Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature] https out of the box? #323

Closed
uandco opened this issue Jun 22, 2021 · 10 comments · Fixed by #324
Closed

[feature] https out of the box? #323

uandco opened this issue Jun 22, 2021 · 10 comments · Fixed by #324
Labels
enhancement New feature or request

Comments

@uandco
Copy link

uandco commented Jun 22, 2021

Hi,

Pygmy proxies https requests out of the box. It seems like pygmy-go doesn't, unless I missed something?

Thanks
@uandco uandco added the enhancement New feature or request label Jun 22, 2021
@fubarhouse
Copy link
Collaborator

I'll open up port 443 by default to haproxy.
Seeing as the port is open on the original pygmy - even with virtually no support, it's not a big ask.

I would be interested in how you use https with pygmy - if you were prepared to share.
In the meantime I'll organise this.

@uandco
Copy link
Author

uandco commented Jun 22, 2021
edited
Loading

Well, I've been directed here by the amazee team when I asked about how to get pygmy to set an extra subjectAltName field in the self signed certificate you get when using https, so you can trust it on the system and Chrome doesn't complain about it still missing subjectAltName, and you have to re-enable the exception every few days (after each Chrome update?).

So, if the haproxy version pygmy-go uses doesn't do that yet, that would be a great addition too!

@fubarhouse
Copy link
Collaborator

The containers are like for like - so it wouldn't support anything new. There's a lot of interesting things that the haproxy container could be doing and I get the feeling it will be updated in the future. I've been rather curious about this mechanism myself so I might go back down the rabbit hole.

I'm just getting the tests to pass again and I should be good to submit a PR. Could probably swing a release as well...

@fubarhouse fubarhouse mentioned this issue Jun 22, 2021
Merged
@uandco
Copy link
Author

uandco commented Jun 22, 2021
edited
Loading

Thanks! re subjectAltName, it turns out the cert is not generated on the fly like I thought, but stored in the amazee haproxy image:
https://github.com/amazeeio/docker-haproxy/blob/master/server.pem

So, to get that extra field and make it Chrome friendly, I guess the image should be updated.

@fubarhouse
Copy link
Collaborator

I guess the image should be updated.

There's so much awesome that can come from updates and changes to that image, but because this project is made to replicate pygmy like for like - despite the infinite amount of complexity you can add onto it, official support needs to come from upstream (amazee). I'm guessing there will need to be new logic for architectural differences as the Apple M1 architecture has complicated possible support. This tool is designed for universal support - and having such differences can complicate things.

All of that said, you can however provide your own custom image to use instead of amazeeio/haproxy, you could load up the changes and just make use of that image with minimal effort. I could write something up quickly if that sounds more appealing to you.

@fubarhouse
Copy link
Collaborator

Release v0.7.0 is now out, I hope it helps you somewhat 👍

@uandco
Copy link
Author

uandco commented Jun 22, 2021

Using a custom image would be the last resort, but I appreciate the offer to add the option to specify such an image.
I'll check with Amazee, I don't see the addition of this cert field as a deal breaker, more keeping it up to date with standards, which seems to be arround since 2003 ;-) https://www.digicert.com/faq/subject-alternative-name-compatibility.htm

@fubarhouse
Copy link
Collaborator

Everything that pygmy-go runs is all in configuration, it passes Docker-native API objects directly to Docker's API.
So, changing the image is literally baked into the support here - it's just changing the configuration is probably not what most people want to do. It's one of the founding reasons I made this project - I wanted it to be customisable.

Happy you're using it!

If you are curious, I wrote a whole heap of documentation that never got finished that is all still relevant:
https://github.com/fubarhouse/pygmy-go/blob/issue/203/docs/customisation/examples_simple.md#image-replacement

@uandco
Copy link
Author

uandco commented Jun 22, 2021
edited
Loading

Thanks for releasing v0.7.0!
I just had a go and https now works!

I'm getting some weird stdout when launching it tho:

Successfully started amazeeio-dnsmasq
Successfully started amazeeio-haproxy
Successfully started amazeeio-mailhog
Successfully started amazeeio-ssh-agent
Successfully connected amazeeio-haproxy to amazeeio-network
Successfully connected amazeeio-mailhog to amazeeio-network
Successfully connected amazeeio-ssh-agent to amazeeio-network
exit status 1
exit status 1
/bin/sh -c cat /etc/resolver/
exit status 1
`Identity added: /Users/xxxx/.ssh/id_rsa (xxxx@xxxxx)
 ! http://docker.amazee.io/stats (amazeeio-haproxy)

@fubarhouse
Copy link
Collaborator

Glad it works! :)

I'll have to have a think about this one... it appears too much of the ssh-add logs are coming through.
I'll open a new ticket and work on that tomorrow night.

@fubarhouse fubarhouse mentioned this issue Jun 22, 2021
Closed
@fubarhouse fubarhouse mentioned this issue Jul 27, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#323: Open haproxy to port 443 by default pygmystack/pygmy
2 participants
@fubarhouse @uandco