Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upload custom certificate #33

Merged
merged 3 commits into from Jun 12, 2023
Merged

Upload custom certificate #33

merged 3 commits into from Jun 12, 2023

Conversation

Tbaile
Copy link
Contributor

@Tbaile Tbaile commented Jun 1, 2023
edited

Added action allowing upload of custom certificate to Traefik

Trello Ref

@Tbaile Tbaile requested review from Amygos and gsanchietti June 1, 2023 07:23
@Tbaile Tbaile marked this pull request as ready for review June 1, 2023 07:23
gsanchietti
gsanchietti reviewed Jun 1, 2023
View reviewed changes
imageroot/actions/upload-certificate/21save_certificates Outdated Show resolved Hide resolved
imageroot/actions/create-module/50create Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
imageroot/systemd/user/traefik.service Outdated Show resolved Hide resolved
@Tbaile
fix: removed unused brackets
23c22ed 
Added exit codes to be better handled by UI
@Tbaile Tbaile requested a review from gsanchietti June 7, 2023 13:17
@Amygos
Copy link
Member

Amygos commented Jun 7, 2023

Are you planning to add also the implementation for the list, get, and delete actions?

@Tbaile Tbaile mentioned this pull request Jun 7, 2023
Merged
@Tbaile
Copy link
Contributor Author

Tbaile commented Jun 7, 2023
edited

There are already implementations for delete, list and get of certificates (they're there, no idea if they actually work or they were placed only to be implemented after). None less they are based off Traefik internal API, that doesn't show at all certificates information. I've highlighted the issue in this card and the related UI implementation NethServer/ns8-core#407.

@Amygos
Copy link
Member

Amygos commented Jun 7, 2023
edited

There are already implementations for delete, list and get of certificates (they're there, no idea if they actually work or they were placed only to be implemented after)

The current actions are fully implemented and working but don't deal with custom certificates.

None less they are based off Traefik internal API, that doesn't show at all certificates information. I've highlighted the issue in this card and the related UI implementation NethServer/ns8-core#407.

There is no issue, it is an implementation choice.
Traefik doesn't allow explicit requests and management of a certificate, but only implicit via the expression in the rule section of a route definition. Due to this limitation as a workaround, we create a route with the name in the format certificate-<domain_name> and then we set the route's rule expression as:

Host(`<domain_name>`) && Path(`<random_path>`)`

In this way, traefik will try to request the certificate for the domain via the acme server. You can see the implementation here
The same logic is applied to the del, get, list actions.

@Tbaile
Copy link
Contributor Author

Tbaile commented Jun 7, 2023
edited

That makes way more sense now.
So, the only thing that remains is to load the certificate as a route in the Redis configuration, this allows to use again all the implementation already present. Are there any issues with this approach?

@Amygos
Copy link
Member

Amygos commented Jun 7, 2023
edited

So, the only thing that remains is to load the certificate as a route in the Redis configuration,

I don't think this is the correct way to implement it, you have to change a lot of code anyway and you have also to deal with the files on disk.
At this point is better to read the certificates list from the disk and add a new field to the output of the get-certificate action, e.g. type:"[ internal | custom ]"

@Tbaile
Copy link
Contributor Author

Tbaile commented Jun 12, 2023

I'll split the management of custom certificates in a separate PR, feel free to merge this when you like.

@Tbaile Tbaile merged commit 3cca996 into main Jun 12, 2023
1 check passed
@Tbaile Tbaile deleted the upload-custom-cert branch June 12, 2023 07:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Amygos Amygos Amygos approved these changes

@gsanchietti gsanchietti gsanchietti approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@Tbaile @Amygos @gsanchietti