-
Notifications
You must be signed in to change notification settings - Fork 163
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support internal-facing gateways on AWS #1171
Comments
I suggest the following interface to create internal-facing gateways:
|
To issue SSL certificates for internal-facing gateways, we can use ACME DNS-01 challenge instead of HTTP-01 challenge used currently for public gateways. It will require creds/permissions to automatically manage the DNS records for the users' domains. The DNS-01 challenge is automated for many DNS providers: https://github.com/dehydrated-io/dehydrated/wiki |
As the first option to enable https on gateways without public IPs, we decided to allow users to specify their AWS Certificate Manager certificates when creating gateways. This approach should be familiar to AWS users and would not require permissions to manage DNS zones. To support this, we'll provision such private gateways behind a load balancer with a certificate attached to the LB. |
Currently, dstack AWS gateways are instances with public IP addresses. Users may want to create an internal-facing gateway so that the gateway is only accessible via internal IP inside the VPC. Users would still assign a domain to the gateway that is publicly resolved, but it's resolved to internal IP. This is similar to the AWS internal load balancer.
The limitations of internal-facing gateways:
Next step would be to support internal-facing gateways in all providers that allow for that.
The text was updated successfully, but these errors were encountered: