ingress: Configure TLS termination

sciencebox / charts

Helm Charts for ScienceBox services

GNU Affero General Public License v3.0

4 stars 6 forks source link

ingress: Configure TLS termination #17

Open ebocchi opened 2 years ago

ebocchi commented 2 years ago

We will not have a good certificate a-priory.

This causes problems:

SWAN keycloak authenticator
SWAN oauthenticator
EOS oauth2 plaugin for /userinfo endpoint

Require good certificate (hard), or make the default nginx ingress accepted, or ignore TLS when deploying on single box.

diocas commented 2 years ago

What do you mean by SWAN oauthenticator? If EOS can ignore the certificate, we can very much easily add a flag in our authenticator and go for the less secure, just for local test, easy way.

rptaylor commented 1 year ago

With Traefik and Let's Encrypt it is very easy to do certs-aaS if you have a suitable domain and a way to programmatically control that domain (e.g. Cloudflare or PowerDNS).