Add how-to guide for HAProxy to use self-signed certificates to serve requests#589
Add how-to guide for HAProxy to use self-signed certificates to serve requests#589weiiwang01 wants to merge 7 commits into
Conversation
erinecon
left a comment
There was a problem hiding this comment.
Thank you so much for writing this how-to guide!
| juju deploy pollen --channel=latest/edge | ||
| juju integrate haproxy:haproxy-route pollen |
There was a problem hiding this comment.
Why is pollen being deployed here?
There was a problem hiding this comment.
We need a backend application to trigger the haproxy charm to request a certification. Pollen is used for that backend application, similar to the haproxy tutorial.
There was a problem hiding this comment.
Ah okay, so if I'm understanding correctly, in practice the user would have their own backend app that requires a certificate, and we're using Pollen as an example/stand-in?
Co-authored-by: Erin Conley <erin.conley@canonical.com>
erinecon
left a comment
There was a problem hiding this comment.
Thanks for incorporating the first round of feedback! The content looks good overall, just a few more nits to clarify the role that the Pollen charm plays in the guide.
| juju deploy pollen --channel=latest/edge | ||
| juju integrate haproxy:haproxy-route pollen |
There was a problem hiding this comment.
Ah okay, so if I'm understanding correctly, in practice the user would have their own backend app that requires a certificate, and we're using Pollen as an example/stand-in?
| To use the self-signed-certificates charm with the HAProxy charm, simply deploy | ||
| the self-signed-certificates charm and integrate it with the HAProxy charm using | ||
| the `certificates` relation. |
There was a problem hiding this comment.
If I'm understanding the role Pollen is playing here, then I think we should highlight that explicitly, maybe something like:
| To use the self-signed-certificates charm with the HAProxy charm, simply deploy | |
| the self-signed-certificates charm and integrate it with the HAProxy charm using | |
| the `certificates` relation. | |
| To use the self-signed-certificates charm with the HAProxy charm, simply deploy | |
| the self-signed-certificates charm and integrate it with the HAProxy charm using | |
| the `certificates` relation. This guide uses the Pollen charm as the backend application | |
| requiring a certificate. |
| manual-tls-certificates charm and integrate it with the HAProxy charm using | ||
| the `certificates` relation. |
There was a problem hiding this comment.
If I'm understanding the role Pollen is playing here, I think we should explicitly state the role in text, maybe something like:
| manual-tls-certificates charm and integrate it with the HAProxy charm using | |
| the `certificates` relation. | |
| manual-tls-certificates charm and integrate it with the HAProxy charm using | |
| the `certificates` relation. This guide uses the Pollen charm as the backend application | |
| requiring a certificate. |
What this PR does
Adds a new how-to guide with two ways to serve HTTPS using self-signed certificates in
haproxy.Why we need it
Checklist
docs/changelog.mdwith user-relevant changesdocs/release-notes/artifacts. If no change artifact is necessary, I tagged the PR with the labelno-release-note.(e.g., in
.github/workflows/integration_tests.yaml, ensure themoduleslist is correct)terraform fmtpasses andtflintreports no errors