frp icon indicating copy to clipboard operation
frp copied to clipboard

Published 20 hours ago verified publisher icon fatedier

autocert support

Open tcurdt opened this issue 2 years ago • 4 comments

Describe the feature request

A public facing https port needs a cert. It would be nice if the cert could automatically be obtained from letsencrypt.

Describe alternatives you've considered

I guess one could use caddy as another proxy in front - but that is less than ideal. It would be better to integrate

https://go-acme.github.io/lego/usage/library/

Affected area

  • [X] Docs
  • [ ] Installation
  • [ ] Performance and Scalability
  • [ ] Security
  • [ ] User Experience
  • [X] Test and Release
  • [ ] Developer Infrastructure
  • [X] Client Plugin
  • [X] Server Plugin
  • [X] Extensions
  • [ ] Others

tcurdt avatar Feb 14 '22 09:02 tcurdt

Can you describe more about your configures?

fatedier avatar Feb 15 '22 03:02 fatedier

Let's say I have a http service on the LAN and I want to expose that via https on the a public machine.

I guess one could use frp to create a tunnel and then use e.g. caddy as a reverse proxy to that. Or maybe use cert-manager in DNS mode to obtain letsencrypt certs. Both not ideal.

It seems frp already supports TLS - so why not support getting the cert via acme directly?

tcurdt avatar Feb 15 '22 10:02 tcurdt

That makes sense.

I plan to support it in frp v2. Usage of HTTPS will be refactored future.

If it's easy to implement, i will add this in current release.

fatedier avatar Feb 15 '22 12:02 fatedier

In case one wanted to adopt implementation strategies from other approaches, there is boringproxy.io, which reuses caddyserver/certmagic for the task.

almereyda avatar Sep 21 '22 04:09 almereyda