Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding content conditionals for the TLS guide #43658

Merged
merged 1 commit into from
Oct 2, 2024
Merged

Adding content conditionals for the TLS guide #43658

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 15 additions & 3 deletions docs/src/main/asciidoc/tls-registry-reference.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,11 @@
Therefore, you can tailor TLS settings for different application parts.
This flexibility is particularly useful when different components require distinct security configurations.

The TLS Registry extension is automatically included in your project when you use compatible extensions, such as Quarkus REST, gRPC, or Reactive Routes.
The TLS Registry extension is automatically included in your project when you use compatible extensions, such as Quarkus REST, gRPC
ifndef::no-reactive-routes[]
, or Reactive Routes
endif::no-reactive-routes[]
.
As a result, applications that use the TLS Registry can be ready to handle secure communications out of the box.
TLS Registry also provides features like automatic certificate reloading, Let's Encrypt (ACME) integration, Kubernetes Cert-Manager support, and compatibility with various keystore formats, such as PKCS12, PEM, and JKS.

Expand Down Expand Up @@ -652,9 +656,10 @@
quarkus.tls.http.key-store.pem.0.key=tls.key
----

IMPORTANT: Impacted server and client may need to listen to the `CertificateReloadedEvent` to apply the new certificates.

Check warning on line 659 in docs/src/main/asciidoc/tls-registry-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale 

[vale] reported by reviewdog 🐶
[Quarkus.TermsWarnings] Consider using 'might (for possibility)' or 'can (for ability)' rather than 'may' unless updating existing content that uses the term.

Raw Output:
{"message": "[Quarkus.TermsWarnings] Consider using 'might (for possibility)' or 'can (for ability)' rather than 'may' unless updating existing content that uses the term.", "location": {"path": "docs/src/main/asciidoc/tls-registry-reference.adoc", "range": {"start": {"line": 659, "column": 39}}}, "severity": "WARNING"}

Check warning on line 659 in docs/src/main/asciidoc/tls-registry-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale 

[vale] reported by reviewdog 🐶
[Quarkus.Fluff] Depending on the context, consider using 'Rewrite the sentence, or use 'must', instead of' rather than 'need to'.

Raw Output:
{"message": "[Quarkus.Fluff] Depending on the context, consider using 'Rewrite the sentence, or use 'must', instead of' rather than 'need to'.", "location": {"path": "docs/src/main/asciidoc/tls-registry-reference.adoc", "range": {"start": {"line": 659, "column": 43}}}, "severity": "INFO"}
This is automatically done for the Quarkus HTTP server, including the management interface if it is enabled.

ifndef::no-kubernetes-secrets-or-cert-manager[]
== Using Kubernetes secrets or cert-manager

When running in Kubernetes, you can use Kubernetes secrets to store the keystores and truststores.
Expand Down Expand Up @@ -765,6 +770,9 @@
%prod.quarkus.http.tls-configuration-name=http
%prod.quarkus.http.insecure-requests=disabled
----
endif::no-kubernetes-secrets-or-cert-manager[]
// The reason for this ifndef condition is that this content is not supported in product docs.
// Feel free to add more content to this chapter, but make sure this condition encloses it.

== Working with OpenShift serving certificates

Expand Down Expand Up @@ -1211,6 +1219,7 @@
sudo security -v remove-trusted-cert -d /Users/clement/.quarkus/quarkus-dev-root-ca.pem
----

ifndef::no-lets-encrypt[]
[[lets-encrypt]]
== Automatic certificate management with Let's Encrypt

Expand Down Expand Up @@ -1313,7 +1322,7 @@
.. Keep the application running and request your first Let's Encrypt certificate.

[[lets-encrypt-issue-certificate]]
=== Issue a certificate:
=== Issue a certificate

Check warning on line 1325 in docs/src/main/asciidoc/tls-registry-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale 

[vale] reported by reviewdog 🐶
[Quarkus.HeadingPunctuation] Do not use end punctuation in headings.

Raw Output:
{"message": "[Quarkus.HeadingPunctuation] Do not use end punctuation in headings.", "location": {"path": "docs/src/main/asciidoc/tls-registry-reference.adoc", "range": {"start": {"line": 1325, "column": 3}}}, "severity": "INFO"}

. From the application directory, run the `issue-certificate` command to acquire your first Let's Encrypt certificate:
+
Expand Down Expand Up @@ -1362,10 +1371,10 @@
Once the Let's Encrypt certificate chain and private key have been successfully renewed, they are converted to PEM format and copied to your application's `.letsencrypt` folder.
The TLS registry is notified when a new certificate and private key are ready, and it automatically reloads them.

[[lets-encrypt-ngrok]]

Check warning on line 1374 in docs/src/main/asciidoc/tls-registry-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale 

[vale] reported by reviewdog 🐶
[Quarkus.Spelling] Use correct American English spelling. Did you really mean 'ngrok'?

Raw Output:
{"message": "[Quarkus.Spelling] Use correct American English spelling. Did you really mean 'ngrok'?", "location": {"path": "docs/src/main/asciidoc/tls-registry-reference.adoc", "range": {"start": {"line": 1374, "column": 16}}}, "severity": "WARNING"}
=== Testing with ngrok:
=== Testing with ngrok

link:https://ngrok.com/[ngrok] can be used to provide a secure HTTPS tunnel to your application running on localhost, and make it easy to test HTTPS based applications.

Check warning on line 1377 in docs/src/main/asciidoc/tls-registry-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale 

[vale] reported by reviewdog 🐶
[Quarkus.Spelling] Use correct American English spelling. Did you really mean 'ngrok'?

Raw Output:
{"message": "[Quarkus.Spelling] Use correct American English spelling. Did you really mean 'ngrok'?", "location": {"path": "docs/src/main/asciidoc/tls-registry-reference.adoc", "range": {"start": {"line": 1377, "column": 25}}}, "severity": "WARNING"}

ngrok provides a simplified way of getting started with the Quarkus Let's Encrypt ACME feature.

Expand All @@ -1391,6 +1400,9 @@
ngrok http --domain <YOUR-NGROK-DOMAIN> 8080 --scheme http <1>
----
<1> `8080` is the localhost HTTP port your application is listening on.
Note that the application will be accessible from `http://YOUR-NGROK-DOMAIN` on port `80` but redirected to your local machine on port `8080`.

Check warning on line 1403 in docs/src/main/asciidoc/tls-registry-reference.adoc

View workflow job for this annotation

GitHub Actions / Linting with Vale 

[vale] reported by reviewdog 🐶
[Quarkus.Fluff] Depending on the context, consider using 'Be concise: rewrite the sentence to not use' rather than 'Note that'.

Raw Output:
{"message": "[Quarkus.Fluff] Depending on the context, consider using 'Be concise: rewrite the sentence to not use' rather than 'Note that'.", "location": {"path": "docs/src/main/asciidoc/tls-registry-reference.adoc", "range": {"start": {"line": 1403, "column": 1}}}, "severity": "INFO"}

. Test the Quarkus Let's Encrypt ACME feature from your local machine.
endif::no-lets-encrypt[]
// The reason for this ifndef condition is that this content is not supported in product docs.
// Feel free to add more content to this chapter, but make sure this condition encloses it.