change-Id: I8258b3e2905a6d5b2ae435a3449ee834483e6908
2023-03-29 21:42:14 +02:00 · 2023-03-29 21:42:14 +02:00 · 1a3c3f5603
commit 1a3c3f5603
parent 72cdf3fd27
2 changed files with 5 additions and 24 deletions
--- a/doc/source/user/security/ssl-certificates.rst
+++ b/doc/source/user/security/ssl-certificates.rst
@ -253,30 +253,6 @@ http-01 challenge requests.
    haproxy_ssl_letsencrypt_install_method: "distro"
    haproxy_ssl_letsencrypt_email: "email.address@example.com"

-
-If you don't have horizon deployed, you will need to define dummy service that
-will listen on 80 and 443 ports and will be used for acme-challenge, whose
-backend is certbot on the haproxy host:
-
-.. code-block:: shell-session
-
-  haproxy_extra_services:
-    # the external facing service which serves the apache test site, with a acl for LE requests
-    - service:
-        haproxy_service_name: certbot
-        haproxy_redirect_http_port: 80                         #redirect port 80 to port ssl
-        haproxy_redirect_scheme: "https if !{ ssl_fc } !{ path_beg /.well-known/acme-challenge/ }"   #redirect all non-ssl traffic to ssl except acme-challenge
-        haproxy_port: 443
-        haproxy_frontend_acls: "{{ haproxy_ssl_letsencrypt_acl }}"       #use a frontend ACL specify the backend to use for acme-challenge
-        haproxy_ssl: True
-        haproxy_backend_nodes:                                 #apache is running on locally on 127.0.0.1:80 serving a dummy site
-          - name: local-test-service
-            ip_addr: 127.0.0.1
-        haproxy_balance_type: http
-        haproxy_backend_port: 80
-        haproxy_backend_options:
-          - "httpchk HEAD /"                                   # request to use for health check for the example service
-
 TLS for Haproxy Internal VIP
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- a/releasenotes/notes/haproxy-base-service-letsencrypt-13436d2a8d9ea4f9.yaml
+++ b/releasenotes/notes/haproxy-base-service-letsencrypt-13436d2a8d9ea4f9.yaml
@ -0,0 +1,5 @@
+---
+other:
+  - |
+    After haproxy base service was added, dummy letsencrypt service is
+    no longer needed for deployments without horizon and should be removed.