Support HTTPS via user-provided key/cert #246
Conversation
jupyterhub/Chart.yaml
Outdated
| @@ -1,4 +1,4 @@ | |||
| apiVersion: v1 | |||
| description: Multi-user Jupyter installation | |||
| name: jupyterhub | |||
| version: v0.5.0 | |||
| version: v0.5.0-3be4d58 | |||
|
This is awesome! What do you think about calling this 'manual' or something like that rather than 'files'? Am unsure what 'files' signifies in this context... |
|
I was thinking 'files' because they came from files, but of course they aren't files anymore when they go in your .yml. manual seems okay, but it's not super obvious what it means. Does it make sense for the default behavior to use |
doc/source/extending-jupyterhub.rst
Outdated
| @@ -198,26 +198,58 @@ your users & the world at large. Zero to JupyterHub makes doing so quite | |||
| easy since version 0.5, integrating with `Let's Encrypt <https://letsencrypt.org/>`_ | |||
| for free HTTPS certificates. | |||
|
|
|||
| You can also purchase your own SSL certificates from a certificate provider. | |||
|
|
|||
| 1. Buy a domain name from a registrar. Pick whichever one you want. | |||
| 2. Create an ``A record`` from the domain you want to use, pointing to the | |||
| external IP provided to the `proxy-public` service. | |||
There was a problem hiding this comment.
could explicitly say this is the <EXTERNAL-IP> field. For whatever reason people almost always get this confused and copypaste the internal IP
There was a problem hiding this comment.
(I know this isn't related to this PR so we can punt it to later if you like)
| {{- else }} | ||
| # unhandled type | ||
| # it would be nice if helm had an `error` function | ||
| {{ required (printf "https.type must be 'files' or 'letsencrypt', not '%s'" .Values.proxy.https.type) ._undefined }} |
There was a problem hiding this comment.
just a note to change this if files changes to manual or whatever else
|
as a non-letsencrypt person, files and manual are equally non-informative to me, just FYI. I'm 33/33/33 on files/manual/something else. |
|
@minrk yeah, I think that'd be too much magic. Plus, I think there's a good pattern of: This occurs throughout the k8s ecosystem, and is a good one to follow for us. I agree manual seems not entirely clear, but can't think of anything else. |
|
FWIW I also consider provisioning your own certificates an 'advanced' use case. |
|
agree it's advanced - that's why I'm just giving a datapoint but not weighing in heavily one way or another :-) |
jupyterhub/values.yaml
Outdated
| @@ -82,6 +82,8 @@ proxy: | |||
| type: letsencrypt | |||
| letsencrypt: | |||
| contactEmail: '' | |||
| key: | |||
There was a problem hiding this comment.
this should be manual.key and manual.cert IMO. I think we should be doing:
type: X
X:
<all-X-related-options>
instead of files
usage:
closes #244