vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #1986 from coreos-inc/external-tls

Browse source 
Add option to properly handle external TLS
This commit is contained in:
josephschorr 2016-10-15 16:05:28 -04:00 committed by GitHub
commit 78f87d96bc
3 changed files with 59 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

38
static/directives/config/config-setup-tool.html
View file

@ -110,24 +110,30 @@
</td>
</tr>
<tr>
<td>SSL:</td>
<td>TLS:</td>
<td>
<label class="config-bool-field-element">
<input type="checkbox" ng-model="config.PREFERRED_URL_SCHEME"
ng-true-value="'https'" ng-false-value="'http'">
Enable SSL
</label>
<select class="form-control" ng-model="mapped.TLS_SETTING">
<option value="internal-tls">Quay Enterprise handles TLS</option>
<option value="external-tls">My own load balancer handles TLS (Not Recommended)</option>
<option value="none">None (Not For Production)</option>
</select>
<div class="help-text" style="margin-bottom: 10px">
A valid SSL certificate and private key files are required to use this option.
<div class="co-alert co-alert-danger" ng-if="mapped.TLS_SETTING == 'none'" style="margin-bottom: 20px">
Running without TLS should not be used for production workloads!
</div>
<div class="co-alert co-alert-info" ng-if="config.PREFERRED_URL_SCHEME == 'https'" style="margin-bottom: 20px">
Enabling SSL also enables <a href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security">HTTP Strict Transport Security</a>.<br/>
<div class="co-alert co-alert-warning" ng-if="mapped.TLS_SETTING == 'external-tls'" style="margin-bottom: 20px">
Terminating TLS outside of Quay Enterprise can result in unusual behavior if the external load balancer is not
configured properly. <strong>This option is not recommended for simple setups</strong>. Please contact support
if you encounter problems while using this option.
</div>
<div class="co-alert co-alert-info" ng-if="mapped.TLS_SETTING == 'internal-tls'" style="margin-bottom: 20px">
Enabling TLS also enables <a href="https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security">HTTP Strict Transport Security</a>.<br/>
This prevents downgrade attacks and cookie theft, but browsers will reject all future insecure connections on this hostname.
</div>
<table class="config-table" ng-if="config.PREFERRED_URL_SCHEME == 'https'">
<table class="config-table" ng-if="mapped.TLS_SETTING == 'internal-tls'">
<tr>
<td class="non-input">Certificate:</td>
<td>
@ -272,7 +278,7 @@
{{ field.placeholder }}
</span>
<div ng-if="field.kind == 'option'">
<select ng-model="sc.data[1][field.name]">
<select class="form-control" ng-model="sc.data[1][field.name]">
<option ng-repeat="value in field.values" value="{{ value }}"
ng-selected="sc.data[1][field.name] == value">{{ value }}</option>
</select>
@ -495,7 +501,7 @@
<tr>
<td class="non-input">Authentication:</td>
<td>
<select ng-model="config.AUTHENTICATION_TYPE">
<select class="form-control" ng-model="config.AUTHENTICATION_TYPE">
<option value="Database">Local Database</option>
<option value="LDAP">LDAP</option>
<option value="Keystone">Keystone (OpenStack Identity)</option>
@ -739,7 +745,7 @@
<tr>
<td>GitHub:</td>
<td>
<select ng-model="mapped.GITHUB_LOGIN_KIND">
<select class="form-control" ng-model="mapped.GITHUB_LOGIN_KIND">
<option value="hosted">GitHub.com</option>
<option value="enterprise">GitHub Enterprise</option>
</select>
@ -887,7 +893,7 @@
<tr>
<td>GitHub:</td>
<td>
<select ng-model="mapped.GITHUB_TRIGGER_KIND">
<select class="form-control" ng-model="mapped.GITHUB_TRIGGER_KIND">
<option value="hosted">GitHub.com</option>
<option value="enterprise">GitHub Enterprise</option>
</select>
@ -997,7 +1003,7 @@
<tr>
<td>GitLab:</td>
<td>
<select ng-model="mapped.GITLAB_TRIGGER_KIND">
<select class="form-control" ng-model="mapped.GITLAB_TRIGGER_KIND">
<option value="hosted">GitLab.com</option>
<option value="enterprise">GitLab CE/EE</option>
</select>