From dd785c2baebbed1451c930e6cf909c64ff6fa3d6 Mon Sep 17 00:00:00 2001 From: zyc <1439655764@qq.com> Date: Tue, 21 Apr 2026 10:17:54 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20airlabs.art=20=E5=90=AF=E7=94=A8=20HTTP?= =?UTF-8?q?S=20+=20cert-manager=20=E8=87=AA=E5=8A=A8=E7=AD=BE=E8=AF=81?= =?UTF-8?q?=E4=B9=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Ingress 的 tls 段增加 airlabs.art 和 www.airlabs.art(secretName: airlabs-root-tls) - Traefik 全局 HTTP→HTTPS redirect 自动把裸域访问升级到 HTTPS - 证书由 letsencrypt-prod cluster-issuer 通过 HTTP-01 挑战自动签发 Co-Authored-By: Claude Opus 4.7 (1M context) --- .gitea/workflows/deploy.yaml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index 07c25e1..e5e2608 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -72,6 +72,14 @@ jobs: printf ' secretName: %s-tls\n' "$name" >> /tmp/ingress.yaml done + # 裸域 + www 的 TLS(cert-manager 自动签 letsencrypt) + if [ -d airlabs-art ]; then + printf ' - hosts:\n' >> /tmp/ingress.yaml + printf ' - airlabs.art\n' >> /tmp/ingress.yaml + printf ' - www.airlabs.art\n' >> /tmp/ingress.yaml + printf ' secretName: airlabs-root-tls\n' >> /tmp/ingress.yaml + fi + printf ' rules:\n' >> /tmp/ingress.yaml for name in $PROJECTS; do printf ' - host: %s.airlabs.art\n' "$name" >> /tmp/ingress.yaml @@ -86,7 +94,7 @@ jobs: printf ' number: 80\n' >> /tmp/ingress.yaml done - # 特判:裸域 + www 走 HTTP only,映射到 airlabs-art/ 目录 + # 裸域 + www 规则(HTTPS 由 Traefik 全局 redirect 强制、证书由 cert-manager 自动签) if [ -d airlabs-art ]; then for host in airlabs.art www.airlabs.art; do printf ' - host: %s\n' "$host" >> /tmp/ingress.yaml