This repository was archived by the owner on Jan 24, 2018. It is now read-only.
This repository was archived by the owner on Jan 24, 2018. It is now read-only.
[RFC] Handling of private CA in other templates #188
Description
After we create the private CA, we need to do some other setup to the containers to allow it to actually be useful:
- Add option to proxy for X.509 authentication
- It would be nice if we could select the CA (or CAs) to trust, then have Clouder deploy & update the proxy config
ssl_client_certificatedirective (or just put all certs in one file & trigger nginx reload to refresh)
- It would be nice if we could select the CA (or CAs) to trust, then have Clouder deploy & update the proxy config
- Deploy CA cert to
ca-certificatesof relevant containers and runupdate-ca-certificates(or whatever the Alpine equivalent is) - What are the relevant containers?
Another thing we should really think about is securing our communication between proxy and applications using certs from the internal CA. All network communication should be encrypted by default IMO, but at least having the option is a blocker for me.
Depends: