Support https in build ingresses

[mileo]

Some features depends of the use of HTTPS, for example service workers.

[sbidoul]

Interesting. Is that a issue new in 16?

If there is no workaround in the browser, then we'll need to find a way to deploy and maintain a wildcard certificate.

[sbidoul]

Before, it seems nginx did use a default self signed certificate if used forced an https URL. haproxy does not do that, it would seem.

See also https://github.com/OCA/hr-attendance/pull/80#issuecomment-1308690046

[mileo]

Interesting. Is that a issue new in 16?

If there is no workaround in the browser, then we'll need to find a way to deploy and maintain a wildcard certificate.

It's a issue on https://github.com/OCA/pos/pull/835

But could apply to other features too.

[mileo]

@sbidoul we use rancher+k8s+nginx some example:

https://github.com/mileo/runboat/commit/0f0a10bc2bafa136aca619660b2840ffa3f7ac82

[sbidoul]

Yeah, but I'm not sure that generating a new letsencrypt certificate for each commit we do in OCA is going to be ok with the letsencrypt usage policies.

[mileo]

Yeah, but I'm not sure that generating a new letsencrypt certificate for each commit we do in OCA is going to be ok with the letsencrypt usage policies.

May be some guys of our team can awnser this one: @kardeco @ananiasfilho

[ananiasfilho]

Let's encrypt have many limitations as certs per IP, certs per domains and others. The best and single way maybe will run with a wildcard ssl certificate.

[sbidoul]

I agree using a wildcard ssl certificate is the best solution. It's a bit of a burden to set up and maintain, though.

So in the meantime I enabled a default self-signed certificate on the OCA runboat instance.

So you can manually change the build URL to https, and manually accept the default certificate. Not perfect but probably good enough for now.