[Doc][Serve] Document for HTTPS #3972

cblmemo · 2024-09-23T18:28:47Z

Related to and block by #3380.

Tested (run the relevant ones):

Code formatting: bash format.sh
Any manual or new tests for this PR (please specify below)
All smoke tests: pytest tests/test_smoke.py
Relevant individual smoke tests: pytest tests/test_smoke.py::test_fill_in_the_name
Backward compatibility tests: conda deactivate; bash -i tests/backward_compatibility_tests.sh

cblmemo · 2024-10-10T00:23:41Z

bump for review @Michaelvll

Michaelvll

Thanks for adding the doc @cblmemo! Looks mostly good to me.

Michaelvll · 2024-10-11T06:10:12Z

docs/source/docs/index.rst

@@ -161,6 +161,7 @@ Read the research:
   ../serving/sky-serve
   ../serving/user-guides
   ../serving/service-yaml-spec
+   ../serving/https


Should we have it at the top level of the doc or in the user-guides?

This feels more like a serving dedicated guide to me as putting it in other places is possible to left the impression that this doc is for https on a cluster with ports exposed.. wdyt?

Michaelvll · 2024-10-11T06:14:04Z

docs/source/serving/https.rst

+HTTPS on Load Balancer
+----------------------
+
+To enable HTTPS on the load balancer, you need to provide a certificate and a private key. Obtaining these from a trusted Certificate Authority (CA) is the most secure method. However, for development and testing purposes, you can generate a self-signed certificate and private key using the :code:`openssl` command-line tool. Here is an example of how to generate them:


We should have a section talking about common ways to get certificate for people who want to do it in production.

Also, does a normal HTTPS requires periodic refresh for the token?

Good point! Lemme investigate and try it out.

Yes, they typically last for 3 months and up to 13 months. FastAPI doc says you cannot do that using uvicorn (see picture below). I think moving to envoy would address this problem.

https://fastapi.tiangolo.com/deployment/https/#certificate-renewal

docs/source/serving/https.rst

cblmemo · 2024-10-24T23:36:28Z

@Michaelvll updated. PTAL again!

cblmemo added 2 commits September 23, 2024 11:26

init

5e1ea3e

nit

8b0634a

cblmemo mentioned this pull request Sep 23, 2024

[Serve] HTTPS Support #3380

Open

6 tasks

cblmemo requested a review from Michaelvll October 1, 2024 23:00

Michaelvll reviewed Oct 11, 2024

View reviewed changes

cblmemo added 4 commits October 11, 2024 14:57

Merge remote-tracking branch 'origin/master' into serve-https-doc

612c0d7

address minor comments

b661d46

Merge remote-tracking branch 'origin/master' into serve-https-doc

400dc29

add reference link

147f3a1

cblmemo requested a review from Michaelvll October 24, 2024 23:36

cblmemo added this to the v0.7 milestone Oct 25, 2024

romilbhardwaj removed this from the v0.7 milestone Oct 29, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Doc][Serve] Document for HTTPS #3972

[Doc][Serve] Document for HTTPS #3972

cblmemo commented Sep 23, 2024 •

edited

Loading

cblmemo commented Oct 10, 2024

Michaelvll left a comment

Michaelvll Oct 11, 2024

cblmemo Oct 11, 2024

Michaelvll Oct 11, 2024

Michaelvll Oct 11, 2024

cblmemo Oct 11, 2024

cblmemo Oct 24, 2024

cblmemo commented Oct 24, 2024

[Doc][Serve] Document for HTTPS #3972

Are you sure you want to change the base?

[Doc][Serve] Document for HTTPS #3972

Conversation

cblmemo commented Sep 23, 2024 • edited Loading

cblmemo commented Oct 10, 2024

Michaelvll left a comment

Choose a reason for hiding this comment

Michaelvll Oct 11, 2024

Choose a reason for hiding this comment

cblmemo Oct 11, 2024

Choose a reason for hiding this comment

Michaelvll Oct 11, 2024

Choose a reason for hiding this comment

Michaelvll Oct 11, 2024

Choose a reason for hiding this comment

cblmemo Oct 11, 2024

Choose a reason for hiding this comment

cblmemo Oct 24, 2024

Choose a reason for hiding this comment

cblmemo commented Oct 24, 2024

cblmemo commented Sep 23, 2024 •

edited

Loading