Comments (7)
What was the behavior you saw? Did you get certificates for all your hosts?
We can add a flag to disable auto TLS in host object? What are you thoughts?
from armor.
I use Armor as proxy for few web sites in my local network.
For 2 web sites, one on Apache, and one on Node.js, I am using auto TLS, and this is OK. But I have also one web site on IIS, which already have TLS certificate. Now, I was thinking, it would be nice, when Armor would only redirect incoming https requests to IIS, without to issue new TLS certificate.
So I think, new flag "no_tls" : true
per host settings would resolve this issue.
from armor.
@dkeza We can add a flag to not pull a certificate automatically for any host but then what certificate will you use for your domain which proxies to IIS. The certificate should be known to Armor for this domain. I am not sure if you mean that you don't want to use HTTPS for this domain, so if that's the case you can directly send HTTP traffic to that domain?
from armor.
I will try to explain what I have on mind, I am not sure if this is common practice.
When I have one domain example.no-ip.com, and I have Armor as reverse proxy, I wish that https requests to example.no-ip.com are handled by Armor, and that Armor just redirects/forwards that request as https request to IIS server in local network on IP address 192.168.1.100. On IIS server I have already installed valid TLS certificate for domain example.no-ip.com
I don't wish that Armor uses TLS certificate for example.no-ip.com domain, I wish that he only forwards https requests to 192.168.1.100 in local network.
For other domains defined in config.json for Armor, I wish that Armor uses/issues TLS certificates from cache_tls file, and that then forwards https requests as http to ip addresses in local network.
from armor.
For Armor to handle your example.no-ip.com
's https requests it needs valid certificates as Armor faces the internet. You have a couple of choices:
- Rely on Armor to generate certificate and proxy https request to your internal IIS server (It should use your certificate internally)
- If you certificates are valid and signed by CA, copy and use them in the
config.json
for this domain
Let me know your thoughts
from armor.
OK, you are right, I let Armor issue TLS certificate also for my IIS website.
How Armor knows when should he get new certificate from Letsencrypt?
from armor.
If auto TLS is on and you haven't specified any certificates for a host then Armor will try to provision them from LetsEncrypt and also keep a track of renewing it.
from armor.
Related Issues (20)
- Embed serf
- Add password for admin
- Is there a way to use it with appengine?
- Store / Postgres doc HOT 7
- Support for backend in proxy plugin
- User management
- Proxy: 405 Method Not Allowed when proxying an own cloud service HOT 13
- Display localhost, intranet & internet IP with the banner
- Fastcgi support in proxy plugin
- Support multiple arguments HOT 1
- Status of this project HOT 1
- PHP support via FastCGI or in some other way
- Create Packages for Linux Distributions HOT 1
- Configuration not reliable HOT 20
- Account creation on ACMEv1 is disabled
- Host blocks don't appear to work?
- some problem about gzip writer not use sync pool in `middleware/compress.go`
- Is it possible to enable auto TLS without 443 (maybe HTTP-01 Challenge ?)
- Trying to get in touch regarding a security issue
- @irundaia I made a fix, do you want to try with the following files?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from armor.