{"id":18336209,"url":"https://github.com/openremote/proxy","last_synced_at":"2026-02-06T11:51:03.995Z","repository":{"id":71631944,"uuid":"348409757","full_name":"openremote/proxy","owner":"openremote","description":"HAProxy docker image with Letsencrypt SSL auto renewal","archived":false,"fork":false,"pushed_at":"2025-07-02T17:16:40.000Z","size":88,"stargazers_count":10,"open_issues_count":2,"forks_count":11,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-07-02T18:29:33.406Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/openremote.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-03-16T16:03:14.000Z","updated_at":"2025-07-02T17:16:41.000Z","dependencies_parsed_at":"2024-03-08T15:29:33.907Z","dependency_job_id":"544e76cf-70ac-422b-bd2d-256fc1f659ea","html_url":"https://github.com/openremote/proxy","commit_stats":null,"previous_names":[],"tags_count":35,"template":false,"template_full_name":null,"purl":"pkg:github/openremote/proxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openremote%2Fproxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openremote%2Fproxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openremote%2Fproxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openremote%2Fproxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/openremote","download_url":"https://codeload.github.com/openremote/proxy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openremote%2Fproxy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275358890,"owners_count":25450444,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-16T02:00:10.229Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-05T20:06:51.517Z","updated_at":"2025-09-16T04:05:24.699Z","avatar_url":"https://github.com/openremote.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# HAProxy docker image\n\n[![Docker Image](https://github.com/openremote/proxy/actions/workflows/proxy.yml/badge.svg)](https://github.com/openremote/proxy/actions/workflows/proxy.yml)\n\nHAProxy docker image with Lets Encrypt SSL auto renewal using certbot with built in support for wildcard certificates using AWS Route53.\n\n## Paths\n\n* `/deployment/letsencrypt` - Certbot config directory where generated certificates are stored\n* `/etc/haproxy/haproxy.cfg` - Default location of haproxy configuration file\n* `/etc/haproxy/certs` - Static (non certbot) certificates includes self-signed and any other static certificates should be volume mapped into this folder\n* `/var/log/*` - Location of log files (all are symlinked to stdout)\n\n## Environment variables\n\n* `DOMAINNAME` - IANA TLD subdomain for which a Lets Encrypt certificate should be requested \n* `DOMAINNAMES` - Comma separated list of IANA TLD subdomain names for which Lets Encrypt certificates should be \nrequested (this is a multi-value alternative to DOMAINNAME)\n* `HAPROXY_USER_PARAMS` - Additional arguments that should be passed to the haproxy process during startup\n* `HAPROXY_CONFIG` - Location of HAProxy config file (default: `/etc/haproxy/haproxy.cfg`)\n* `PROXY_LOGLEVEL` - Log level for HAProxy (default: `notice`)\n* `HTTP_PORT` - The container binds to this port for handling HTTP requests (default: `80`)\n* `HTTPS_PORT` - The container binds to this port for handling HTTPS requests (default: `443`)\n* `HTTPS_FORWARDED_PORT` - The port set in the `X-Forwarded-Port` header of requests send to the Manager/Keycloak (default: `%[dst_port]` this is the HAProxy port)\n* `NAMESERVER` - The nameserver hostname and port used for resolving the Manager/Keycloak hosts (default: `127.0.0.11:53`)\n* `MANAGER_HOST` - Hostname of OpenRemote Manager (default: `manager`)\n* `MANAGER_WEB_PORT` - Web server port of OpenRemote Manager (default `8080`)\n* `MANAGER_MQTT_PORT` - MQTT broker port of OpenRemote Manager (default `1883`)\n* `MANAGER_PATH_PREFIX` - The path prefix used for OpenRemote Manager HTTP requests (default not set, example: `/openremote`)\n* `KEYCLOAK_HOST` - Hostname of the Keycloak server (default: `keycloak`)\n* `KEYCLOAK_PORT` - Web server port of Keycloak server (default `8080`)\n* `KEYCLOAK_PATH_PREFIX` - The path prefix used for Keycloak HTTP requests (default not set, example: `/keycloak`)\n* `LOGFILE` - Location of log file for entrypoint script to write to in addition to stdout (default `none`)\n* `AWS_ROUTE53_ROLE` - AWS Route53 Role ARN to be assumed when trying to generate wildcard certificates using Route53 DNS zone, specifically for cross account updates (default `none`)\n* `LE_EXTRA_ARGS` - Can be used to add additional arguments to the certbot command (default `none`)\n* `SISH_HOST` - Defines the destination hostname for forwarding requests that begin with `gw-` used in combination with `SISH_PORT`\n* `SISH_PORT` - Defined the destination port for forwarding requests tha begin with `gw-` used in combination with `SISH_HOST`\n* `MQTT_RATE_LIMIT` - Enable rate limiting for MQTT connections (connections/s)\n\n## Custom certificate format\n\nAny custom certificate volume mapped into `/etc/haproxy/certs` should be in PEM format and must include the full certificate chain and the private key, i.e.:\n```shell\ncat privkey.pem cert.pem chain.pem \u003e ssl-certs.pem\n```\n\nSee `haproxy` SSL cert [documentation](https://www.haproxy.com/blog/haproxy-ssl-termination/#enabling-ssl-with-haproxy).\n\n## Edge gateway tunnelling using SISH\n\nThe built in `haproxy.cfg` has support for forwarding requsts beginning with `gw-` to `https://SISH_HOST:SISH_PORT` just define these environment variables to enable this.\n\n## Kubernetes\n\nWhen running the proxy in Kubernetes make sure to set the `HTTP_PORT` and `HTTPS_PORT` environment variables to a non-privileged port (\u003e 1024).\nIf you use an Ingress, reconfigure the `HTTPS_FORWARDED_PORT` to the HTTPS port of your Ingress (443).\n\nYou will also need to set the `NAMESERVER` environment variable to the cluster DNS (usually 10.96.0.10:53).\nThe cluster DNS typically only resolves fully qualified hostnames, so make sure to set these using the `MANAGER_HOST` and `KEYCLOAK_HOST` environment variables (e.g. `manager.default.svc.cluster.local`).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenremote%2Fproxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopenremote%2Fproxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenremote%2Fproxy/lists"}