Comments (8)
Thanks for the suggestions! Here's my 2c on this and I'd be very interested what others are thinking:
Regarding allowing registrations without e-mails by default: I think that it's a bad idea to default to a choice that might cause the user problems down the road (no notifications from the CA if certificates are about to expire or other problems happen). Since the dokku letsencrypt <app>
command gives an error message that will tell the user how to set an e-mail address, I don't feel like the additional step overly complicates on-boarding.
One idea would be to have a way to set a server-global Let's Encrypt e-mail address that will be defaulted to if there is no e-mail set for the app. This will reduce the amount of work for new apps by one command.
Regarding a simplification of configuration: There will be even more configuration options necessary to implement automatic renewal (#18) (such as the amount of time left on the certificate before renewal should happen). Consequently, I'm expecting the API to grow even more and it's definitely time to talk about simplifying things.
I'm currently working on some refactorings to have generic letsencrypt_get
and letsencrypt_set
functions in the functions
file that will query/set configuration parameters to reduce the amount of boilerplate code.
I personally dislike the technique of using enivronment variables for important configuration options such as the e-mail address as these should be as visible as possible to the user. However, it might be a good idea to use environment variables for settings where we have good defaults (server selection, time before renewal, etc.)
from dokku-letsencrypt.
I would like to chime in here... My thoughts:
E-mails by default: i fully concur with @sseemayer to keep the e-mails in there but have the server wide setup option too. It might even be part of the plugin install command... But again, that would be silly. I for one applaud the current state of the plugin already for its simplicity and ease of use... (edge cases withstanding)
Simplication of configuration by environment variables would be a misnomer. By keeping config via parameters / and config files it still really simple. Also agree on sane defaults (i.e. renewal grace periods of 30 days et al) but passing everything via environment variables is not very common for dokku-plugins. Just for that reason alone I would consider command line options or reading in from the app-config... (i.e. dokku config:set LETSENCRYPT_RENEWAL_GRACE=30
et al) The only reason against this would be that the app itself would have knowledge of those configuration settings...
One might argue about the server selection options: these seem too advanced for most users and thus might 'clutter' the help... (and could be moved to a --server
param on the letsencrypt <app>
- command itself... Afther this the API would be simplified to:
letsencrypt <app> [<server>] Enable or renew letsencrypt for app
letsencrypt:revoke <app> Revoke letsencrypt for app
letsencrypt:email <e-mail> [<app>] Set a host wide e-mail address used as letsencrypt contact or specific for the app if app is given
The :email
is a minor change in the API but would allow both server wide and app specific to be set via a single entry... ?
from dokku-letsencrypt.
Sweet, thanks for the feedback. It seems like I've hit on some good issues, though I agree, the environment variable solution is clunky. Just the first thing to pop in to mind.
I didn't know about it before, but I like the idea of using dokku's config
plugin. It would work for both global and app specific configs and looks scalable. I don't see the app having access to these settings being an issue, as long as there are no collisions. Doing dokku config:set <app> LE_EMAIL=<e-mail>
seems as good as dokku letsencrypt:email <app> <e-mail>
to me and it's less code that has to be maintained in this plugin. Reading the config looks like just a matter of source ENV
then source <app>/ENV
.
As far as not letting people use no email, I guess it's not a problem. People can always use fake emails if they want. I'd just like to see the onboarding be a easy as possible. That being said, the user presumably already set up dokku which is pretty complicated so they should be able to handle an extra command here. π
from dokku-letsencrypt.
Since I've pushed the automatic renewal code now, you can see that the API has blown up and I think that cleaning up the settings getters/setters will be the next important step.
I agree that the config:set
approach is the way to go since it will greatly slim down the plugin code base while also getting us global settings for free.
from dokku-letsencrypt.
I finally got around to actually doing the API cleanup! You can find the new version on the dev-config
branch: https://github.com/dokku/dokku-letsencrypt/tree/dev-config . A nice bonus is that you can now even dokku config:set --global [email protected]
to set the e-mail globally for all apps.
I've got it working well on my server, but since this is a backwards compatibility-breaking change, I'd like to know your opinions before merging this into master π
from dokku-letsencrypt.
You can find the new version on the dev-config branch: https://github.com/dokku/dokku-letsencrypt/tree/dev-config .
Could you open a pull request? Then we could comment in there. I will test this soon and provide feedback.
from dokku-letsencrypt.
PR is open: #30
from dokku-letsencrypt.
The eagle has landed (in master)! Closing.
from dokku-letsencrypt.
Related Issues (20)
- Let's Encrypt in Docker - docker.env: no such file or directory HOT 4
- Error on adding cron job: new crontab file is missing newline before EOF, can't install HOT 4
- Is it possible to use a DNS-01 challenge for a non-wildcard domain? HOT 1
- Renewal fails with "Letsencrypt not enabled for app" HOT 10
- Error enable or update SSL HOT 11
- letsencrypt:report doesnβt show the dns-provider-* options
- Broken as of dokku 0.30.0 HOT 4
- Skip domain `_` (Nginx default domain name)
- Cloudflare DNS-01 howto HOT 2
- letsencrypt:cron-job --add does not add cronjob HOT 1
- Invalid response from acme-challenge HOT 16
- Cloudflare DNS: Failed to find zone HOT 1
- Can't Renew Ceritificate, returns Error: manifest for dokku/letsencrypt:0.1.0 not found: HOT 4
- Can't Renew SSL using dokku-letsencrypt: Manifest Unkown HOT 7
- set email for app is not possible HOT 1
- letsencrypt/internal-functions: line 84: syntax error near unexpected token `fi' HOT 6
- Running on old dokku installation HOT 1
- Unable to set email address HOT 2
- feature: Make it possible to enable letsencrypt by default HOT 1
- get_available_port: command not found HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dokku-letsencrypt.