use nginx as HTTP proxy
Created by: sqs
Proposal: Remove anything from site config that could be done fairly easily by nginx. I think this includes things like:
- httpToHttpsRedirect
- httpStrictTransportSecurity
- tlsCert
- tlsKey
- tls.letsencrypt
- canonicalURLRedirect
Reason: Many of our big deployments use nginx anyway, so we should consider it as a first-class thing. This lets us remove code (that is nuanced/has large bug surface area). Also it's easier to Google "nginx how to xyz" than "sourcegraph how to xyz" where xyz is some http/https/etc.-related thing.
Contingent on: Finding a way to replace all those configs above with a simple nginx config snippet; and making this work cleanly in both sourcegraph/server and cluster.
This PR updates the CHANGELOG.md file to describe any user-facing changes.
TODOs:
-
Update Server procfile to run nginx and document how customers can change it -
Add sentence to docs that says for cluster deployments use nginx ingress -
Mention nginx in deploy-sourcegraph docs (but can defer full documentation until after 3.0) #1609 -
Ensure this works when deployed to dogfood - blocked on #1610 -
Ensure this works when deployed to Sourcegraph.com - blocked on #1610 -
Write test plan
—-
Issues that would be much easier if we used nginx (incomplete list):