Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add HTTPS listen address flag #3123

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
deansheather opened this issue Jul 22, 2022 · 11 comments · Fixed by #5365
Closed

Add HTTPS listen address flag #3123

deansheather opened this issue Jul 22, 2022 · 11 comments · Fixed by #5365
Labels
api Area: HTTP API

Comments

@deansheather
Copy link
Member

Right now we have the --address flag which sets the listen address for Coder. I propose we add a new flag --https-address (CODER_HTTPS_ADDRESS) and change the behavior of coderd to the following:

If neither flag is set or ONLY --address is set, and TLS certs ARE NOT specified:

  • Listen on HTTP at --address (or default)

If neither flag is set or ONLY --address is set, and TLS certs are specified:

  • Listen on HTTPS only at --address (or default)

If --https-address is set and --address is NOT:

  • Require that TLS certs are set or fatally exit
  • Listen on HTTPS only at --https-address

If BOTH --https-address and --address are set:

  • Require that TLS certs are set or fatally exit
  • Listen on HTTPS at --https-address
  • Listen on HTTP at --address

I believe this be backwards compatible by keeping the same behavior around --address on it's own, while only introducing the new behavior when --https-address is specified.
@deansheather deansheather self-assigned this Jul 22, 2022
@deansheather deansheather mentioned this issue Jul 22, 2022
Merged
2 tasks
@kylecarbs
Copy link
Member

What's the motivation for having both? It'd be nicer to have one, but if customers need both we'll obvs do it.

@deansheather
Copy link
Member Author

Well, if we don't support having two listen addresses then coder won't be very useful unless it's behind a reverse proxy that can serve both HTTP and HTTPS or redirect from HTTP to HTTPS. And at that point, there's no point using coder's in built HTTPS support because you could just do it from your reverse proxy...

@deansheather
Copy link
Member Author

After we add this flag I'd like to add a flag to redirect from HTTP to HTTPS, which means coder could be used entirely without a reverse proxy and behave sensibly.

@ketang
Copy link
Contributor

ketang commented Jul 22, 2022

Is there a situation where a customer would want to serve Coder on both unencrypted HTTP and encrypted HTTPS? I think if the latter is present, they should always redirect HTTP to HTTPS.

@deansheather
Copy link
Member Author

That makes sense @ketang but at the moment since coder can only listen on one or the other users are forced to do this with a reverse proxy, which makes the TLS options in coder useless since they'll be doing TLS termination at the reverse proxy. I don't mind changing this issue so if we listen on both we always do a HTTPS redirect from HTTP.

@deansheather deansheather added needs decision Needs a higher-level decision to be unblocked. api Area: HTTP API labels Jul 22, 2022
@ketang
Copy link
Contributor

ketang commented Jul 31, 2022

Why can Coder only listen on one?

@deansheather
Copy link
Member Author

Coder only listens on one right now since we only have one listen address flag. If you don't specify TLS certs then it's a HTTP server, otherwise it's a HTTPS server.

@kylecarbs kylecarbs changed the title feat: HTTPS listen address flag Add HTTPS listen address flag Aug 24, 2022
@jsjoeio jsjoeio mentioned this issue Aug 24, 2022
Closed
@jsjoeio
Copy link
Contributor

jsjoeio commented Sep 7, 2022

Sounds like we're experiencing this with dev.coder.com - it doesn't automatically add HTTPS or redirect and therefore I see a broken page.
18708

@kylecarbs kylecarbs removed the needs decision Needs a higher-level decision to be unblocked. label Sep 23, 2022
@kylecarbs
Copy link
Member

I removed the needs decision label because I think this would be beneficial. It just makes setup a bit simpler.

@jsjoeio
Copy link
Contributor

jsjoeio commented Sep 29, 2022
edited
Loading

This is something I would like to help with! From a user perspective, I would prefer only having to set one option and it should automatically redirect HTTP -> HTTPS for us.

I don't know what implementation details look like but I think it could even be worth a breaking change for long-term UX improvements.

I'd like to work on this but I think we need to align on direction and implementation. Would love to hear thoughts.

@github-actions
Copy link

This issue is becoming stale. In order to keep the tracker readable and actionable, I'm going close to this issue in 7 days if there isn't more activity.

@github-actions github-actions bot added the stale This issue is like stale bread. label Nov 29, 2022
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Dec 7, 2022
@deansheather deansheather reopened this Dec 8, 2022
@github-actions github-actions bot removed the stale This issue is like stale bread. label Dec 9, 2022
@deansheather deansheather mentioned this issue Dec 9, 2022
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api Area: HTTP API
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: allow http and https listening simultaneously coder/coder
4 participants
@ketang @jsjoeio @kylecarbs @deansheather