Support {s3,web}.root_domains for the Caddy on-demand TLS endpoint (<admin>/check?domain=xx) #610
No reviewers
Labels
No Label
AdminAPI
Bug
Check AWS
CI
Correctness
Critical
Documentation
Ideas
Improvement
Low priority
Newcomer
Performance
S3 Compatibility
Testing
Usability
No Milestone
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Deuxfleurs/garage#610
Loading…
Reference in New Issue
No description provided.
Delete Branch "bug/support-root-domains-on-demand-tls"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Context
Tricot does not support DNS01 challenge, hence it does not support wildcard certificate,
hence we must provision simple certificates for vhost-style URL on S3 AND for people having no dedicated domain name and using our root domain (
web.deuxfleurs.fr
).Furthermore, the S3 specification allows dots in bucket name, but not wildcard certificates. Amazon decided to not support domains with dots for websites and s3 vhost-style access but we are currently supporting it on our production deployment.
Conclusion: the on-demand TLS endpoint must not only support FQDN bucket on the web endpoint, but also buckets expanded with a root domain on the S3+Web endpoints.
Content of this PR
Extend the
<admin>/check?domain=xx
API endpoint to support domains built with the bucket name expanded with either the S3 or Webroot_domain
.See the associated reference documentation for more detailed explanations.
Limitations
Buckets that are not in the global namespace are not supported.
@ -47,0 +95,4 @@
- Otherwise, returns 404 Not Found, 400 Bad Request or 5xx requests.
*Note 1: because in the path-style URL mode, there is only one domain that is not known by Garage, hence it is not supported by this API endpoint.
You must manually declare the domain in your reverse-proxy. Idem for K2V.*
This is not an English word - suggest replacing with "Similarly".
Thanks, great work, could be slightly refactored but the current version is fine.