taskserver icon indicating copy to clipboard operation
taskserver copied to clipboard

Published 20 hours ago verified publisher icon GothenburgBitFactory

RFC/RFT: implement taskserver behind SSL proxy

Open osctobe opened this issue 5 years ago • 2 comments

This patchset allows to put taskserver behind an SSL reverse proxy (eg. stunnel or haproxy). Original client's address is passed using PROXY protocol described at [1]. Both versions of the protocol are supported, though binary (v2) is preferred.

[1] http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt

osctobe avatar Mar 13 '19 17:03 osctobe

So this should explain why I was never able to put taskserver behind traefik, right?

Any reasons why this has not been merged yet??

aleprovencio avatar Sep 29 '20 18:09 aleprovencio

So this should explain why I was never able to put taskserver behind traefik, right?

Any reasons why this has not been merged yet??

taskd expects to be able to terminate the mTLS session itself. You might be able to passively proxy it but you can't frontload it I don't think, without this PR.

jrabbit avatar Sep 30 '20 20:09 jrabbit