Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revert to using https when generating a baseUrl #15

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

ianconsolata
Copy link
Contributor

https is a more secure default than http. Additionally, the previous helper file created https baseUrls, so upgrading to the new chart version will cause the base URL of the server to change if folks don't have baseUrlOverride set.

`https` is a more secure default than `http`. Additionally, the previous helper file created `https` baseUrls, so upgrading to the new chart version will cause the base URL of the server to change if folks don't have `baseUrlOverride` set.
@ianconsolata
Copy link
Contributor Author

Not sure what version to use here. This is technically a breaking change, but only because it's fixing an issue with a previous change that was probably unintentional.

Here's the commit that changed it:
5ff47fe

It seems like perhaps it should only be https when folks are using an ingress, though I can't imagine why folks would use this without an ingress so it's hard to reason about what they would want there.

@MisterTimn
Copy link
Collaborator

The http/https setup is on my own todo list, atm clusters I use actually all have TLS termination at the proxy level so its a different setup (just needs https in base URL but no need for cert/key/tls secret).

Didn't want https to be the default since it's not default for CSS itself atm, and setup of https varies depending on config, but we should definitely push to make this the default. Having plain http and no ingress can be used when all communication is kept inside the cluster, to develop some internal application.

tls:
  enabled: false
  autoGenerated: true
  existingSecret: ""
  caCert: "" #base64 encoded
  caKey: "" #base64 encoded

Perhaps we could enable it by default and use self signed certificates that get auto generated when key and cert aren't specified? Added option in my example.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants