generated from bisco/codex-bootstrap
fix: keep proxy healthy during tls pending
This commit is contained in:
+4
-3
@@ -42,9 +42,10 @@ is safe only when firewall/network policy makes the load balancer the sole NGINX
|
||||
caller and it overwrites `X-Forwarded-*` headers.
|
||||
|
||||
For direct TLS, public DNS and inbound ports 80/443 must reach NGINX. Start with
|
||||
`LETSENCRYPT_STAGING=1`; application HTTP returns 503 until a certificate exists, then
|
||||
redirects to HTTPS. Switch to the production CA only after validating DNS and firewall
|
||||
behavior, removing only the staging certificate volume when necessary.
|
||||
`LETSENCRYPT_STAGING=1` and set `WP_URL` to the final HTTPS URL. Application HTTP
|
||||
returns 503 until a certificate exists, then redirects to HTTPS. Switch to the
|
||||
production CA only after validating DNS and firewall behavior, removing only the
|
||||
staging certificate directory when necessary.
|
||||
|
||||
## State and rollback
|
||||
|
||||
|
||||
Reference in New Issue
Block a user