-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
External TLS termination for the Charm server #37
Comments
aymanbagabas
added a commit
that referenced
this issue
Dec 16, 2021
aymanbagabas
added a commit
that referenced
this issue
Jan 3, 2022
aymanbagabas
added a commit
that referenced
this issue
Jan 4, 2022
aymanbagabas
added a commit
that referenced
this issue
Jan 4, 2022
rubiojr
pushed a commit
to rubiojr/charm
that referenced
this issue
Jan 31, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have a Caddy server proxying a few other servers and doing TLS termination for them, so I'd like to do that with the Charm server also, and setup a Charm server using the docker container, behind a Caddy container doing the TLS termination.
not that this helps a lot but the issues looks less boring :)
The setup is straight forward but I'm finding some resistance: if I don't specify
CHARM_SERVER_HTTP_SCHEME=https
server side (as documented in the README), the client tries to communicate using plain HTTP with the server eventually (presumably after being told to use http by the server), so I need to setCHARM_SERVER_HTTP_SCHEME=https
. However, if I do that, the server crashes when starting up because it obviously requires key material to do the TLS termination and I'm not settingCHARM_SERVER_TLS_KEY_FILE
andCHARM_SERVER_TLS_CERT_FILE
:It'd be nice if an external proxy (like Caddy in my case) could do the TLS termination while the server lets the client know it should still use https to communicate (I think this is related to the URL schema being used to send requests.
I'm currently using a small patch and seems to be working as expected, with Charm server serving plain text and Caddy doing the TLS termination, but keeping the client happy and the transport layer secure:
Diff here. I'm currently unaware of how many kittens per day this patch could eat.
With that patch, I can start the server with the following env variables and have Caddy in front, serving and doing the TLS termination:
Did I miss something or having external TLS termination isn't currently possible?
❤️
The text was updated successfully, but these errors were encountered: