From 357a62b736c6bcd3ce93e95fcb1f44882bdf136d Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Fri, 11 Oct 2024 13:05:57 -0400 Subject: [PATCH 01/10] docs: update cloud networking on proxy service --- docs/pages/reference/networking.mdx | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/pages/reference/networking.mdx b/docs/pages/reference/networking.mdx index 9ec9a7d923f91..6c457f548adf2 100644 --- a/docs/pages/reference/networking.mdx +++ b/docs/pages/reference/networking.mdx @@ -36,21 +36,21 @@ following use cases: -All Teleport services (e.g., the Application Service and Database Service) have -an optional `public_addr` property that you can modify in each service's -configuration file. The public address can take an IP or a DNS name. It can also -be a list of values: +For Teleport Enterprise Cloud all Teleport services (e.g. Kubernetes Service, +SSH Service,...) connect via reverse tunnels through the Teleport Proxy Service. +The Teleport Proxy Service and Auth Service are provided so no specification +is required for those. This makes the usage of `public_addr` limited to the Application Service. + +In the case of web applications the public address must be a subdomain of the tenant +since the domain and TLS certificates are maintained by Teleport. ```yaml -public_addr: ["service-one.example.com", "service-two.example.com"] +public_addr: "myapp.example.teleport.sh" ``` -Specifying a public address for a Teleport agent may be useful in the -following use cases: +For TCP applications you can specify a fqdn outside of `teleport.sh` in combination +with [VNet](../enroll-resources/application-access/guides/vnet.mdx) since that domain is served via your machine's local network. -- You have multiple identical services behind a load balancer. -- You want Teleport to issue an SSH certificate for the service with additional - principals, e.g., host names. From ad7a5a487746bd259a9c707bf13d954548504576 Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Tue, 22 Oct 2024 18:30:08 -0400 Subject: [PATCH 02/10] docs: update verbiage for networking Co-authored-by: Paul Gottschling --- docs/pages/reference/networking.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/pages/reference/networking.mdx b/docs/pages/reference/networking.mdx index 6c457f548adf2..f5b9ad96dd1be 100644 --- a/docs/pages/reference/networking.mdx +++ b/docs/pages/reference/networking.mdx @@ -41,14 +41,14 @@ SSH Service,...) connect via reverse tunnels through the Teleport Proxy Service. The Teleport Proxy Service and Auth Service are provided so no specification is required for those. This makes the usage of `public_addr` limited to the Application Service. -In the case of web applications the public address must be a subdomain of the tenant +In the case of web applications the public address must be a subdomain of the Teleport account URL since the domain and TLS certificates are maintained by Teleport. ```yaml public_addr: "myapp.example.teleport.sh" ``` -For TCP applications you can specify a fqdn outside of `teleport.sh` in combination +For TCP applications you can specify a fully qualified domain name outside of `teleport.sh` in combination with [VNet](../enroll-resources/application-access/guides/vnet.mdx) since that domain is served via your machine's local network. From 9f15e4f1ce36a14a21f625268fed6b4efb3a6bab Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Tue, 22 Oct 2024 18:38:12 -0400 Subject: [PATCH 03/10] docs: update cloud-hosted public address --- docs/pages/reference/networking.mdx | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/docs/pages/reference/networking.mdx b/docs/pages/reference/networking.mdx index f5b9ad96dd1be..c3fc2ce92e265 100644 --- a/docs/pages/reference/networking.mdx +++ b/docs/pages/reference/networking.mdx @@ -36,10 +36,9 @@ following use cases: -For Teleport Enterprise Cloud all Teleport services (e.g. Kubernetes Service, -SSH Service,...) connect via reverse tunnels through the Teleport Proxy Service. -The Teleport Proxy Service and Auth Service are provided so no specification -is required for those. This makes the usage of `public_addr` limited to the Application Service. +For Teleport Enterprise (managed) the domain name and sub-domains +are managed by Teleport for your account. The public address (`public_addr`) +for the Teleport Application services are configurable. In the case of web applications the public address must be a subdomain of the Teleport account URL since the domain and TLS certificates are maintained by Teleport. From 70e96822fbe5bc7206678f83734c940f2475ee9b Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Thu, 24 Oct 2024 16:06:44 -0400 Subject: [PATCH 04/10] docs: update verbiage for app access for networking --- docs/pages/reference/networking.mdx | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/pages/reference/networking.mdx b/docs/pages/reference/networking.mdx index c3fc2ce92e265..8642b5fd042c8 100644 --- a/docs/pages/reference/networking.mdx +++ b/docs/pages/reference/networking.mdx @@ -36,9 +36,11 @@ following use cases: -For Teleport Enterprise (managed) the domain name and sub-domains -are managed by Teleport for your account. The public address (`public_addr`) -for the Teleport Application services are configurable. +For Teleport Enterprise (managed) you choose the sub-domain of +the domain `teleport.sh` for your account. That fully qualified domain name +(ex: `example.teleport.sh`) are managed by Teleport for your account +along with any sub-domains of it for Teleport Application Service. The public +address (`public_addr`) for the Teleport Application Service is configurable. In the case of web applications the public address must be a subdomain of the Teleport account URL since the domain and TLS certificates are maintained by Teleport. From a819b2a9842ed3f9121b27c21332588385d6f69a Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Mon, 28 Oct 2024 14:55:28 -0400 Subject: [PATCH 05/10] docs: update verbiage for public address for networks with cloud Co-authored-by: Paul Gottschling --- docs/pages/reference/networking.mdx | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/docs/pages/reference/networking.mdx b/docs/pages/reference/networking.mdx index 8642b5fd042c8..41f68ef557f0d 100644 --- a/docs/pages/reference/networking.mdx +++ b/docs/pages/reference/networking.mdx @@ -36,13 +36,12 @@ following use cases: -For Teleport Enterprise (managed) you choose the sub-domain of +On Teleport Enterprise (Cloud), you can choose the sub-domain of the domain `teleport.sh` for your account. That fully qualified domain name -(ex: `example.teleport.sh`) are managed by Teleport for your account -along with any sub-domains of it for Teleport Application Service. The public -address (`public_addr`) for the Teleport Application Service is configurable. +(e.g., `example.teleport.sh`) is managed by Teleport for your account +along with any sub-domains assigned to Teleport-protected applications (e.g., `grafana.example.teleport.sh`). -In the case of web applications the public address must be a subdomain of the Teleport account URL +The public address (`public_addr`) for the Teleport Application Service is configurable. In the case of web applications, the public address must be a subdomain of the Teleport account URL since the domain and TLS certificates are maintained by Teleport. ```yaml From 4f0f6eafbe79b0746c661d5f615300bdc302c683 Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Tue, 29 Oct 2024 06:32:09 -0400 Subject: [PATCH 06/10] docs: clarify app configuration --- docs/pages/reference/networking.mdx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/pages/reference/networking.mdx b/docs/pages/reference/networking.mdx index 41f68ef557f0d..ecf5160444888 100644 --- a/docs/pages/reference/networking.mdx +++ b/docs/pages/reference/networking.mdx @@ -41,7 +41,8 @@ the domain `teleport.sh` for your account. That fully qualified domain name (e.g., `example.teleport.sh`) is managed by Teleport for your account along with any sub-domains assigned to Teleport-protected applications (e.g., `grafana.example.teleport.sh`). -The public address (`public_addr`) for the Teleport Application Service is configurable. In the case of web applications, the public address must be a subdomain of the Teleport account URL +The public address (`public_addr`) for an application in the Teleport Application Service is configurable. +In the case of web applications, the public address must be a subdomain of the Teleport account URL since the domain and TLS certificates are maintained by Teleport. ```yaml From e9c5caeeffced66ad3f0d871987fa101d0b0825e Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Tue, 29 Oct 2024 14:40:25 -0400 Subject: [PATCH 07/10] docs: update cloud-hosted explanation for public address --- docs/pages/reference/networking.mdx | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/docs/pages/reference/networking.mdx b/docs/pages/reference/networking.mdx index ecf5160444888..ffd3c64a1aeef 100644 --- a/docs/pages/reference/networking.mdx +++ b/docs/pages/reference/networking.mdx @@ -36,21 +36,8 @@ following use cases: -On Teleport Enterprise (Cloud), you can choose the sub-domain of -the domain `teleport.sh` for your account. That fully qualified domain name -(e.g., `example.teleport.sh`) is managed by Teleport for your account -along with any sub-domains assigned to Teleport-protected applications (e.g., `grafana.example.teleport.sh`). - -The public address (`public_addr`) for an application in the Teleport Application Service is configurable. -In the case of web applications, the public address must be a subdomain of the Teleport account URL -since the domain and TLS certificates are maintained by Teleport. - -```yaml -public_addr: "myapp.example.teleport.sh" -``` - -For TCP applications you can specify a fully qualified domain name outside of `teleport.sh` in combination -with [VNet](../enroll-resources/application-access/guides/vnet.mdx) since that domain is served via your machine's local network. +On Teleport Enterprise (Cloud) the Teleport agent services always +connect using reverse tunnels so there is no need to set a public address for a agent. From 601740ca4025bc4d9c54083582ff447afafe8f47 Mon Sep 17 00:00:00 2001 From: marie Date: Thu, 31 Oct 2024 13:11:54 -0700 Subject: [PATCH 08/10] Update docs/pages/reference/networking.mdx --- docs/pages/reference/networking.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/reference/networking.mdx b/docs/pages/reference/networking.mdx index ffd3c64a1aeef..0c5403b16b6d9 100644 --- a/docs/pages/reference/networking.mdx +++ b/docs/pages/reference/networking.mdx @@ -37,7 +37,7 @@ following use cases: On Teleport Enterprise (Cloud) the Teleport agent services always -connect using reverse tunnels so there is no need to set a public address for a agent. +connect using reverse tunnels so there is no need to set a public address for an agent. From 700190648719011c24cbaf30da6d18f7be053fec Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Mon, 4 Nov 2024 06:09:14 -0500 Subject: [PATCH 09/10] docs: update verbiage for cloud public service Co-authored-by: marie --- docs/pages/reference/networking.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/reference/networking.mdx b/docs/pages/reference/networking.mdx index 0c5403b16b6d9..1795f3fc7412a 100644 --- a/docs/pages/reference/networking.mdx +++ b/docs/pages/reference/networking.mdx @@ -36,7 +36,7 @@ following use cases: -On Teleport Enterprise (Cloud) the Teleport agent services always +On Teleport Enterprise (Cloud) the Teleport Agent services always connect using reverse tunnels so there is no need to set a public address for an agent. From 30f08ab77efaae1e5c44433098522991b8a864cd Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Mon, 4 Nov 2024 09:28:56 -0500 Subject: [PATCH 10/10] docs: update verbiage for agent --- docs/pages/reference/networking.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/reference/networking.mdx b/docs/pages/reference/networking.mdx index 1795f3fc7412a..888b4c3da586e 100644 --- a/docs/pages/reference/networking.mdx +++ b/docs/pages/reference/networking.mdx @@ -37,7 +37,7 @@ following use cases: On Teleport Enterprise (Cloud) the Teleport Agent services always -connect using reverse tunnels so there is no need to set a public address for an agent. +connect using reverse tunnels so there is no need to set a public address for an Agent.