Set proxy.https.hosts by default too #390
Conversation
In some hubs, we currently just use a loadbalancer + autohttps to get traffic into the cluster. This is simpler than getting nginx-ingress + certmanager setup, although not entirely sure if that's the right thing to do long term. By putting the domains in proxy.https.hosts as well, we can decide to use or not use autohttps on a per-hub basis, without having to repeat the domains in multiple places. Staging and prod hubs that have the exact same config but differ in domains can be easily constructed thus.
What about terminating SSL at the load balancer as another option, maybe?
I like that! This is I am approving this one in a few seconds! |
Offloading to the AWS (or GCP) loadbalancer for SSL? IMO z2jh's autohttps setup is far less fiddly :D |
Yep, but some people (and, maybe, some 2i2c future users) are not always happy with a letsencrypt certs and they want to use their own one 😉 . In those cases, the offloading worked pretty well in my experience. |
In some hubs, we currently just use a loadbalancer + autohttps
to get traffic into the cluster. This is simpler than getting
nginx-ingress + certmanager setup, although not entirely
sure if that's the right thing to do long term.
By putting the domains in proxy.https.hosts as well, we can
decide to use or not use autohttps on a per-hub basis, without
having to repeat the domains in multiple places. Staging and
prod hubs that have the exact same config but differ in
domains can be easily constructed thus.