search

caddyserver / caddy

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
https://caddyserver.com
Apache License 2.0
58.3k stars 4.03k forks source link

Feature Suggestion: TLS/SSL preread + transparent proxying #3985

Closed julijane closed 3 years ago

julijane commented 3 years ago

What I would love to see implemented in Caddy is something like this http://nginx.org/en/docs/stream/ngx_stream_ssl_preread_module.html

What that module allows is to examine the data from TLS/SSL Client Hello (e.g. SNI, Protocol, etc.) and then proxy the connection without actually terminating it. This allows SSL encrypted connections directly through to the the target, also as the examples show it also allows to have other services (examples show SSH and XMPP) coexist on the same port.

Unless i missed something it does not look like Caddy can do this at the moment.

mholt commented 3 years ago

Ah, you want this plugin: https://github.com/mholt/caddy-l4

It does all that and is even much more flexible than what nginx does.

julijane commented 3 years ago

@mholt Thank you, amazing. And awesome fast reply, thank you very much. Maybe this could be featured a bit better, i could not find it with different searches. It is unclear from that project if it can be used in production or not. It says to expect breaking changes, but as long as current implementation just works this I could totally deal with.

mholt commented 3 years ago

I'm using it in "production" but I do not know of any Netflix-scale deployments. It is also subject to change since it's not finished yet, but most of the changes I foresee would be small. Mostly, the documentation needs to improve. For now you'll have to glance at the code to get a sense of structure, especially for advanced configs. Or use the examples and go from there. Otherwise I think it's pretty solid.

julijane commented 3 years ago

Thank you for clarifying. I wish I would have something to do with a service of a size like Netflix, it would be more like Notflix with what I have available on resources :) I will check it out, I have a rather simple setup in mind (want to have coturn on 443 besides standard webhosting) I'm sure I will get it working. Thank you for the quick responses and for your work on Caddy. I only recently started using it and it is a completely fresh breath of air, no looking back.