Ignore mismatched hostnames
Access keys (cahkeys) are no longer required to match the hostname being used to access CertCache server.
This simplifies running CertCache server in a containerised environment like Docker Swarm and Kubernetes, where you might use one hostname to access a service from inside the cluster, and another hostname (using public DNS) to access the service over the internet.
For example. If you are using Docker Swarm and have CertCache server running and clients running as follows:
services:
certcacheserver:
image: ghcr.io/93million/certcache:0.5.0
ports:
- '4433:4433/tcp'
…
command: ['serve']you could access CertCache server from another container using the name certcacheserver. Because the ports have been defined, you could also access it over the internet using a global DNS name (eg. certcache.example.com) that points to the IP address of the Swarm.
Prior to this release it would not have been possible to access CertCache server using 2 different names (certcacheserver internally and certcache.example.com) as only 1 name could be provided when creating the cahkey.
The connection is still securely validated using the cahkeys, however it is of no concern what dns name is used to access the server.
This makes things flexible if you need to change service names or make public your CertCache server instance.
Docker image size
CertCache Docker image size has been reduced from around 480MB to 250MB using Docker's multistage build.