-
-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Discussion] API #24
Comments
Thanks for the suggestions! Here's my 2c on this and I'd be very interested what others are thinking: Regarding allowing registrations without e-mails by default: I think that it's a bad idea to default to a choice that might cause the user problems down the road (no notifications from the CA if certificates are about to expire or other problems happen). Since the One idea would be to have a way to set a server-global Let's Encrypt e-mail address that will be defaulted to if there is no e-mail set for the app. This will reduce the amount of work for new apps by one command. Regarding a simplification of configuration: There will be even more configuration options necessary to implement automatic renewal (#18) (such as the amount of time left on the certificate before renewal should happen). Consequently, I'm expecting the API to grow even more and it's definitely time to talk about simplifying things. I'm currently working on some refactorings to have generic I personally dislike the technique of using enivronment variables for important configuration options such as the e-mail address as these should be as visible as possible to the user. However, it might be a good idea to use environment variables for settings where we have good defaults (server selection, time before renewal, etc.) |
I would like to chime in here... My thoughts: E-mails by default: i fully concur with @sseemayer to keep the e-mails in there but have the server wide setup option too. It might even be part of the plugin install command... But again, that would be silly. I for one applaud the current state of the plugin already for its simplicity and ease of use... (edge cases withstanding) Simplication of configuration by environment variables would be a misnomer. By keeping config via parameters / and config files it still really simple. Also agree on sane defaults (i.e. renewal grace periods of 30 days et al) but passing everything via environment variables is not very common for dokku-plugins. Just for that reason alone I would consider command line options or reading in from the app-config... (i.e. One might argue about the server selection options: these seem too advanced for most users and thus might 'clutter' the help... (and could be moved to a
The |
Sweet, thanks for the feedback. It seems like I've hit on some good issues, though I agree, the environment variable solution is clunky. Just the first thing to pop in to mind. I didn't know about it before, but I like the idea of using dokku's As far as not letting people use no email, I guess it's not a problem. People can always use fake emails if they want. I'd just like to see the onboarding be a easy as possible. That being said, the user presumably already set up dokku which is pretty complicated so they should be able to handle an extra command here. 😄 |
Since I've pushed the automatic renewal code now, you can see that the API has blown up and I think that cleaning up the settings getters/setters will be the next important step. I agree that the |
I finally got around to actually doing the API cleanup! You can find the new version on the I've got it working well on my server, but since this is a backwards compatibility-breaking change, I'd like to know your opinions before merging this into master 👍 |
Could you open a pull request? Then we could comment in there. I will test this soon and provide feedback. |
PR is open: #30 |
The eagle has landed (in master)! Closing. |
Hey! First off, congratulations on becoming an official Dokku plugin. I think this plugin really is the 'killer app' for Dokku, nice work.
Anyway, I came by to see how things are going since my last PR and I think the API could be cleaned up a little. These ideas will be breaking changes, but I hope to make the plugin easier to use and easier to add features later. Feel free to say 'no'. 😄
The first issue I noticed is user on-boarding got more complicated. Right now the minimum a new user has to do is:
Ideally all a user should have to do is:
This can be easily done because letsencrypt (and simp_le) lets you get new certs without an email address. See https://github.com/kuba/simp_le/blob/master/simp_le.py#L1233
Although it's recommended to add an email it raises the barrier for entry. I think the main appeal of this plugin is taking something that used to be massively complicated and turn it in to a one-liner.
Second issue I noticed is people are asking for more configuration options. This isn't a bad thing (shows popularity!), but the plugin will need a way to add more options in the future without increasing complexity.
I propose the API is reduced to:
And use environment variables to add configuration options. The email setting workflow would go from:
To:
On second run config can be read from the app so to renewing is just:
letsencrypt <app>
.The main advantage is this will scale when more options are requested, like setting the ACME server:
The list of commands wont need new set/get methods for every option. The
letsencrypt:info
command will be the universalget
command.The other advantage of this approach is people can set up their environment globally once for all apps.
Thoughts?
The text was updated successfully, but these errors were encountered: