Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support custom domains across all running instances of Altis local-server #475

Open
9 tasks
shadyvb opened this issue May 5, 2022 · 2 comments
Open
9 tasks
Labels
developer advocacy Developer Advocacy related tasks must have Must be done, high priority

Comments

@shadyvb
Copy link
Contributor

shadyvb commented May 5, 2022

Context

Altis recently introduced custom SSL certificate generation capabilities, but with the limitation of supporting custom (sub)domains for one running instance, mainly the last one that invokes the generation process, because that one has access to custom domains set in that project configuration, but not to custom domains configured in any other running instance.

The only reason this process would work with non-custom (sub)domains on other instances, is that we always include *.altis.dev which is the default domain name for Altis local-server.

Solution

Step 1 - Expose custom domains

Since we don't have access to Altis configuration of other projects, we'll need all projects to announce the domains they use so any instance with access to Docker can aggregate all the custom domains used by all running instances.

The initial work has prepped for this, so Altis now attaches custom domains used by each container via a label called traefik.domain, in a comma-separated format.

Step 2 - Collect custom domains from all running instances

Querying the label referenced to above can be done via something like:
docker ps -q --filter 'label=traefik.domain' | xargs -I{} docker inspect {} --format='{{index .Config.Labels "traefik.domain"}}'

That queries all instances with traefik.domain label, and aggregates it, so it can be parsed and use while generating the SSL certificate Traefik uses for all instances ( hint: only one traefik instance manages connections to ALL running local-server instances ).

We might need to offload the SSL generation process to Traefik itself, so we don't generate different certificates within each local-server instance while it's the generic Traefik instance that uses it.. needs a bit more research on the best approach.

Step 3 - Generating the SSL certificate

That should be straight-forward once the domains are there, using the same commands that's being used now.

Acceptance criteria

  • Multiple running instances of Altis local-server can use custom (sub)domains using HTTPS.

Testing steps

  • Set up two new product development environment in separate folders, do not start either environment just yet
  • Use documentation to set up custom domains for both installations, eg test1.local and test2.local respectively
  • Start the first environment, ensure that the site is working properly under HTTPS scheme with an automatically trusted certificate
  • Start the second environment, ensure that the site is working properly under HTTPS scheme with an automatically trusted certificate
  • Ensure that both sites are working properly under HTTPS scheme with an automatically trusted certificate
  • Bring down both environments
  • Setup a third product development environment in a new folder, choose a custom domain of test3.local, start the environment, ensure it works under HTTPS as expected
  • Start the first two environments, ensure that all three sites are working under HTTPS as expected
  • [ ]
@veselala veselala added should have Should be done, medium priority for now must have Must be done, high priority and removed should have Should be done, medium priority for now labels May 11, 2022
@veselala
Copy link

@veselala
Copy link

@shadyvb will add some documentation and testing steps

@missjwo missjwo added the developer advocacy Developer Advocacy related tasks label Dec 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
developer advocacy Developer Advocacy related tasks must have Must be done, high priority
Projects
None yet
Development

No branches or pull requests

3 participants