sammachin
commented
2 years ago Just to confirm this should be a FQDN per project rather than a domain per team
Closed hardillb closed 2 months ago
sammachin
commented
2 years ago Just to confirm this should be a FQDN per project rather than a domain per team
cgsmith
commented
2 years ago Would this mean the FQDN would be domain.com for flowforge then each project would be a a subdomain or project folder?
project.domain.com would point to localhost:7880 or w/e?
hardillb
commented
2 years ago @cgsmith This is specifically talking about running with the docker or kubernetes container drivers not the localfs.
With k8s and docker drivers, the projects run in containers so do not have different port numbers on the host and are all mapped to unique hostnames on a single fixed domain at the moment. This epic is about allow teams to have their own root domain. e.g. team one can have <project name>.one.com and team two would have <project name>.two.com
You can not host projects (Node-RED instances) on different paths on a single domain (e.g. example.com/<project name>) due to the way browser local storage works as Node-RED use it as part of the editor authentication. This is a limitation of Node-RED, not the FlowForge platform.
protocolus
commented
2 years ago I have customers that would love to use the FF service but, depend on custom domains to serve their clients. Being able to tie a wildcard SSL to an account would be even better. That way new projects could all be under that domain automatically.
hardillb
commented
2 years ago First pass I see the following points that would need working on
The first 3 items are relatively simple to implement, the last point will need very careful planning and may vary based on host environment. I can see a possible k8s approach, but docker may be different.
May be able to make use of letsencrypt to issue individual certs for each project.
sammachin
commented
2 years ago The use case of setting a domain for a team is separate to the original issue which is to set a custom FQDN for a project.
The Initial story is just per project not team domains and wildcards
hardillb
commented
2 years ago All the same problems still apply re TLS, the user is probably going to need to supply a certificate for the given domain. I suspect it will be easier to implement at a team level rather than per-project.
hardillb
commented
1 year ago @Pezmc stick a slot in the calendar and we can talk about how this will work. I think most of the work will actually be in the UI/UX apart from working out how to handle the TLS certs.
hardillb
commented
1 year ago Notes:
Pez:
Ben:
hardillb
commented
1 year ago Note: Host names need to be valid and unique across all projects
hardillb
commented
1 year ago Blocking issue for deploying this to FlowForge Cloud https://github.com/flowforge/CloudProject/issues/110
Pezmc
commented
1 year ago This feature has been put on hold due to the above blocking issue. Progress, before it was put on hold, is as follows:
Work in progress client-side support for setting hostname: https://github.com/flowforge/flowforge/tree/wip-feat-hostname-field
When it is picked up again, the next steps were to:
knolleary
commented
1 year ago Putting this back on to the Product board for future prioritisation once https://github.com/flowforge/CloudProject/issues/110 has been planned.
ZJvandeWeg
commented
11 months ago @MarianRaphael interest from a prospect: https://app-eu1.hubspot.com/contacts/26586079/record/0-1/7563151
robmarcer
commented
9 months ago Interest from an existing customer - https://app-eu1.hubspot.com/contacts/26586079/record/0-2/8209301981
hardillb
commented
9 months ago The hardest part of this will be TLS certificates for HTTPS.
There is a PR to add cert-manager support to the k8s container driver which would allow the use of LetsEncrypt to issue certificates. We may be able to leverage this, but will need to work out how it will work/play with the current ingress set up on production.
hardillb
commented
9 months ago I wonder if we could add a second ingress entry point to handle custom domains, this might make things easier
ZJvandeWeg
commented
7 months ago @MarianRaphael @hardillb Is this currently still blocked? Or is this only blocked on priority?
hardillb
commented
7 months ago There are still technical problems to solve, mainly around issuing certificates for the hostnames using the custom domain. We still need to test running a second ingress instance
hardillb
commented
6 months ago hardillb
commented
5 months ago I have now got a second ingress-nginx controller installed in a test cluster using
controller:
ingressClass: "custom-nginx"
ingressClassByName: true
ingressClassResource:
enabled: true
name: "custom-nginx"
controllerValue: "flowfuse.com/ingress-nginx-2"
config:
proxy-body-size: "0"
use-gzip: true
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "ssl"
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "120"
externalTrafficPolicy: Local
allowSnippetAnnotations: trueImportant note, the helm release name must not match the existing nginx-ingress release (otherwise the webhook and rbac entries clash)
joepavitt
commented
5 months ago Once you've caught back up with this @hardillb - can you update here with a status of the outstanding items before this can be considered finished please?
hardillb
commented
5 months ago Current state:
joepavitt
commented
5 months ago UI and hostname storage work started in FlowFuse Project
Any draft PR or linked issues for this?
knolleary
commented
4 months ago I've updated the description with a task list based on the latest status update.
joepavitt
commented
4 months ago Status update from Ben:
Wednesday next week is when Ben hope it'll be rounded off
hardillb
commented
4 months ago I have this working properly in my local K8s environment.
Following the change to make the authentication redirect to the right place I will need to add a launcher version check to the UI so it's only offered on new launchers/stacks.
hardillb
commented
4 months ago HTTPS support appears to be working...
joepavitt
commented
4 months ago Can I get a status update on this please @hardillb? How are we looking for 2.5 release, or earlier?
hardillb
commented
4 months ago There is a large amount of extra things that will need configuring in the production cluster to enable this, it should be part of the 2.5 release, even once this is merged.
hardillb
commented
4 months ago I'm currently struggling to get the UI to track when the instance is restarted properly. It just gets stuck in the suspended state.
Once that is fixed then all the code should be finished.
joepavitt
commented
4 months ago Once coding is done, can we open relevant issues (and link back to here) to document outstanding work required to get this live please?
hardillb
commented
4 months ago joepavitt
commented
3 months ago Can this be closed off now?
hardillb
commented
3 months ago @joepavitt it's only because its being used as the overriding epic for the 2 bits of future work.
I can be closed for me.
joepavitt
commented
3 months ago Can close this once https://github.com/FlowFuse/terraform-aws-flowfuse/issues/8 is resolved, https://github.com/FlowFuse/flowfuse/issues/3982 will stay open as a follow-on task should the demand for it be there
joepavitt
commented
2 months ago Closing as majority of work is done
Description
As a Team Owner, I want to be able to supply a custom domain to be used with my projects to differentiate them from other projects hosted on the system
Customer requests