markusthoemmes commented on a change in pull request #2427: Support client
certificate on cli and nginx
URL:
https://github.com/apache/incubator-openwhisk/pull/2427#discussion_r126666107
##########
File path: ansible/group_vars/all
##########
@@ -166,10 +166,12 @@ nginx:
adminportal: 8443
ssl:
path: "{{ openwhisk_home }}/ansible/roles/nginx/files"
- cert: "openwhisk-cert.pem"
- key: "openwhisk-key.pem"
+ cert: "openwhisk-server-cert.pem"
+ key: "openwhisk-server-key.pem"
password_enabled: false
password_file: "ssl.pass"
+ client_ca_cert: "openwhisk-client-ca-cert.pem"
+ verify_client: "optional"
Review comment:
Could we make this configurable per env? Your documentation suggests that
that's the intended behavior anyway.
You can use the following scheme to make it configurable:
```
verify_client: {{ nginx_ssl_verify_client | default("off") }}
```
In `ansible/environments/local` for example you can then turn the feature on
by adding:
```
nginx_ssl_verify_client: "optional"
```
In general it'd be great to be able to completely turn this feature off, so
we don't impact existing deployments of OpenWhisk too much. You might need to
make testcases optional with regards to this property then.
What do you think?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
