📝 🐛 Fix race in exemple and doc for tls

maxlerebourg · May 1, 2024 · 7b8a24e · 7b8a24e
1 parent 0f9c17c
commit 7b8a24e
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 5 deletions.
diff --git a/Makefile b/Makefile
@@ -38,7 +38,7 @@ run_binaryvm:
 	cd examples/binary-vm/ && sudo vagrant up
 
 run_tlsauth:
-	docker compose -f examples/tls-auth/docker-compose.yml down && docker compose -f examples/tls-auth/docker-compose.yml up -d && docker compose -f examples/tls-auth/docker-compose.yml restart && docker compose -f examples/tls-auth/docker-compose.yml logs -f
+	docker compose -f examples/tls-auth/docker-compose.yml up  -d --remove-orphans
 
 run_appsec:
 	docker compose -f examples/appsec-enabled/docker-compose.yml up -d

diff --git a/examples/tls-auth/README.md b/examples/tls-auth/README.md
@@ -89,5 +89,4 @@ make run_tlsauth
 ```
 
 Note:
-> This example is still in Beta and use a new version of Crowdsec (v1.4.3) at time of writing
-A functionnality has been disabled in Crowdsec in order to make the example work DISABLE_AGENT: "true"
+> Traefik need to be restart if certificates are regenerated after his launch
diff --git a/examples/tls-auth/docker-compose.yml b/examples/tls-auth/docker-compose.yml
@@ -27,6 +27,7 @@ services:
       - 8080:8080
     depends_on:
       - crowdsec
+      - gencert
 
 # Use HTTPS scheme but with lapikey authentication
   # whoami-foo:
@@ -61,7 +62,7 @@ services:
       - "traefik.http.middlewares.crowdsec.plugin.bouncer.crowdseclapischeme=https"
       - "traefik.http.middlewares.crowdsec.plugin.bouncer.crowdsecLapiTLSCertificateAuthorityFile=/etc/traefik/crowdsec-certs/inter.pem"
       - "traefik.http.middlewares.crowdsec.plugin.bouncer.crowdsecLapiTLSCertificateBouncerFile=/etc/traefik/crowdsec-certs/bouncer.pem"
-      - "traefik.http.middlewares.crowdsec.plugin.bouncer.crowdsecLapiTLSCertificateBouncerKeyFile=/etc/traefik/crowdsec-certs/bouncer-key.pem"
+      - "traefik.http.middlewares.crowdsec.plugin.bouncer.crowdsecLapiTLSCertificateBouncerKeyFile=/etc/traefik/crowdsec-certs/bouncer-key.pem"      
 
   crowdsec:
     image: crowdsecurity/crowdsec:v1.6.1-2
@@ -84,7 +85,7 @@ services:
       BOUNCERS_ALLOWED_OU: "bouncer-ou"
       LEVEL_DEBUG: "true"
       # Disabled because it restart in loop otherwise
-      DISABLE_AGENT: "true"
+      # DISABLE_AGENT: "true"
       # Disabled for the examples
       DISABLE_ONLINE_API: "true"
     volumes:
@@ -97,6 +98,8 @@ services:
       - crowdsec-config-tls-auth:/etc/crowdsec/
     labels:
       - "traefik.enable=false"
+    depends_on:
+      - gencert
 
   gencert:
     build: .