feat!: generate a self-signed certificate if no certificates are specified#5973
Conversation
…fied Clouds like AWS automatically navigate to https://<ip-here>. This allows us to bind to that immediately, serve a self-signed certificate, then reroute to the access URL.
|
@deansheather Ben needs this to proceed with his work, so I'm going to merge this ASAP and do a release. If you see any issues, just let me know! |
|
@kylecarbs what about if we do not use tls and use coder behind a reverse proxy like caddy? |
deansheather
left a comment
There was a problem hiding this comment.
Seems OK but this is a breaking change as we no longer redirect by default. You can mark your PR as breaking by adding ! before the : and adding the release/breaking label.
| var selfSignedCertificate *tls.Certificate | ||
| if len(certs) == 0 { | ||
| selfSignedCertificate, err = generateSelfSignedCertificate() | ||
| if err != nil { | ||
| return nil, xerrors.Errorf("generate self signed certificate: %w", err) | ||
| } |
There was a problem hiding this comment.
Why not just certs = append(certs, selfSignedCertificate) instead of the extra logic?
Clouds like AWS automatically navigate to https://. This allows us to bind to that immediately, serve a self-signed certificate, then reroute to the access URL.
@deansheather I'm going to change the
tls-redirect-http-to-httpsflag toredirect-to-access-urlinstead.Edit: to automatically listen on 443 then redirect to the access URL:
This will still open the tunnel (because
access-urlis not set), prompt for a self-signed certificate, then redirect the user to our external tunnel.