-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Standardize ACME instruction details #9556
Conversation
c83b704
to
2995ced
Compare
2995ced
to
828b036
Compare
234d280
to
3118310
Compare
3118310
to
67a8c34
Compare
|
||
Download the latest version of Teleport for your platform from our | ||
[downloads page](https://goteleport.com/teleport/download). | ||
|
||
Teleport requires a valid TLS certificate to operate and can fetch one automatically | ||
using Let's Encrypt [ACME](https://letsencrypt.org/how-it-works/) protocol. | ||
|
||
We will assume that you have configured DNS records for `teleport.example.com` | ||
and `*.teleport.example.com` to point to the Teleport node. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and `*.teleport.example.com` to point to the Teleport node. | |
and `*.teleport.example.com` to point to the Teleport proxy. |
Right?
docs/pages/includes/acme.mdx
Outdated
@@ -0,0 +1,21 @@ | |||
Let's Encrypt verifies that you control the domain name of your Teleport deployment by communicating with the HTTPS server listening on port 443 of your Teleport Proxy Service. | |||
|
|||
You can configure Teleport to complete the Let's Encrypt verification process—called the ACME protocol—by running the following `teleport configure` command, where `tele.example.com` is the domain name of your Teleport cluster and `[email protected]` is an email address used for notifications (you can use any domain): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This reads a little bit awkward to me. My understanding is that teleport configure
doesn't actually configure anything, but rather spits out some configuration that you can then paste into your teleport.yaml.
The way this reads, it sounds like teleport configure
is actually modifying the file for you.
@@ -3,24 +3,13 @@ Download the latest version of Teleport for your platform from our | |||
installation [instructions](../../installation.mdx). | |||
|
|||
Teleport requires a valid TLS certificate to operate and can fetch one automatically | |||
using Let's Encrypt [ACME](https://letsencrypt.org/how-it-works/) protocol. We | |||
using Let's Encrypt. We |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Strange place for a line break.
aec815b
to
868701e
Compare
868701e
to
7e908fe
Compare
@xinding33 @r0mant would you have time to give this a look? Thanks! |
09539df
to
999f41b
Compare
999f41b
to
44966f0
Compare
Our Getting Started guides often include instructions for configuring Let's Encrypt and ACME before starting Teleport, but not all of these instructions have the same level of detail, and some are missing some context around how Teleport uses ACME and why you need to open port 443 on your Proxy Service host. This change adds an include that spells out these instructions and invokes the include in the appropriate guides. The intention was to include as much relevant information within the guides themselves to prevent the reader from having to navigate to other pages. Closes #6448
- Substitute "proxy" for "node" where it was incorrectly used - Some small stylistic fixes - Clarify that "teleport configure" does not write the config itself
44966f0
to
aa07670
Compare
@ptgott Looks like this was approved, can we merge? |
* Standardize ACME instruction details Our Getting Started guides often include instructions for configuring Let's Encrypt and ACME before starting Teleport, but not all of these instructions have the same level of detail, and some are missing some context around how Teleport uses ACME and why you need to open port 443 on your Proxy Service host. This change adds an include that spells out these instructions and invokes the include in the appropriate guides. The intention was to include as much relevant information within the guides themselves to prevent the reader from having to navigate to other pages. Closes #6448 * Respond to PR feedback - Substitute "proxy" for "node" where it was incorrectly used - Some small stylistic fixes - Clarify that "teleport configure" does not write the config itself
* Standardize ACME instruction details Our Getting Started guides often include instructions for configuring Let's Encrypt and ACME before starting Teleport, but not all of these instructions have the same level of detail, and some are missing some context around how Teleport uses ACME and why you need to open port 443 on your Proxy Service host. This change adds an include that spells out these instructions and invokes the include in the appropriate guides. The intention was to include as much relevant information within the guides themselves to prevent the reader from having to navigate to other pages. Closes #6448 * Respond to PR feedback - Substitute "proxy" for "node" where it was incorrectly used - Some small stylistic fixes - Clarify that "teleport configure" does not write the config itself
Guides to getting started with Teleport on various platforms recommend creating a DNS record for *.teleport.com. It would help prospective users to know why this is needed. This change adds context for why Application Access requires a wildcard subdomain. Fixes #5378 When addressing conflicts with #9556, it turned out that the acme.mdx partial would not render inside the Tabs component within the start-auth-proxy.mdx partial. I have copied the contents of acme.mdx to use inside start-auth-proxy.mdx until we can fix this issue. I also made some minor edits to acme.mdx while fixing these conflicts.
Backports #9556 * Standardize ACME instruction details Our Getting Started guides often include instructions for configuring Let's Encrypt and ACME before starting Teleport, but not all of these instructions have the same level of detail, and some are missing some context around how Teleport uses ACME and why you need to open port 443 on your Proxy Service host. This change adds an include that spells out these instructions and invokes the include in the appropriate guides. The intention was to include as much relevant information within the guides themselves to prevent the reader from having to navigate to other pages. Closes #6448 * Respond to PR feedback - Substitute "proxy" for "node" where it was incorrectly used - Some small stylistic fixes - Clarify that "teleport configure" does not write the config itself
start-auth-proxy.mdx is a partial used by a number of Database Access guides. After PR #9556, the partial included garbled instructions for setting up Teleport with Let's Encrypt. This change edits these instructions for clarity.
start-auth-proxy.mdx is a partial used by a number of Database Access guides. After PR #9556, the partial included garbled instructions for setting up Teleport with Let's Encrypt. This change edits these instructions for clarity.
start-auth-proxy.mdx is a partial used by a number of Database Access guides. After PR #9556, the partial included garbled instructions for setting up Teleport with Let's Encrypt. This change edits these instructions for clarity.
Backports #9556 * Standardize ACME instruction details Our Getting Started guides often include instructions for configuring Let's Encrypt and ACME before starting Teleport, but not all of these instructions have the same level of detail, and some are missing some context around how Teleport uses ACME and why you need to open port 443 on your Proxy Service host. This change adds an include that spells out these instructions and invokes the include in the appropriate guides. The intention was to include as much relevant information within the guides themselves to prevent the reader from having to navigate to other pages. Closes #6448 * Respond to PR feedback - Substitute "proxy" for "node" where it was incorrectly used - Some small stylistic fixes - Clarify that "teleport configure" does not write the config itself
Backports #9556 * Standardize ACME instruction details Our Getting Started guides often include instructions for configuring Let's Encrypt and ACME before starting Teleport, but not all of these instructions have the same level of detail, and some are missing some context around how Teleport uses ACME and why you need to open port 443 on your Proxy Service host. This change adds an include that spells out these instructions and invokes the include in the appropriate guides. The intention was to include as much relevant information within the guides themselves to prevent the reader from having to navigate to other pages. Closes #6448 * Respond to PR feedback - Substitute "proxy" for "node" where it was incorrectly used - Some small stylistic fixes - Clarify that "teleport configure" does not write the config itself
Backports #9556 * Standardize ACME instruction details Our Getting Started guides often include instructions for configuring Let's Encrypt and ACME before starting Teleport, but not all of these instructions have the same level of detail, and some are missing some context around how Teleport uses ACME and why you need to open port 443 on your Proxy Service host. This change adds an include that spells out these instructions and invokes the include in the appropriate guides. The intention was to include as much relevant information within the guides themselves to prevent the reader from having to navigate to other pages. Closes #6448 * Respond to PR feedback - Substitute "proxy" for "node" where it was incorrectly used - Some small stylistic fixes - Clarify that "teleport configure" does not write the config itself
Backports #9556 * Standardize ACME instruction details Our Getting Started guides often include instructions for configuring Let's Encrypt and ACME before starting Teleport, but not all of these instructions have the same level of detail, and some are missing some context around how Teleport uses ACME and why you need to open port 443 on your Proxy Service host. This change adds an include that spells out these instructions and invokes the include in the appropriate guides. The intention was to include as much relevant information within the guides themselves to prevent the reader from having to navigate to other pages. Closes #6448 * Respond to PR feedback - Substitute "proxy" for "node" where it was incorrectly used - Some small stylistic fixes - Clarify that "teleport configure" does not write the config itself
Backports #9556 * Standardize ACME instruction details Our Getting Started guides often include instructions for configuring Let's Encrypt and ACME before starting Teleport, but not all of these instructions have the same level of detail, and some are missing some context around how Teleport uses ACME and why you need to open port 443 on your Proxy Service host. This change adds an include that spells out these instructions and invokes the include in the appropriate guides. The intention was to include as much relevant information within the guides themselves to prevent the reader from having to navigate to other pages. Closes #6448 * Respond to PR feedback - Substitute "proxy" for "node" where it was incorrectly used - Some small stylistic fixes - Clarify that "teleport configure" does not write the config itself
Our Getting Started guides often include instructions for
configuring Let's Encrypt and ACME before starting
Teleport, but not all of these instructions have the same
level of detail, and some are missing some context around
how Teleport uses ACME and why you need to open port 443 on
your Proxy Service host. This change adds an include that
spells out these instructions and invokes the include in the
appropriate guides.
The intention was to include as much relevant information within
the guides themselves to prevent the reader from having to
navigate to other pages.
Closes #6448