In April 2024, the Core Atlantis Team launched an anonymous survey to better understand our community's needs and help prioritize our roadmap.
If you're an Atlantis user, please take 5 minutes to fill it out: Survey Link
HTTPS, SSL, TLS ​
When using a self-signed certificate for Atlantis (with flags --ssl-cert-file and --ssl-key-file), there are a few considerations.
Atlantis uses the web server from the standard Go library, the method name is ListenAndServeTLS.
ListenAndServeTLS acts identically to ListenAndServe, except that it expects HTTPS connections. Additionally, files containing a certificate and matching private key for the server must be provided. If the certificate is signed by a certificate authority, the file passed to --ssl-cert-file should be the concatenation of the server's certificate, any intermediates, and the CA's certificate.
If you have this error when specifying a TLS cert with a key:
plain
[ERROR] server.go:413 server: Tls: private key does not match public keyCheck that the locally signed certificate authority is prepended to the self signed certificate. A good example is shown at Seth Vargo terraform implementation of atlantis-on-gke
For Go specific TLS resources have a look at the repository by denji called golang-tls.
For a complete explanation on PKI, read this article.