search

lablup / backend.ai

Backend.AI is a streamlined, container-based computing cluster platform that hosts popular computing/ML frameworks and diverse programming languages, with pluggable heterogeneous accelerator support including CUDA GPU, ROCm GPU, TPU, IPU and other NPUs.
https://www.backend.ai
GNU Lesser General Public License v3.0
504 stars 150 forks source link

Add support of password file in loading SSL certificates #310

Open adrysn opened 2 years ago

adrysn commented 2 years ago

Manager, Storage-Proxy, etc. supports HTTPS mode by loading SSL certificate chain. However, they cannot load the certificates encrypted with a pass phrase (password file). For more security, we are better to support the loading of SSL certificate chain with a pass phrase.

For example in Manager, the cert chain is loaded in the following lines: https://github.com/lablup/backend.ai-manager/blob/d180e9b441b0ea95b9d4ae980191988621928019/src/ai/backend/manager/server.py#L589-L592

The load_cert_chain actually supports the password parameter, so we can just append a password file if exists. manager.toml should also support the ssl-password field under the [manager] section.

Target services: Manager, Storage-Proxy, Webserver, etc.

xyloon commented 2 years ago

Nginx ssl termination for webserver , wsproxy and storage-proxy example

https://github.com/lablup/backend.ai-proxy-coordinator/commit/0a0b207e72d348db3be5c8689e9fa64f846e2d50