Comments (14)
Hi, thank you very much for your contribution!
The original implementation of this actually used dynamically-generated, per-site ENV variables. However, I concluded that using variable names to indicate sites is a bad idea.
IMO, you should use ENV variables for really simple configurations. If you want to do more than that, perhaps providing your own Nginx config files is a better solution.
However, I'm glad to see the security improvements. Probably we can work together to integrate them into the default config?
from https-portal.
Ok, what are the reasons why are per-site ENV variables bad idea?
Providing per-site nginx config files could possibly lead to inconsistent configuration, as the rules must be edited manually when global change is required. Include files could solve some of this problem, but I am not yet sure of it.
I would be happy to assist with security improvements.
from https-portal.
Because ENV variables are supposed to have fixed keys, and use different values to indicate configurations.
I know having a variable per site would work, but it's against the convention of how people use ENV variables. So I decided not to break the convention.
As per-site nginx config file, the user can override default.conf.erb
to have his own default config.
from https-portal.
Maybe the user could add sites.yml
with per site configuration?
from https-portal.
Is it really necessary given that you can override the per-site Nginx config?
from https-portal.
If it is simple option, configuration file is better. Per-site nginx config could become outdated and out of sync of general config. This could introduce security vulnerabilities which would be patched in general config, but not in site specific config. This would have to be maintained manually by user.
from https-portal.
And configuration file is simplier to setup than whole per site nginx configuration file.
from https-portal.
I don't think so.
An additional YML configuration file is short in length, yes. But in order to write that file, you need to learn what configuration options are. It wouldn't be quicker than simply modifying the default nginx config. And nginx config options can be found anywhere on the Internet.
Besides, if a user comes to the point where he needs to changed the default config, in most cases he knows what he is doing and he should not be limited by the coverage of yml config file.
from https-portal.
I gave it a second though. It might be good to implement some YAML-based config interface, for everything.
It could possibly look like this:
global:
some_config: true
sites:
- domain: example.com
upstream: wordpress
options:
some_config: true
I'm still a bit reluctant of driving this project too far though. I will explore the possibility of doing so in the week, as well as integrating your security updates, upgrade documentation to compose file v2 format, allow ESCDA certificates, etc.
No promise though. I might feel this YAML config thing is too big.
from https-portal.
As I think about it, YAML config could get too much complex. Maybe it could be implemented in another image based on this one.
from https-portal.
do you think its possible add an discover mode by etcd or other storage?
because my domains are stored in etcd? currently i use hipache
from https-portal.
@boonkerz
Probably I wouldn't have time for this personally.
from https-portal.
@boonkerz
HTTPS-PORTAL is meant to make setting up a typical website easy, therefore it is opinionated and provides a pretty usable default configuration without the need of too much configuration.
If your setup is complex, you probably don't want to be limited by HTTPS-PORTAL.
from https-portal.
It turned out that I haven't got enough time to do this. Closing it now.
from https-portal.
Related Issues (20)
- Trim whitespace in ERB templates
- app runs on port 3000
- Local certs / BYO Certs ? HOT 1
- links is not needed in docker-compose.yml HOT 2
- Host + Path Redirect HOT 1
- IP Country Block HOT 3
- Problems with setting read_only:true
- Mixed content error HOT 1
- Help required: "Error getting validation data" error although DNS is pointing to host HOT 1
- [error] 332#332: *26135 Upstream sent too big header while reading response header from upstream HOT 1
- Problem enabling basic auth. permission issue in default config? HOT 7
- feature request: multi-line domain environment variable HOT 3
- Failed to sign <domain>, Error creating new order HOT 1
- Nginx.conf setting HOT 1
- bringing docker-compose up-to-date loads wrong certificate for updated containers under some circumstances HOT 3
- How to configure HTTPS and WSS proxy to an external address in the same port? HOT 1
- StreamingHttpResponse Not work over https HOT 2
- Overrides POST method requests
- Update nginx version? HOT 4
- Usage of web server without LetsEncrypt certificate HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from https-portal.