Compress ACME certificates in KV stores. #2814
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nmengin
added
status/2-needs-review
area/cluster
area/provider/kv
kind/bug/fix
emilevauge
requested changes
Feb 7, 2018
docs/configuration/acme.md
Outdated
| @@ -165,9 +165,26 @@ storage = "acme.json" | |||
| # ... | |||
| ``` | |||
|
|
|||
| File or key used for certificates storage. | |||
| `storage` allows providing to Træfik an item where storing all the ACME certificates. | |||
There was a problem hiding this comment.
I would say instead: sets where are stored your ACME certificates
docs/configuration/acme.md
Outdated
| - a JSON file, | ||
| - a KV store entry. | ||
|
|
||
| !!! note |
There was a problem hiding this comment.
You may use !!! danger "DEPRECATED" instead as in the rest of the documentation for deprecated features.
docs/configuration/acme.md
Outdated
| @@ -186,13 +202,26 @@ docker run -v "/my/host/acme:/etc/traefik/acme" traefik | |||
| ``` | |||
|
|
|||
| !!! note | |||
| `storage` replaces `storageFile` which is deprecated. | |||
| This file cannot be shared per many instances of Træfik at the same time. | |||
| If you have to use Træfik cluster mode, please use [a KV store entry](/configuration/acme/#storage-kv-entry). | |||
There was a problem hiding this comment.
Again, I would use !!! danger here, instead of !!! note
docs/configuration/acme.md
Outdated
| ``` | ||
|
|
||
| **This kind of storage is mandatory in cluster mode.** | ||
| Thanks to the Træfik cluster mode algorithm (based on [the Raft Consensus Algorithm](https://raft.github.io/)), only one instance will contact Let's encrypt to resolve the challenges. |
docs/configuration/acme.md
Outdated
| Because KV stores (like Consul) have limited entries size, the certificates list is compressed before to be set in a KV store entry. | ||
|
|
||
| !!! note | ||
| It's possible to store up to 120 ACME certificates in Consul. |
nmengin
force-pushed
the
feature/compress-acme-cert-kv
branch
from
c516b7f
to
9de433f
Compare
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Today, ACME certificates are Base64 encoded by Træfik before to be stored into a KV store entry.
The Base64 encoding is fat and size in KV store entries can be limited (like in Consul) : it's not possible to store more than 20-30 certificates in Consul.
This PR replaces the Base64 encoding by a gzip compression.
Motivation
Fixes #1325
More
Additional Notes
Thanks to data compression, Træfik can store up to 100 ACME certificates in Consul.