Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build in an ACME client for root CA-based TLS certificate mgmt #998

Open
jchappelow opened this issue Sep 19, 2024 · 1 comment
Open

build in an ACME client for root CA-based TLS certificate mgmt #998

jchappelow opened this issue Sep 19, 2024 · 1 comment
Assignees
@jchappelow

Comments

@jchappelow
Copy link
Member

To add a simpler option to creating a TLS enable RPC server, where the current options are discussed here, kwild's RPC servers can incorporate an ACME client for automatic x509 certificate management (think Let's Encrypt).

This handles the case where there is a FQDN and the operator wants to enable HTTPS (TLS) for their RPC service but does not want to either deal with self-signed certificates or a reverse proxy + certbot to do this outside of kwild.

This will require a small amount of research to choose the best ACME client that fits into our application most naturally: https://go-acme.github.io/lego/
@jchappelow jchappelow self-assigned this Sep 19, 2024
@brennanjl
Copy link
Collaborator

I know we talked in-person, but just for completeness:

I think this is pretty outside the scope of Kwil, and the maintenance burden we should take on. I think it would be much simpler to provide a suggested nginx configuration (as you suggested), and expecting users to manage their own reverse proxy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jchappelow jchappelow

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brennanjl @jchappelow