You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
letsencrypt has its own role whereas self-signed-certificate is embedded insidewordpress-setup.
Although letsencrypt task is separated, its variables (for example: letsencrypt_cert_ids) are leaded to other tasks like wordpress-setup because they are used in Nginx templates.
What is the expected or desired behavior?
Normalize SSL provider tasks:
Separate self-signed-certificate task
SSL provider tasks (letsencrypt & self-signed-certificate) template their own Nginx config to {{ nginx_path }}/includes.d/{{ item.key }}/ssl/xxx.conf (Note: ssl subdirectory!)
What is the current behavior?
letsencrypt
has its own role whereasself-signed-certificate
is embedded insidewordpress-setup
.Although
letsencrypt
task is separated, its variables (for example:letsencrypt_cert_ids
) are leaded to other tasks likewordpress-setup
because they are used in Nginx templates.What is the expected or desired behavior?
Normalize SSL provider tasks:
Separate
self-signed-certificate
taskSSL provider tasks (
letsencrypt
&self-signed-certificate
) template their own Nginx config to{{ nginx_path }}/includes.d/{{ item.key }}/ssl/xxx.conf
(Note:ssl
subdirectory!)Remove hardcoded Nginx ssl config, for example:
trellis/roles/wordpress-setup/templates/wordpress-site.conf.j2
Lines 88 to 103 in 12ac783
Move SSL provider tasks after
wordpress-setup
to prevent wordpress-setup/nginx-includes from deleting ssl nginx config.Please provide use cases for changing the current behavior:
Serve as a reference for third party SSL providers
Less trouble when working with
tags
, see: Add Nginx ssl.no-default.conf to drop requests for unknown hosts #888 (comment)Other tasks and custom Nginx template need less knowledge about SSL config. Whenever needed, include
{{ nginx_path }}/includes.d/{{ item.key }}/ssl/*.conf
is enough, see: Add Nginx ssl.no-default.conf to drop requests for unknown hosts #888 (comment)The text was updated successfully, but these errors were encountered: