Project

General

Profile

Actions

Bug #17591

closed

Improve explanation of wildcard DNS for keep-web

Added by Peter Amstutz about 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Documentation
Target version:
Story points:
-
Release relationship:
Auto

Description

DNS entries and TLS certificates section of "planning and prerequisites" in the install guide needs to be more specific and precise.

Also noted: talks about hostnames but these are usually virtual hosts.

This section should tell you (a) what certificates to get and (b) what DNS hosts to set up.


Subtasks 1 (0 open1 closed)

Task #17671: ReviewResolvedWard Vandewege08/03/2021Actions
Actions #1

Updated by Peter Amstutz about 3 years ago

  • Target version changed from 2021-05-12 sprint to 2021-05-26 sprint
Actions #2

Updated by Peter Amstutz about 3 years ago

  • Description updated (diff)
Actions #3

Updated by Peter Amstutz about 3 years ago

  • Description updated (diff)
Actions #4

Updated by Peter Amstutz about 3 years ago

  • Description updated (diff)
Actions #5

Updated by Peter Amstutz about 3 years ago

  • Assigned To set to Nico César
Actions #6

Updated by Peter Amstutz about 3 years ago

  • Target version changed from 2021-05-26 sprint to 2021-06-09 sprint
Actions #7

Updated by Peter Amstutz about 3 years ago

  • Target version changed from 2021-06-09 sprint to 2021-06-23 sprint
Actions #8

Updated by Peter Amstutz almost 3 years ago

  • Target version changed from 2021-06-23 sprint to 2021-07-07 sprint
Actions #9

Updated by Peter Amstutz almost 3 years ago

  • Target version changed from 2021-07-07 sprint to 2021-07-21 sprint
Actions #10

Updated by Peter Amstutz almost 3 years ago

  • Assigned To deleted (Nico César)
Actions #11

Updated by Peter Amstutz almost 3 years ago

  • Target version changed from 2021-07-21 sprint to 2021-08-04 sprint
Actions #12

Updated by Peter Amstutz almost 3 years ago

  • Assigned To set to Ward Vandewege
Actions #13

Updated by Ward Vandewege almost 3 years ago

  • Status changed from New to In Progress
Actions #14

Updated by Ward Vandewege almost 3 years ago

Ready for review at 6160b7425d9da6cc9d245b7cc754e81427f8ac9c on branch 17591-doc-improvement

Actions #15

Updated by Tom Clegg almost 3 years ago

I think the new "if you have this then do that" table is a huge improvement.

I noticed a (pre-existing) missing "the" in doc/install/install-manual-prerequisites.html.textile.liquid: "You can run several services on same node, but ..."

Re note in description "talks about hostnames but these are usually virtual hosts"... would it be more clear to say "DNS name" instead of "hostname" when referring to a name in a URL as opposed to the thing reported by the hostname command? E.g., in "each distinct hostname requires a valid, matching TLS certificate" we could say "each distinct DNS name"?

I suspect in many cases wildcard TLS and DNS are possible, but require extra effort, and people will be inclined to avoid the extra effort by going with the "other" column, even though the text assures them it will be "easier" with wildcards. Should we mention here that skipping the wildcards will have consequences later ("this will disable some features that allow users to view Arvados-hosted data in their browsers" or something like that?), rather than let people think they're taking the easy route only to find out later that they need to come back and reconfigure.

Actions #16

Updated by Ward Vandewege almost 3 years ago

Tom Clegg wrote:

I think the new "if you have this then do that" table is a huge improvement.

I noticed a (pre-existing) missing "the" in doc/install/install-manual-prerequisites.html.textile.liquid: "You can run several services on same node, but ..."

Fixed!

Re note in description "talks about hostnames but these are usually virtual hosts"... would it be more clear to say "DNS name" instead of "hostname" when referring to a name in a URL as opposed to the thing reported by the hostname command? E.g., in "each distinct hostname requires a valid, matching TLS certificate" we could say "each distinct DNS name"?

OK, changed.

I suspect in many cases wildcard TLS and DNS are possible, but require extra effort, and people will be inclined to avoid the extra effort by going with the "other" column, even though the text assures them it will be "easier" with wildcards. Should we mention here that skipping the wildcards will have consequences later ("this will disable some features that allow users to view Arvados-hosted data in their browsers" or something like that?), rather than let people think they're taking the easy route only to find out later that they need to come back and reconfigure.

Yeah, good idea, I've added some language like that.

I've also made an explicit mention of the 'TrustAllContent' flag on the keep-web urls page, and fixed the explanation for that flag in the default config file, it was missing a word.

Ready for another look at 1c5a21a73b2e5281cea17db4ae5f4d367dee1ee4

Actions #17

Updated by Tom Clegg almost 3 years ago

LGTM, thanks!

Actions #18

Updated by Ward Vandewege almost 3 years ago

  • % Done changed from 0 to 100
  • Status changed from In Progress to Resolved
Actions #19

Updated by Peter Amstutz almost 3 years ago

  • Release set to 41
Actions

Also available in: Atom PDF