Page MenuHomePhabricator

Determine TLS termination
Closed, DuplicatePublic

Description

Dropping the horizon web proxies and going for @GTirloni proposed nginx balancing means PAWS has to handle its own TLS termination and certificate handling.

There are a couple of choices, this task is to figure out how to configure them and determine if we will keep PAWS (zero-to-jupyterhub-k8s 0.8.0) choices or deviate from them.

At the very least we will need TLS termination up to the proxy pod and to the deploy-hook pod.

Event Timeline

One short term option could be to continue to use the shared Cloud VPS proxy for TLS termination. We can add a custom vhost in the existing nginx config or we can double proxy by putting the needed nginx config on another VM and pointing the standard proxy at that instance.

Longer term we will need to figure out a similar set of questions for the Toolforge cluster which I think should allow us to find a shared solution at least as far as TLS termination goes.