update CA, fix indentation, opens /api/v0/dns

OriginProtocol · Jun 30, 2020 · e6134e8 · e6134e8
1 parent 6a55525
commit e6134e8
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 11 deletions.
diff --git a/devops/dockerfiles/scripts/origin-dapp-creator-issuer/entrypoint.sh b/devops/dockerfiles/scripts/origin-dapp-creator-issuer/entrypoint.sh
@@ -24,4 +24,7 @@ envsubst '$SERVER_ENDPOINT' \
 
 echo "CONTACT_EMAIL='[email protected]'" > /etc/resty-auto-ssl/letsencrypt/conf.d/dehydrated.conf
 
+# If this CA isn't used, it will fail as v1 has been depreciated
+echo "CA=\"https://acme-v02.api.letsencrypt.org/directory\"" > /etc/resty-auto-ssl/letsencrypt/conf.d/ca.sh
+
 exec "$@"
diff --git a/devops/dockerfiles/snippets/origin-dapp-creator-issuer/nginx.conf.template b/devops/dockerfiles/snippets/origin-dapp-creator-issuer/nginx.conf.template
@@ -21,11 +21,11 @@ http {
   # Initial setup tasks.
   init_by_lua_block {
       auto_ssl = (require "resty.auto-ssl").new()
-      auto_ssl:set("ca", "https://acme-v01.api.letsencrypt.org/directory")
+      auto_ssl:set("ca", "https://acme-v02.api.letsencrypt.org/directory")
 
       --- Allow all domains
       auto_ssl:set("allow_domain", function(domain)
-	return true
+        return true
       end)
 
       auto_ssl:init()
@@ -45,9 +45,9 @@ http {
       client_max_body_size 128k;
 
       location / {
-	content_by_lua_block {
-	  auto_ssl:hook_server()
-	}
+        content_by_lua_block {
+          auto_ssl:hook_server()
+        }
       }
   }
 
@@ -56,10 +56,10 @@ http {
 
     # Access for LetsEncrypt
     location /.well-known/acme-challenge/ {
-	auth_basic off;
-	content_by_lua_block {
-	    auto_ssl:challenge_server()
-	}
+      auth_basic off;
+      content_by_lua_block {
+          auto_ssl:challenge_server()
+      }
     }
 
     # Force HTTPS
@@ -73,7 +73,7 @@ http {
 
     # Dynamic handler for issuing or returning certs for SNI domains.
     ssl_certificate_by_lua_block {
-	auto_ssl:ssl_certificate()
+      auto_ssl:ssl_certificate()
     }
 
     # Define a fallback certificate so nginx can start

diff --git a/devops/kubernetes/charts/origin/templates/ipfs-cluster.ingress.yaml b/devops/kubernetes/charts/origin/templates/ipfs-cluster.ingress.yaml
@@ -79,6 +79,8 @@ spec:
               servicePort: 9999
           - path: /api/v0/id
             backend: *api_service
+          - path: /api/v0/dns
+            backend: *api_service
           - path: /api/v0/object/links
             backend: *api_service
           - path: /api/v0/object/patch/add-link
@@ -119,6 +121,8 @@ spec:
             backend: *api_service
           - path: /api/v0/id
             backend: *api_service
+          - path: /api/v0/dns
+            backend: *api_service
           - path: /api/v0/pin/add
             backend: *api_service
           - path: /api/v0/object/links

diff --git a/devops/kubernetes/charts/origin/templates/ipfs.ingress.yaml b/devops/kubernetes/charts/origin/templates/ipfs.ingress.yaml
@@ -64,6 +64,8 @@ spec:
             backend: &api_service
               serviceName: {{ template "ipfs.fullname" . }}
               servicePort: 5001
+          - path: /api/v0/dns
+            backend: *api_service
           - path: /api/v0/object/links
             backend: *api_service
           - path: /api/v0/object/patch/add-link

diff --git a/devops/kubernetes/charts/origin/templates/ipfs.statefulset.yaml b/devops/kubernetes/charts/origin/templates/ipfs.statefulset.yaml
@@ -40,7 +40,7 @@ spec:
         command: ["/usr/local/bin/start_ipfs", "daemon", "--migrate"]
         env:
           - name: IPFS_LOGGING
-            value: info
+            value: ERROR
         ports:
         - containerPort: 4001
           name: swarm