Skip to content
  • Daniel Dehennin's avatar
    feat(config): support personal TLS certificates · 4d79a370
    Daniel Dehennin authored
    `Discourse` is easy to setup with Let's Encrypt certificates but it's
    possible to use other certificates.
    
    * docs/README.rst: document the new ``discourse.tls.enabled`` state.
    
    * discourse/config/tls.sls: create the certificate and the
      corresponding private key from pillars.
    
    * discourse/config/files/default/ssl.crt.jinja: the PEM certificate
      comes from `discourse:tls:cert` pillar and must match the format of
      Nginx `ssl_certificate` directive.
    
    * discourse/config/files/default/ssl.key.jinja: the unencrypted PEM
      key comes from `discourse:tls:key` pillar and must match the format
      of Nginx
    
    * discourse/config/files/default/force-tls.template.yml.jinja: create
      a boot script for the container to force TLS in discourse
      configuration file like `web.letsencrypt.ssl.template.yml` does.
    
    * discourse/config/files/default/app.yml.jinja: adapt the
      configuration depending on the use of Let's Encrypt or personal TLS
      certificates.
    
    * discourse/config/init....
    4d79a370