RFC: Zero-config DevURLs #2986
Comments
|
I don't think LetsEncrypt will work for this: https://letsencrypt.org/docs/rate-limits/ tl;dr they will rate limit us to 50 certs per week that end with |
|
@spikecurtis I think we could contact them and work out some agreement. There are probably other providers to consider as well. |
|
the tricky bit is that the person operating Coder needs a cert that is good for their dev URLs, unless we're MITM all their traffic and customers are ok with that (very unlikely!). And, in order for that work smoothly, we'd presumably have to be brokering those certs. So, we need some CA that's willing to accept via us either:
|
|
We will also need to centrally manage the deployment IDs to prevent customers from hijacking each other's traffic. |
|
@spikecurtis since Coder controls the backend, coderd can selectively send back our wildcard certificate via SNI. We could toss the private key into the database. This wouldn't work if there's HTTP middleware between the coderd and the user. But, this is just a feature to get started easily, so advanced setups can bring their own domain. Doing a wildcard cert per deployment seems simplest to me. If the ratelimit becomes the only thing standing between us and the feature, I will reach out to these ACME providers and try to work something out. |
The deployment ID can be derivative of the certificate key, eliminating hijack risk. |
Could you describe in a little more detail how this might work? If the deployment ID is a pure function of the private key, |
|
Yeah was just thinking about MVP. There could a key distinct from the TLS cert to authenticate a deployment with our DNS service. |
Yeah, that's more along the lines of what I'm thinking. The deployments authenticate with whatever service we're building to support this, and we keep track of the mapping. We'd want to support rotating that credential as well, but it'd be like passwords, you input your old password in order to set a new one. |
|
Or, "register for a free account on coder.com to use this feature." |
|
re. rate limiting: ZeroSSL does not rate limit but takes ~10-30 seconds longer to provision a URL. |
|
@spikecurtis creating an account would add back a step, which is kinda against the spirit of this feature. |
|
Closed for #3378 ... And also I think this is a waste of time right now. |
As a deployment admin, I don't want to setup a wildcard domain to get Coder working. Maybe I don't have ready access to a domain I can use, maybe I just don't want to sign into my DNS provider. Whatever it is, we want to cut as many steps from the deployment of Coder as possible.
I propose we offer a public wildcard DNS service for Coder deployments. The domain name could be structured as
<url_id>.<deployment_id>.coder.appand we'd have distinct records for each*.<deployment_id>.coder.app. A URL could look like:bluebunnysurprise.542342.coder.app.Now, Coder Dev just work out of the box.
Of course, we can let people bring their own wildcard domain as well.
Costs
Since we're just offering DNS and doing no proxying, our bandwidth costs and upper bound cost risk should be minimal.
Apps
coder_apps should flow through the wildcard DNS as well as Dev URLs. Right now, configuring an app's base path can be a frustrating experience. If we can leverage wildcard DNS and use the root path,coder_appconfiguration becomes far simpler. See #2610 and the docs here for evidence.TLS
We can use LetsEncrypt to provision a certificate for each wildcard name.
The text was updated successfully, but these errors were encountered: