Open SEJeff opened 9 years ago
ThanosBaskous
commented
9 years ago This would be fantastic.
One thing that I've struggled with is and would be interested in hearing your thoughts on is how to get the key in, especially when it's running a docker container (into which it probably shouldn't be baked). An idea that I considered was a pluggable CredentialRetriever class that retrieves and installs the key at run time.
SEJeff
commented
9 years ago For self signed certificates? I was generally just thinking of using the system certificate store, which requests actually bypasses (stupidly), meaning stuff with normal commercial certificates.
How would you see this working?
ThanosBaskous
commented
9 years ago Oops. I misunderstood your initial suggestion - I read it as a request for SSL support at the proxy itself, not for the healthchecker. My comment was about how to make sensitive certificate info available to the proxy.
On board.
SEJeff
commented
9 years ago Ah, for our internal domain, we have a wildcard certificate that I simply include with the proxy. I simply meant if the app itsself implements https (think a golang webapp) instead of using a webserver like nginx, doing the healthchecking via ssl^Wtls.
Some application servers use https for their own communication. This should be trivial to extend and is a placeholder for myself to add.