Automatically obtain certificates

[xmh0511]

This function is demanded, which likes what caddy does.

[junkurihara]

Hello @xmh0511

I know such a function is very useful. But in my opinion, it makes rpxy more complicated since it requires to handle bunch of rpxy-unrelated options, e.g., API keys, endpoints, etc. So honestly, I am not sure that such approach does match the concept of rpxy, as simple as possible.

Personally I am using rpxy with certificates that are issued by ACME-enabled issuers (like Let's encrypt). Then, every certificate is managed with lego by periodically checking with cron. This still maintains the system really simple and works flawlessly for years.

[pomazanbohdan]

I’m guessing it’s worth the effort, because if I (and I’m guessing others) are looking for an alternative to the caddy functionality, which, after all the tests is slow, to find either a HAproxy, which will also require significant additional adjustments, or a nginx proxy manager, I which is not even easy, there may be problems with configurations.

This functionality also added significant popularity to the rust-rpxy.

My case is the need to set up servicing of many clients domains that are sent to a number of internal services, with the transfer of the original domain for further processing:

site1.com, site2.com, ..., siteX.com -> myservice.com (round robin)
img.site1.com, img.site2.com, ..., img.siteX.com -> img.myservice.com
login.site1.com, login.site2.com, ..., login.siteX.com -> img.myservice.com

[junkurihara]

Hmmm, Okay, I will consider positively.

In my current idea, using instant-acme and passing fetched certs/keys via file system should be fine, i.e, the approach overwriting cert/key files. This should work okay with no big change of current rpxy architecture. Also, it persistently stores fetched data and easily resumes after restarting.

Any opinion?

[pomazanbohdan]

Traefik use json as store. My work sample: https://pastebin.com/N5J1GN6e

[yerke]

@junkurihara I think if you add this feature, you will resolve a lot of friction of using rust-rpxy.

[junkurihara]

I just made a draft PR #168 for supporting TLS-ALPN-01 ACME in rpxy. I will check the function on my servers and will publish after some tests (maybe in a couple of weeks). If you guys are interested, please check the change and let me know your opinions.

[junkurihara]

I merged #168 to develop and publish the pre-release 0.9.0-alpha.1

[junkurihara]

Just submitted a post on reddit https://www.reddit.com/user/jqtype/comments/1eacz01/announcement_rpxy_finally_supports_the_automatic/

[junkurihara]

Just released 0.9.0 supporting ACME. Close this!