This repository has been archived by the owner on Jun 13, 2019. It is now read-only.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
till
force-pushed
the
t/letsencrypt-haproxy
branch
from
July 18, 2016 10:08
8d7d716
to
3c11d7e
Compare
@gilleyj can you test this as well? (There is a cs error still, feel free to push a fix up, or I will do it later.) |
@gilleyj I think we stop/start the lb instance on Scholar Playground to test the entire lifecycle. Might be easier to do this with DNS and what not. |
* make ssl dir configurable and inject * append certs into a combined file * reload haproxy afterwards Related: DEVOPS-163
* for ssl_dir * for etc_dir (see bug fixed in #1052 Related: DEVOPS-163
* ensure we don't duplicate command logic in setup and renewal * since all recipes are executed initially, we will have be able to retrieve initial certs Related: DEVOPS-163
* wrap renewal/setup code in function * be a little more verbose with messaging from cron * ensure we can actually initially setup certs * update documentation Related: DEVOPS-163
(This may imply that we cannot reload haproxy on the first run because it is not yet there. But I will have to try this later.) Related: DEVOPS-163
* document limitations * allow initial setup to fail in case dependencies are missing Related: DEVOPS-163
Related: DEVOPS-163
till
force-pushed
the
t/letsencrypt-haproxy
branch
from
July 20, 2016 17:00
5e4f8a3
to
35b98c1
Compare
* unify mock on command * test ssl disabled also Related: DEVOPS-163
Related: DEVOPS-163
Related: DEVOPS-163
Related: DEVOPS-163
Related: DEVOPS-163
* consolidate checking input (e.g. is this really a path or actual) * push chomp chomp into new method Related: DEVOPS-163
Related: DEVOPS-163
* objective is to always have a cert in place so haproxy can start * defeats the chicken-egg problem * actual SSL certs will be deployed or let's encrypted later Related: DEVOPS-163
* remove stubs * remove test
Change of the SSL redirect action to not do if is letsencrypt
Merged
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Open issues:
I think letsencrypt comes too late (for haproxy)Testing:
/etc/letsencrypt/live
/etc/nginx/ssl/cert.combined.pem
)https
Finishes: DEVOPS-163