Closed zeitos closed 1 year ago
hbqdev
commented
1 year ago Hi @zeitos Unfortunately, The proxy doesn't support https right now, so you will need to put it behind a LB or similar that provides the SSL layer for you.
We apologize for the inconvenience. Regards
zeitos
commented
1 year ago Thanks for your fast response @hbqdev, undestood. My main issue with that is that the communication between the LB and the proxy is insecure (even inside our own infra), I guess I can modify docker/Dockerfile.proxy to incorporate nginx too.
mredolatti
commented
1 year ago Hi @hbqdev & @zeitos , the proxy does support https. You need to provide your own certificates (adding a mount volume if you're using the container approach).
Here are the appropriate cli options (local) & env vars (container) you need to setup
| cli | ENV VAR | Description
| server-tls-enabled | SPLIT_PROXY_SERVER_TLS_ENABLED | Enable HTTPS on proxy endpoints |
| server-tls-client-validation | SPLIT_PROXY_SERVER_TLS_CLIENT_VALIDATION | Enable client cert validation |
| server-tls-server-name | SPLIT_PROXY_SERVER_TLS_SERVER_NAME | Server name as it appears in provided server-cert |
| server-tls-cert-chain-fn | SPLIT_PROXY_SERVER_TLS_CERT_CHAIN_FN | X509 Server certificate chain |
| server-tls-private-key-fn | SPLIT_PROXY_SERVER_TLS_PRIVATE_KEY_FN | PEM Private key file name |
| server-tls-client-validation-root-cert | SPLIT_PROXY_SERVER_TLS_CLIENT_VALIDATION_ROOT_CERT | X509 root cert for client validation |
| server-tls-min-tls-version | SPLIT_PROXY_SERVER_TLS_MIN_TLS_VERSION | Minimum TLS version to allow X.Y |
| server-tls-allowed-cipher-suites | SPLIT_PROXY_SERVER_TLS_ALLOWED_CIPHER_SUITES | Comma-separated list of cipher suites to allow |amazing, thanks @mredolatti, I'll give it a try.
hbqdev
commented
1 year ago Hi @zeitos
We're closing this issue, if you still have problems you can open another one. Regards,
I would like my clients to use HTTPS instead of HTTP to connect to split_proxy, but I can't find documentation about it.