imageproxy
imageproxy copied to clipboard
willnorris
Support for SSL
If i'm correct that there seems to be no way to activate SSL support. I tried setting the --addr to localhost:443 but there seems to be nowhere to point to ssl certificates to use.
This can be done by using a nginx-proxy, but it would be great If there was native support for SSL connections.
no imageproxy doesn't support ssl natively. The expectation is that you would run it behind a webserver that does SSL (like nginx), or you could handle it programmatically in go by creating an imageproxy.Proxy instance and setting it to serve requests for whatever http.Server you want, such as one that handles SSL.
I think I'd be fine adding basic TLS support to cmd/imageproxy/main.go, adding a couple of new flags for the cert and key files. But I don't think I'd want to get into anything fancy like ACME. If someone wants that, then it should happen elsewhere.
Alternatively, you can put a CDN in front of it like cloudfront, keycdn, or maxcdn and use their SSL options.
I don't know if image need SSL protection. I'm guessing maybe this is a network/infrastructure requirement for industry like HealthCare (HIPAA) so simple SSL support may suffice?
@noogen: It's mostly to prevent mixed content warnings on https sites.
@willnorris: Adding some basic TLS support would be great!
I'm happy to review a pull request if someone is motivated to add this. I'm unlikely to do it myself, as I don't actually need it (I run imageproxy behind nginx).
The SSL landscape has changed a bit since this was first filed, so adding ACME support probably does make sense (contrary to what I said above).
Some Go packages that would likely be useful there:
- https://godoc.org/golang.org/x/crypto/acme/autocert (maintained by the Go team)
- https://godoc.org/rsc.io/letsencrypt (precursor to autocert, but possibly with better docs on usage)
- https://github.com/mholt/certmagic (used by Caddy)