Skip to content

use nginx as HTTP proxy

Administrator requested to merge use-http-reverse-proxy into master

Created by: sqs

Proposal: Remove anything from site config that could be done fairly easily by nginx. I think this includes things like:

  • httpToHttpsRedirect
  • httpStrictTransportSecurity
  • tlsCert
  • tlsKey
  • tls.letsencrypt
  • canonicalURLRedirect

Reason: Many of our big deployments use nginx anyway, so we should consider it as a first-class thing. This lets us remove code (that is nuanced/has large bug surface area). Also it's easier to Google "nginx how to xyz" than "sourcegraph how to xyz" where xyz is some http/https/etc.-related thing.

Contingent on: Finding a way to replace all those configs above with a simple nginx config snippet; and making this work cleanly in both sourcegraph/server and cluster.

This PR updates the CHANGELOG.md file to describe any user-facing changes.

TODOs:

  • Update Server procfile to run nginx and document how customers can change it
  • Add sentence to docs that says for cluster deployments use nginx ingress
  • Mention nginx in deploy-sourcegraph docs (but can defer full documentation until after 3.0) #1609
  • Ensure this works when deployed to dogfood - blocked on #1610
  • Ensure this works when deployed to Sourcegraph.com - blocked on #1610
  • Write test plan

—-

Issues that would be much easier if we used nginx (incomplete list):

Merge request reports

Loading