Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[che-dev] Single Host Option
Hi all,

We currently support single-host option as a workspaces exposure strategy [1] (on Kubernetes only):

In short the difference is that in single-host mode mode URLs look like:

   https://example.com/app

whereas in multi-host (currently the default one) URLs look like:

   https://app.example.com/


The single-host strategy has a couple of important benefits when running Che on TLS:
- No need for wildcard certificates (*.example.com)
- No need to manually import self signed certs

Considered the benefits that looks like single-host should be the default right? Well that's what I would like to start consider but we should carefully evaluate the drawbacks.

A first drawback has been mentioned by platform team last week and that's related to Theia security. Do we have more info about this?

Another drawback is about users applications: in some cases they won't work out of the box as mentioned in the doc. But that's something that we may document and even fix making users apps ingresses "multi-host" by default and let users deal with the certs.

Mario

[1] https://www.eclipse.org/che/docs/che-7/configuring-workspace-exposure-strategies/
[2] https://www.eclipse.org/che/docs/che-7/installing-che-in-tls-mode-with-self-signed-certificates/#using-che-with-tls_installing-che-in-tls-mode-with-self-signed-certificates
[3] https://www.eclipse.org/che/docs/che-7/configuring-workspace-exposure-strategies/#single-host-strategy
 

Back to the top