Skip to content

Add how-to guide for HAProxy to use self-signed certificates to serve requests#589

Open
weiiwang01 wants to merge 7 commits into
mainfrom
docs/certificates
Open

Add how-to guide for HAProxy to use self-signed certificates to serve requests#589
weiiwang01 wants to merge 7 commits into
mainfrom
docs/certificates

Conversation

@weiiwang01

Copy link
Copy Markdown
Contributor

What this PR does

Adds a new how-to guide with two ways to serve HTTPS using self-signed certificates in haproxy.

Why we need it

Checklist

  • I followed the contributing guide
  • I added or updated the documentation (if applicable)
  • I updated docs/changelog.md with user-relevant changes
  • I added a change artifact for user-relevant changes in docs/release-notes/artifacts. If no change artifact is necessary, I tagged the PR with the label no-release-note.
  • I used AI to assist with preparing this PR
  • I added or updated tests as needed (unit and integration)
  • If integration test modules are used: I updated the workflow configuration
    (e.g., in .github/workflows/integration_tests.yaml, ensure the modules list is correct)
  • If this PR involves a Grafana dashboard: I added a screenshot of the dashboard
  • If this PR involves Terraform: terraform fmt passes and tflint reports no errors

@erinecon erinecon left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you so much for writing this how-to guide!

Comment thread docs/how-to/use-self-signed-certificates.md Outdated
Comment thread docs/how-to/use-self-signed-certificates.md Outdated
Comment thread docs/how-to/use-self-signed-certificates.md
Comment thread docs/how-to/use-self-signed-certificates.md Outdated
Comment on lines +24 to +25
juju deploy pollen --channel=latest/edge
juju integrate haproxy:haproxy-route pollen

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is pollen being deployed here?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need a backend application to trigger the haproxy charm to request a certification. Pollen is used for that backend application, similar to the haproxy tutorial.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah okay, so if I'm understanding correctly, in practice the user would have their own backend app that requires a certificate, and we're using Pollen as an example/stand-in?

Comment thread docs/how-to/use-self-signed-certificates.md Outdated
Comment thread docs/how-to/use-self-signed-certificates.md Outdated
Comment thread docs/how-to/use-self-signed-certificates.md Outdated
Comment thread docs/how-to/use-self-signed-certificates.md Outdated
Comment thread docs/how-to/use-self-signed-certificates.md Outdated
Co-authored-by: Erin Conley <erin.conley@canonical.com>

@erinecon erinecon left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for incorporating the first round of feedback! The content looks good overall, just a few more nits to clarify the role that the Pollen charm plays in the guide.

Comment thread docs/how-to/use-self-signed-certificates.md
Comment on lines +24 to +25
juju deploy pollen --channel=latest/edge
juju integrate haproxy:haproxy-route pollen

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah okay, so if I'm understanding correctly, in practice the user would have their own backend app that requires a certificate, and we're using Pollen as an example/stand-in?

Comment on lines +18 to +20
To use the self-signed-certificates charm with the HAProxy charm, simply deploy
the self-signed-certificates charm and integrate it with the HAProxy charm using
the `certificates` relation.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I'm understanding the role Pollen is playing here, then I think we should highlight that explicitly, maybe something like:

Suggested change
To use the self-signed-certificates charm with the HAProxy charm, simply deploy
the self-signed-certificates charm and integrate it with the HAProxy charm using
the `certificates` relation.
To use the self-signed-certificates charm with the HAProxy charm, simply deploy
the self-signed-certificates charm and integrate it with the HAProxy charm using
the `certificates` relation. This guide uses the Pollen charm as the backend application
requiring a certificate.

Comment on lines +55 to +56
manual-tls-certificates charm and integrate it with the HAProxy charm using
the `certificates` relation.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I'm understanding the role Pollen is playing here, I think we should explicitly state the role in text, maybe something like:

Suggested change
manual-tls-certificates charm and integrate it with the HAProxy charm using
the `certificates` relation.
manual-tls-certificates charm and integrate it with the HAProxy charm using
the `certificates` relation. This guide uses the Pollen charm as the backend application
requiring a certificate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Libraries: Out of sync no-release-note This PR does not require a change artifact

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants