Edit three Setup guides for Cloud users #10759
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ptgott
changed the title
ptgott
force-pushed
the
paul.gottschling/10633-4
branch
from
a3235f6 to
ec5f9d4
Compare
zmb3
reviewed
Mar 7, 2022
| <Tabs> | ||
| <TabItem scope={["oss", "enterprise"]} label="Self-Hosted"> | ||
|
|
||
| All Teleport services (the Proxy Service, Auth Service, and Nodes) have an |
There was a problem hiding this comment.
app service, db service, windows desktop service all have public_addr as well.
There was a problem hiding this comment.
At some point, I started conflating the term "Node" with "all Teleport services that aren't the Auth/Proxy." As you point out, this is incorrect, and our architecture overview guide says as much. I still think we need some catch-all term for services that aren't the auth/proxy. I'll create a separate issue for this and fix my usage here.
| </TabItem> | ||
| <TabItem scope={["cloud"]} label="Teleport Cloud"> | ||
|
|
||
| Teleport Nodes have an optional `public_addr` property that you can modify in |
There was a problem hiding this comment.
Cloud customers likely want to know about the public_addr property for app, db, and desktop access.
| supports HTTP CONNECT tunneling. | ||
|
|
||
| To use HTTP CONNECT tunneling, simply set either the `HTTPS_PROXY` or | ||
| `HTTP_PROXY` variables of the `teleport` daemon's shell environment. When the |
There was a problem hiding this comment.
Suggested change
| `HTTP_PROXY` variables of the `teleport` daemon's shell environment. When the | |
| `HTTP_PROXY` variables of the `teleport` daemon's environment. When the |
Remove shell as there is no requirement to run the Teleport daemon via a shell.
|
|
||
| To use HTTP CONNECT tunneling, simply set either the `HTTPS_PROXY` or `HTTP_PROXY` environment variables and when Teleport builds and establishes the reverse tunnel to the main cluster, it will funnel all traffic through the proxy. Specifically, if using the default configuration, Teleport will tunnel ports `3024` (SSH, reverse tunnel) and `3080` (HTTPS, establishing trust) through the proxy. | ||
| If using the default configuration, Teleport will tunnel ports `3024` (SSH, | ||
| reverse tunnel) and `3080` (HTTPS, establishing trust) through the proxy. |
There was a problem hiding this comment.
I'm not sure what we're trying to say about port 3080 here. It is not "tunneled through the proxy" - it's just the listen port on the proxy. There is no tunneling taking place on port 3080.
ptgott
force-pushed
the
paul.gottschling/10633-4
branch
from
ec5f9d4 to
6acfded
Compare
ptgott
force-pushed
the
paul.gottschling/10633-4
branch
from
6acfded to
a3b6582
Compare
ptgott
force-pushed
the
paul.gottschling/10633-4
branch
from
a3b6582 to
019daee
Compare
ulysseskan
reviewed
Mar 16, 2022
ptgott
force-pushed
the
paul.gottschling/10633-4
branch
from
e5b3721 to
e2ef7b0
Compare
ptgott
force-pushed
the
paul.gottschling/10633-4
branch
from
e2ef7b0 to
01a75cf
Compare
ptgott
force-pushed
the
paul.gottschling/10633-4
branch
2 times, most recently
from
d036bca to
42c5e22
Compare
ptgott
force-pushed
the
paul.gottschling/10633-4
branch
2 times, most recently
from
9130038 to
3ff9e7e
Compare
ptgott
force-pushed
the
paul.gottschling/10633-4
branch
2 times, most recently
from
6c46b0e to
5ad4dd6
Compare
zmb3
approved these changes
Apr 12, 2022
Teleport Daemon - Use a Notice for a warning re: the Auth Service scoped to self-hosted users - Misc grammar/style/clarity tweaks Move the Enterprise License File page The page does not belong in the Setup section, since it does not apply to Cloud and OSS users. I have moved the page into the Enterprise section. Networking guide - Add tabbed instructions so users who have selected a given scope don't see content for other scopes. - Mention auth_service.proxy_listener_mode instead of tls_routing_enabled for self-hosted readers - Misc grammar, style, and clarity edits Scaling We already added an edition warning in a Details box, but I thought a Notice would be more prominent. I've also added some minor grammar, style, and clarity tweaks.
- Imply that there are non-Auth/Proxy services beside Nodes - Remove "shell" where it is unnecessary - Revert the "HTTP CONNECT" section to where it was before this change. The copy-edits were inaccurate, but I don't have time to perform the edits agin more carefully.
Simplify the HTTP CONNECT section by bringing the example closer to the explanation of this functionality and removing some ambiguity over whether one or both of HTTPS_PROXY and HTTP_PROXY are required. The original text suggested that either is required, then that both are required. The new text says to assign both, then explains why.
ptgott
force-pushed
the
paul.gottschling/10633-4
branch
from
5ad4dd6 to
73ad63b
Compare
ptgott
added a commit
that referenced
this pull request
Apr 15, 2022
* Edit three Setup guides for Cloud users Teleport Daemon - Use a Notice for a warning re: the Auth Service scoped to self-hosted users - Misc grammar/style/clarity tweaks Move the Enterprise License File page The page does not belong in the Setup section, since it does not apply to Cloud and OSS users. I have moved the page into the Enterprise section. Networking guide - Add tabbed instructions so users who have selected a given scope don't see content for other scopes. - Mention auth_service.proxy_listener_mode instead of tls_routing_enabled for self-hosted readers - Misc grammar, style, and clarity edits Scaling We already added an edition warning in a Details box, but I thought a Notice would be more prominent. I've also added some minor grammar, style, and clarity tweaks. * Address PR feedback - Imply that there are non-Auth/Proxy services beside Nodes - Remove "shell" where it is unnecessary - Revert the "HTTP CONNECT" section to where it was before this change. The copy-edits were inaccurate, but I don't have time to perform the edits agin more carefully. * Address PR feedback Simplify the HTTP CONNECT section by bringing the example closer to the explanation of this functionality and removing some ambiguity over whether one or both of HTTPS_PROXY and HTTP_PROXY are required. The original text suggested that either is required, then that both are required. The new text says to assign both, then explains why.
Closed
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Teleport Daemon
self-hosted users
Move the Enterprise License File page
The page does not belong in the Setup section, since it does not
apply to Cloud and OSS users. I have moved the page into the
Enterprise section.
Networking guide
Add tabbed instructions so users who have selected a given scope
don't see content for other scopes.
Mention auth_service.proxy_listener_mode instead of
tls_routing_enabled for self-hosted readers
Misc grammar, style, and clarity edits
Scaling
We already added an edition warning in a Details box, but I thought
a Notice would be more prominent. I've also added some minor grammar,
style, and clarity tweaks.