Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Serve karma board over HTTPS #6

Open
2 tasks
MarkBennett opened this issue Sep 9, 2019 · 5 comments
Open
2 tasks

Serve karma board over HTTPS #6

MarkBennett opened this issue Sep 9, 2019 · 5 comments

Comments

@MarkBennett
Copy link
Contributor

HTTPS is the new normal on the web, so we should move our server over.

It looks like if we setup our domain with Digital Ocean, then we can configure their load balancer to create and manage a cert with Let's Encrypt for us automatically:

https://www.digitalocean.com/docs/networking/load-balancers/how-to/ssl-termination/

TODO

  • change devedmonton.com to use Digital Ocean DNS name servers (@MarkBennett)
  • change load balancer forwarding rules to use Let's Encrypt certificates with the devedmonton.com domain
@MarkBennett
Copy link
Contributor Author

@j-rewerts heads up. I'll take care of changing the name servers. This is a good way to share them anyway.

@j-rewerts
Copy link
Collaborator

One more todo:

  • Add support for websocket HTTPS upgrade

I think that one is the real blocking issue.

@MarkBennett
Copy link
Contributor Author

Just a heads up that I was able to get a site running using Rio (https://rio.io) to serve a dockerized app on top of DO Kubernetes and deploying using GitHub Actions. It was pretty fast to setup and get running so we might want to try something like this for Hey Burrito?

This is the site:

https://alphabeta-staging.burmis.ca/

The repo is private but I can pull out the bits that are important and put them up in a Gist.

@j-rewerts
Copy link
Collaborator

That is a very pretty site. Nicely done!

Any ideas on the impact of having Rio inside a cluster with non-Rio workloads? I know it uses Istio as a service mesh.

@MarkBennett
Copy link
Contributor Author

Since it just adds a couple CRD's on top of Kubernetes the only issue is the overhead it adds with Istio, prometheus (for monitoring), and cert-manager. My setup is using the Service Load Balancer from Digital Ocean, but I'm not sure how cert-manager actually applies the certs in front of the services.

In general, running WS behind a load balancer isn't something I've done before so I'm not sure if the Digital Ocean load balancer will be able to do the WSS and our service can just do the WS in node, or if we need to extract the certificate and key from cert-manager and then expose those to the node instance so it can handle the WSS side. If we need to do it on the node side it could be quite a bit more complicated.

I'm thinking that @awg might have some suggestions here. We should follow up with him to see if he knows about WSS on Kubernetes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MarkBennett @j-rewerts