docs: add self signed certs guide#16182
Merged
GavinFrazar merged 47 commits intomasterfrom Oct 11, 2022
Merged
Conversation
github-actions
Bot
requested review from
alexfornuto,
r0mant,
sagesyr,
xinding33 and
zmb3
Contributor
Author
|
I also moved the info on how to setup certs into an include file and included that in the self-signed certs guide |
ptgott
reviewed
Sep 13, 2022
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
certs -> certificates proxy -> Proxy Service
ryanclark
reviewed
Oct 4, 2022
Comment on lines
+105
to
+107
| - The Teleport config file `auth_servers` setting is set to the Proxy Service endpoint: | ||
| - `auth_servers: ["tele.example.com:443"]` or | ||
| - `auth_servers: ["tele.example.com:3080"]` |
Member
There was a problem hiding this comment.
We recently added config v3 which has either auth_server or proxy_server (#15761)
teleport/docs/pages/reference/config.mdx
Lines 142 to 158 in bd0ae38
Can you update this to match please?
Note, we didn't backport this, so when backporting for v10 you should still mention auth_servers.
Contributor
Author
There was a problem hiding this comment.
Sure. On that note, are we planning to update the teleport start cli to have separate --proxy-server and --auth-server?
Contributor
|
I disabled auto-merge and reassigned back to @GavinFrazar to address the latest review. |
ryanclark
reviewed
Oct 5, 2022
Member
|
@GavinFrazar did you mean to assign this PR to me? |
Contributor
Author
I reassigned after addressing your feedback, since I've seen that a few times in other PRs I thought maybe it was just the norm lol. |
Contributor
Author
|
@ryanclark just waiting on your approval, was there something else you wanted addressed still? |
ryanclark
approved these changes
Oct 11, 2022
github-actions
Bot
removed request for
alexfornuto,
r0mant,
sagesyr,
xinding33 and
zmb3
Contributor
|
@GavinFrazar See the table below for backport results.
|
GavinFrazar
added a commit
that referenced
this pull request
Oct 11, 2022
* Add slug for self signed certs * Add self-signed certs guide * Move tls cert setup into an include snippet * Update tsh section on self signed certs * Fix indentation * Remove extra slash before heading * Update docs/config.json Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update docs/pages/management/admin.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update docs/pages/includes/tls-certificate-setup.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update docs/pages/management/admin/self-signed-certs.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update docs/pages/management/admin/self-signed-certs.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update docs/pages/management/admin/self-signed-certs.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update docs/pages/management/admin/self-signed-certs.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Fix formatting of github suggestion commit * Change link title to avoid abbreviation * Update intro to explain the purpose of the guide and why anyone would want it * Make 'proxy' and 'certs' consistent throughout the guide: certs -> certificates proxy -> Proxy Service * Move motivation for guide out of warning and into intro * Simplify the warning notice * Change headings * Capitalize helm and simplify label * Update Helm info to include inline instructions * Simplify systemd label * Update systemd tab * Update slug certs -> certificates * Fix include snippet yaml example * Change prereqs to omit cloud tab and instruct user to check for self-signed certs config * Update docs/pages/management/admin/self-signed-certs.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update docs/pages/management/admin/self-signed-certs.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update docs/pages/management/admin/self-signed-certs.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Apply suggestions from code review Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update docs/pages/management/admin/self-signed-certs.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Get specific about problem caused by insecure TLS * Remove 'how to setup tls certs' section in favor of a link at the bottom * Add examples for tsh and tctl, and clean up tctl wording * Remove link to systemd guide * Add more detail to systemd instructions * Change wording around instructions for teleport * Rearrange links * Remove reference to deleted acme.mdx * Remove v2 config reference to auth_servers * Remove list syntax for proxy_server Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
GavinFrazar
added a commit
that referenced
this pull request
Oct 11, 2022
* docs: add self signed certs guide (#16182) * Add slug for self signed certs * Add self-signed certs guide * Move tls cert setup into an include snippet * Update tsh section on self signed certs * Fix indentation * Remove extra slash before heading * Update docs/config.json Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update docs/pages/management/admin.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update docs/pages/includes/tls-certificate-setup.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update docs/pages/management/admin/self-signed-certs.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update docs/pages/management/admin/self-signed-certs.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update docs/pages/management/admin/self-signed-certs.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update docs/pages/management/admin/self-signed-certs.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Fix formatting of github suggestion commit * Change link title to avoid abbreviation * Update intro to explain the purpose of the guide and why anyone would want it * Make 'proxy' and 'certs' consistent throughout the guide: certs -> certificates proxy -> Proxy Service * Move motivation for guide out of warning and into intro * Simplify the warning notice * Change headings * Capitalize helm and simplify label * Update Helm info to include inline instructions * Simplify systemd label * Update systemd tab * Update slug certs -> certificates * Fix include snippet yaml example * Change prereqs to omit cloud tab and instruct user to check for self-signed certs config * Update docs/pages/management/admin/self-signed-certs.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update docs/pages/management/admin/self-signed-certs.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update docs/pages/management/admin/self-signed-certs.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Apply suggestions from code review Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Update docs/pages/management/admin/self-signed-certs.mdx Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Get specific about problem caused by insecure TLS * Remove 'how to setup tls certs' section in favor of a link at the bottom * Add examples for tsh and tctl, and clean up tctl wording * Remove link to systemd guide * Add more detail to systemd instructions * Change wording around instructions for teleport * Rearrange links * Remove reference to deleted acme.mdx * Remove v2 config reference to auth_servers * Remove list syntax for proxy_server Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com> * Delete orphaned include Co-authored-by: Paul Gottschling <paul.gottschling@goteleport.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #13781
This PR adds a guide for using self-signed certs with Teleport. It includes a prominent warning about why you should never use self-signed certs in production, and info about how to use
teleport,tctl, andtshwith a proxy that uses self-signed certs.For using
teleportI included info about passing--insecurefor helm and for systemd daemon.The PR also consolidates copies of the same snippet regarding TLS certificate setup into a single include file:
tls-certificate-setup.mdx