Add PDS_MANUAL_CERTS env set #3091
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…_CERTS comma-separated list.
|
What? This makes no sense. Just add your sites to the caddy config and it will get certs. |
Can you offer an example? Adding sites to the caddy config was not enough for me, as there is a check in the index.js file that excludes subdomains that do not have PDS accounts associated with them. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
NOTE: Second PR on the PDS side to leverage this can be found here: bluesky-social/pds#155
Rationale
PDS administrators may want to leverage caddy for on-demand TLS rather than hack around with nginx or another server.
Approach
With the introduction of a PDS_MANUAL_CERTS env property, PDS administrators can add a comma-separated list of subdomains (e.g., j.manes.xyz, portfolio.manes.xyz, work.manes.xyz).
Example
I own https://manes.xyz. My handle is james.manes.xyz. I used this domain in the past for a personal landing page at https://j.manes.xyz. I want a cert to exist for j.manes.xyz so that I can properly redirect it or proxy-pass it in the caddy config file without having to replace caddy with nginx or apache.