You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@openwhisk.apache.org by GitBox <gi...@apache.org> on 2019/03/10 17:18:28 UTC

[GitHub] [incubator-openwhisk] jambonrose opened a new issue #4330: Setting Custom Certificates in Nginx

jambonrose opened a new issue #4330: Setting Custom Certificates in Nginx
URL: https://github.com/apache/incubator-openwhisk/issues/4330
 
 
   Hi,
   
   We're using OpenWhisk on the IBM Cloud, and have really enjoyed how quickly we've been able to get code up & running. One of the central reasons we've been excited by OpenWhisk is because (unlike other options) OpenWhisk provides us the flexibility to test our functions in a local environment that closely mimics production.
   
   To that end, our current goal is to be able to reproducibly run functional tests in a local environment. Specifically: we have web functions in OpenWhisk, and we are looking to issue HTTP requests to test code functionality. 
   
   **System**: macOS 10.14 (Mojave)
   **Method**: [Kubernetes deploy via Docker for Desktop](https://github.com/apache/incubator-openwhisk-deploy-kube/blob/master/docs/k8s-docker-for-mac.md#using-kubernetes-in-docker-for-mac-for-openwhisk) on Mac
   **Docker for Desktop**: 2.0.0.3 (includes **Docker Engine 18.09.2** and **Kubernetes v1.10.11**)
   **Helm**: 2.13.0
   
   The local deploy provides a self-signed certificate for `*.localhost`, which causes warnings about being self-signed as well as hostname mismatches (`localhost` vs `*.localhost`). We're actively working around the problem when writing tests, which is unfortunate, as it means we've lost parity between development and production, which was one of our central reasons for using OpenWhisk.
   
   I would therefore like to be able to give Nginx custom certificates. I can see that there are a few PRs and issues related to the ability to setup custom certificates (notably #2105 and #4329). However, I've not been able to find any documentation about how to do so. I am not familiar with Kubernetes, and have only been using `wsk` since Thursday, so I'm not sure if I'm asking for a feature or else expanded documentation.
   
   For the record, I'm currently using the following command to generate certificates, and we have considered using [minica](https://github.com/jsha/minica).
   
   ```
   $ openssl req -x509 -out localhost.crt -keyout localhost.key \
   >   -newkey rsa:2048 -nodes -sha256 \
   >   -subj '/CN=localhost' -extensions EXT -config <( \
   >    printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
   ```
   
   While trying to help us on Slack, @csantanapr (thank you!) recommended I ping @dgrove-oss about this issue.
   
   Any help would be appreciated.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services