* Donc, le certificat et le traitement du cryptage sont faits avant HTTP.
* TCP ne connaît pas les "domaines", seulement les adresses IP.
    * L'information sur le domaine spécifique demandé se trouve dans les données HTTP.
* Les certificats HTTPS "certifient" un certain domaine, mais le protocole et le cryptage se font au niveau TCP, avant de savoir quel domaine est traité.

Il est intégré à Let's Encrypt. Ainsi, il peut gérer toutes les parties HTTPS, y compris l'acquisition et le renouvellement des certificats.

fo

// fr : http://www.afnic.fr/
// domaines descriptifs : https://www.afnic.fr/medias/documents/Cadre_legal/Afnic_Naming_Policy_12122016_VEN.pdf
fr
asso.fr
com.fr
gouv.fr
nom.fr
prd.fr
tm.fr
// domaines sectoriels : https://www.afnic.fr/en/products-and-services/the-fr-tld/sector-based-fr-domains-4.html
aeroport.fr
avocat.fr
avoues.fr
cci.fr
chambagri.fr

2. Copy any TLS certificate to the new namespace, and configure the domains.
3. Checking the new gateway work - for example by overriding the IP in /etc/hosts
4. Modify the DNS server to add the A record of the new namespace
5. Check traffic
6. Delete the A record corresponding to the gateway in istio-system
7. Upgrade istio-system, disabling the ingressgateway
8. Delete the domain TLS certs from istio-system.

2. Copy any TLS certificate to the new namespace, and configure the domains.
3. Checking the new gateway work - for example by overriding the IP in /etc/hosts
4. Modify the DNS server to add the A record of the new namespace
5. Check traffic
6. Delete the A record corresponding to the gateway in istio-system
7. Upgrade istio-system, disabling the ingressgateway
8. Delete the domain TLS certs from istio-system.

listener/main_internal           0     ALL   Cluster: encap
listener/              0.0.0.0   15021 ALL   Inline Route: /healthz/ready*

NAME                                                              VHOST NAME            DOMAINS     MATCH     VIRTUAL SERVICE
route/inbound-vip|8000|http|httpbin.default.svc.cluster.local     inbound|http|8000     *           /*        

 *  Fix: Do not honor cookies set on a public domain. Previously a malicious site could inject
    cookies on top-level domains like `co.uk` because our cookie parser didn't honor the [public
    suffix][public_suffix] list. Alongside this fix is a new API, `HttpUrl.topPrivateDomain()`,
    which returns the privately domain name if the URL has one.

    val value: String = cookie.value()
    val persistent: Boolean = cookie.persistent()
    val expiresAt: Long = cookie.expiresAt()
    val hostOnly: Boolean = cookie.hostOnly()
    val domain: String = cookie.domain()
    val path: String = cookie.path()
    val httpOnly: Boolean = cookie.httpOnly()
    val secure: Boolean = cookie.secure()
  }

  @Test @Disabled
  fun formBody() {

    return response.newBuilder()
      .body(RealResponseBody(contentType, contentLength, cacheWritingSource.buffer()))
      .build()
  }

  companion object {
    /** Combines cached headers with a network headers as defined by RFC 7234, 4.3.4. */
    private fun combine(
      cachedHeaders: Headers,
      networkHeaders: Headers,
    ): Headers {
      val result = Headers.Builder()

* **PGAdmin** PostgreSQL database admin tool'u, PHPMyAdmin ve MySQL ile kolayca değiştirilebilir.
* **Flower** ile Celery job'larını monitörleme.
* **Traefik** ile backend ve frontend arasında yük dengeleme, böylece her ikisini de aynı domain altında, path ile ayrılmış, ancak farklı kapsayıcılar tarafından sunulabilirsiniz.
* Let's Encrypt **HTTPS** sertifikalarının otomatik oluşturulması dahil olmak üzere Traefik entegrasyonu.