search

google-code-export / camlistore

Automatically exported from code.google.com/p/camlistore
Apache License 2.0
0 stars 0 forks source link

GCE: hostname & cert support #535

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
We need to make it easy to configure the https server's hostname & SSL cert 
with the GCE setup flow.

Right now the default experience is scary and insecure, going to 
https://<ip-address> and having the user click through "I know this isn't 
secure".

We should also support making it easy for the user to add the self-signed 
cert's CA to their trust list, so at least their browser supports it.  And then 
tell them in the web UI (at /status/, perhaps), what config they need to add 
for the client.

Original issue reported on code.google.com by bradfitz on 21 Oct 2014 at 10:10

GoogleCodeExporter commented 9 years ago 
I'm happy to work a bit on this.

This change adds a -hostname argument to create.go and makes camlistored 
generate the certs based on that. Also make create.go fetch them from GCS. 
https://camlistore-review.googlesource.com/3960

Would it make more sense to do it the other way around instead; generate the 
certs in create.go and upload them to GCS? Saves us having to wait for 
camlistored to start.

Original comment by salman.a...@gmail.com on 28 Oct 2014 at 2:13

GoogleCodeExporter commented 9 years ago 
Also, for the client config page, would it be worth merging that with the 
mobile QR page into something like /clientconf/?

Original comment by salman.a...@gmail.com on 28 Oct 2014 at 2:14

GoogleCodeExporter commented 9 years ago 
In reply to #1, I agree that doing it the other way around sounds preferable. 
As said in the CL, it seems like create.go waiting on camlistored could lead to 
awkward situations.

Then it shouldn't be too hard to have camlistored check if some self gen certs 
already exist (because they were created/uploaded by create.go) before it tries 
to create some by itself. Actually I think it already does that...

Original comment by mathieu....@gmail.com on 28 Oct 2014 at 2:39

GoogleCodeExporter commented 9 years ago 
I meant camlistored.go in the second paragraph.

Original comment by mathieu....@gmail.com on 28 Oct 2014 at 2:40

GoogleCodeExporter commented 9 years ago 
It does indeed, if there are certs already it just uses them. I'll send a 
second patchset in soon.

Original comment by salman.a...@gmail.com on 28 Oct 2014 at 2:54

GoogleCodeExporter commented 9 years ago 
4e39af108614488e619c433858ead4c99c03884f

Original comment by mathieu....@gmail.com on 13 Nov 2014 at 5:02

GoogleCodeExporter commented 9 years ago 
This issue has moved to https://camlistore.org/issue/535

Original comment by bradfitz on 14 Dec 2014 at 11:37