Story #6846
closed
Story #6331: [Epic] Add SSL support
As an installer user, I can configure Pulp to run with TLS enabled to install/renew using letsencrypt certificates
100%
Description
Background¶
In some cases users of Pulp users want TLS and would like to use a letsencrypt certificate.
Use Cases¶
- Configure new installations with a letsencrypt installation
- Renew letsencrypt certificates that are about to expire on existing installations (same options from the user)
Solution¶
Add options to the installer for the user to express their intent to have Pulp configured to use letsencrypt. If provided, the installer should create a letsencrypt certificate and configure either the Apache or Nginx configuration Pulp to run on port 443 with TLS enabled.
This cannot be enabled by default because letsencrypt can only be acquired if the Pulp host has a publicly accessible FQDN.
The same config used to configure a new install to setup a letsencrypt cert should automatically renew an existing pulp installation's letsencrypt certificate if they are within their renewal window.
Related issues
Updated by mdepaulo@redhat.com over 4 years ago
dkliban and I just held a meeting.
We hashed out the following plan on implementing this: https://hackmd.io/wN4qE67YRB6NN9caPZSLMA?edit
Updated by mdepaulo@redhat.com over 4 years ago
- Related to Task #7285: Add documentation about distributing the Certificate CA generated by Pulp Installer added
Updated by mdepaulo@redhat.com over 4 years ago
- Subject changed from As an installer user, I can configure Pulp to run with TLS enabled to install/renew using letsencry certificates to As an installer user, I can configure Pulp to run with TLS enabled to install/renew using letsencrypt certificates
Added by Mike DePaulo over 4 years ago
Updated by pulpbot over 4 years ago
- Status changed from NEW to POST
Updated by Anonymous over 4 years ago
- Status changed from POST to MODIFIED
- % Done changed from 0 to 100
Applied in changeset ansible-pulp|1bb2d242b60eaa745b8e143039e6d36ef25ad1f1.
Added by Mike DePaulo over 4 years ago
Revision b52ca13c | View on GitHub
As an installer user, I can configure Pulp
to run with TLS enabled to install/renew using letsencrypt certificates
Added by Mike DePaulo over 4 years ago
Revision b52ca13c | View on GitHub
As an installer user, I can configure Pulp
to run with TLS enabled to install/renew using letsencrypt certificates
Updated by ttereshc about 4 years ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
.
As an installer user, I can configure Pulp
to run with TLS enabled to install/renew using letsencrypt certificates
fixes: #6846 https://pulp.plan.io/issues/6846