Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added HTTPS support via a new HTTPS Port configuration option #478

Merged
merged 3 commits into from
Nov 19, 2014

Conversation

amalaviy
Copy link
Contributor

Similar to the HTTP Port, defaults to disabled.

var err error
var servers []*HTTPServer

if config.Ports.HTTPS > 0 {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might make tests easier if this test was for >= 0. That way we can just bind to port 0 for tests to get a vacant port.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left this logic the way it was for just the HTTP case before. Also, using 0 will mean that the underlying OS will use the next available dynamic port which is not what we want since HTTP/HTTPS need to be on known ports for clients to communicate with them and so it would be better not to get into that situation by keeping the test > 0 like it was already for HTTP.

@ryanuber
Copy link
Member

@amalaviy This is looking good. I've left a few minor comments above. Other than that, if we can get some tests and comment all the methods in here, we will be in good shape!

@amalaviy
Copy link
Contributor Author

Sounds good, let me go through the comments and will update tomorrow.

On Nov 17, 2014 6:08 PM, Ryan Uber notifications@github.com wrote:

@amalaviyhttps://github.com/amalaviy This is looking good. I've left a few minor comments above. Other than that, if we can get some tests and comment all the methods in here, we will be in good shape!


Reply to this email directly or view it on GitHubhttps://github.com//pull/478#issuecomment-63394055.

@armon
Copy link
Member

armon commented Nov 18, 2014

Quick thoughts:

  • Lets make a new tls package and move the commonality there
  • Leave port 0 as invalid (prevents unexpected binding to strange port)

@@ -93,7 +94,16 @@ func NewClient(config *Config) (*Client, error) {
// Create the tlsConfig
var tlsConfig *tls.Config
var err error
if tlsConfig, err = config.OutgoingTLSConfig(); err != nil {
tlsConf := &tlsutil.Config{
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a helper to consul.Config() to generate the tlsutil.Config{} struct? This way we can avoid repetition of this setup. We can also do config.tlsConfig().OutgoingTLSConfig() this way by chaining

…cond keepalive, use keepalive for HTTP and HTTPS
@armon
Copy link
Member

armon commented Nov 19, 2014

LGTM! Thanks!

armon added a commit that referenced this pull request Nov 19, 2014
Added HTTPS support via a new HTTPS Port configuration option
@armon armon merged commit 6be29e1 into hashicorp:master Nov 19, 2014
@amalaviy amalaviy deleted the https branch November 20, 2014 13:45
duckhan pushed a commit to duckhan/consul that referenced this pull request Oct 24, 2021
Removes default service name annotation

Previously, this was always added to connect-injected pods. With Tproxy, the Consul service name will be determined by the Kubernetes service name and the annotation can optionally override that.

All of the checks for whether service account name doesn't match the Consul service name have been moved to the connect-init command so users will see the error if appropriate during Pod startup, since that's where we can get Consul service name information.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants