Transparently support HTTPS for all projects

[lottspot]

Using letsencrypt, we should have the ability to automatically acquire HTTPS certificates for any project hosted on our cluster. We should look into configuring a service to do this so we can support HTTPS by default on all projects.

[lottspot]

If we are willing to switch our edge proxy from upstream nginx to the fatter and more feature-rich openresty, there is a plugin which allows on the fly certificate acquisition. Further boosting its own case, this plugin allows the acquired certificate/key pair to be written back to things like filesystems, redis caches, etc, to allow us to easily synchronize the certificate/key pair between all of our edge nodes.

Amongst the countless things that makes the promise of this thing absolutely awesome is the fact that it allows us to provide HTTPS to all of our projects without them having to do a single thing to get it (and without us having to do anything to maintain the validity of the cert).

[lottspot]

Annoyingly, it looks like the lua plugin requires that a resolver be statically specified in the nginx config. Can probably make that work by running the nginx proxies with a dnsmasq sidecar container and just setting the resolver directive to 127.0.0.1

[lottspot]

Setting the resolver statically inside of the config has the added benefit of being better for DNS based service discovery, so it's not a bad thing to work out the solution to regardless

[lottspot]

As of 33a8a5e the alpha cluster is running OpenResty on the edges instead of nginx in order to support on-demand HTTPS certificate generation.