From 18600469eb1c9b13c77fbab05439499858020272 Mon Sep 17 00:00:00 2001
From: Paul <paul@zom.bi>
Date: Sat, 30 Nov 2019 19:00:55 +0100
Subject: [PATCH] add graphs xhain subdomain

---
 cert/.gitignore     |  2 ++
 config/traefik.toml | 14 ++++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/cert/.gitignore b/cert/.gitignore
index 852cebe..63096d0 100644
--- a/cert/.gitignore
+++ b/cert/.gitignore
@@ -1,2 +1,4 @@
 # ignore the generated certificates
 acme.json
+*.key
+*.pem
diff --git a/config/traefik.toml b/config/traefik.toml
index 8438958..394dacf 100644
--- a/config/traefik.toml
+++ b/config/traefik.toml
@@ -23,6 +23,17 @@ OnHostRule = false
   [entryPoints.https]
     address = ":443"
       [entryPoints.https.tls]
+        # first certificate is default, serve nonsense to
+        # mitigate TLS probing
+        [[entryPoints.https.tls.certificates]]
+          certFile = "cert/snakeoil.pem"
+          keyFile = "cert/snakeoil.key"
+        [[entryPoints.https.tls.certificates]]
+          certFile = "cert/bitmask.me.origin.pem"
+          keyFile = "cert/bitmask.me.origin.key"
+        [[entryPoints.https.tls.certificates]]
+          certFile = "cert/grun.host.origin.pem"
+          keyFile = "cert/grun.host.origin.key"
 
 [web]
 address = ":8080"
@@ -86,6 +97,9 @@ exposedbydefault = false
   main = "aloneonline.net"
   sans = ["www.aloneonline.net"]
 
+[[acme.domains]]
+  main = "graphs.xhain.space"
+
 # You can define multiple of these blocks, each of which will result in one
 # certificate.
 #[[acme.domains]]