Https via LetsEncrypt #88
Conversation
|
this is great! |
|
@martenson @jmchilton How does one go about testing these? |
|
This looks great! Can you add some documentation about this? |
|
@bgruening I like your enthusiasm! however...
|
|
@zfrenchee testing is hard I think. |
|
@bgruening Oh my gosh I can't believe I didn't see that ansible module when i first went around looking for this! Let me revise this PR. |
|
So my guess is that nearly all the fields should be parameters passed along to the end user. Having default values hardly makes sense. @bgruening let me know what you think. |
|
@martenson @jmchilton @bgruening Unfortunately I don't think this will work, because running the ansible role during production of @bgruening's docker image will cause the image itself to have a certificate, which when multiple people go to run the image, breaks the entire idea of https, I believe. I don't know these technologies too well, but I think this is a fundamental roadblock for my group, since we want to use this ansible role via bjoern's image. That said, I think others will likely be able to use the tasks in this PR, if they are the ones to run this role, rather than use it through the Bjoern's docker image, so I've left this PR open, mostly finished, for someone else to pick up, or for myself to pick up later when I have more time. In the meantime, I'm going to look into a docker-based https solution for my work. |
|
@zfrenchee thank you very much for exploring this road, I still think it is great direction and that deployers would benefit from having something like this readily available when deploying Galaxy |
|
❤️ LetsEncrypt |
|
@zfrenchee one possibility is to generate this key/certificate during statup via the startup script, that should make it unique to every instance. |
|
@bgruening how would I do that? |
|
Alright, I'm moving this work over to a PR against Bjoern's image. |
Another work in progress.