Implement shared CA certificate system for multi-server TLS security

- Generate shared CA during core deployment for consistent trust across servers - Modify setup_docker_tls() to use shared CA instead of per-server CAs - Update share_certs_with_core() to copy shared CA from core server - Re-enable TLS verification (DOCKER_TLS_VERIFY=1) in Sablier - Fix Sablier certificate mounting for proper TLS connection - Add docker-tls/ to .gitignore to prevent certificate leaks - Update documentation for shared CA approach
2026-01-25 23:08:01 -05:00
parent 1b3c4ff9ff
commit 89ca29918b
6 changed files with 654 additions and 121 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -71,6 +71,9 @@ yarn-error.log*
 *.pfx
 acme.json

+# Docker TLS certificates directory
+docker-tls/
+
 # Nextcloud application files (should be mounted via volumes)
 docker-compose/productivity/nextcloud/html/