Open anilmurty opened 2 years ago
refs ovrclk/engineering#307
@tombeynon created https://github.com/ovrclk/stunnel-proxy repo where one can expose as many services as needed. Whatever runs in between the stunnel client & server will get mTLS authenticated+authorized & encrypted.
I've tried it and made a demo running an app
behind the stunnel-server
in Akash Network here https://asciinema.org/a/519302 (both SDL files are in the description there).
Upd: Tom is going to test this against a validator this week.
Good news from Tom on the stunnel-proxy
(mTLS) protecting his validator
<-----> TMKMS
(& RPC) communication:
stunnel-proxy
docker image publicly available (Adam is on it);
While Scott has confirmed (and documented) that Akash validator nodes deployed on Akash, can work with TMKMS (https://docs.akash.network/other-resources/experimental/omnibus/akash-validator-with-tmkms) -- we can't make this generally available until we figure out a way to deal with a proxy/ vpn/ traefik at the ingress controller.
This is a priority because: