{"id":50907882,"url":"https://github.com/seamys/luci-app-https-gateway","last_synced_at":"2026-06-16T07:01:36.026Z","repository":{"id":360355611,"uuid":"1249779815","full_name":"seamys/luci-app-https-gateway","owner":"seamys","description":"🔒 OpenWrt LuCI application — nginx reverse proxy + ACME certificate management + dnsmasq DNS automation for LAN HTTPS access","archived":false,"fork":false,"pushed_at":"2026-06-12T13:23:02.000Z","size":69,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-12T14:19:16.564Z","etag":null,"topics":["acme","certificate","dns","homelab","https","letsencrypt","luci","nginx","openwrt","reverse-proxy"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/seamys.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-05-26T03:07:47.000Z","updated_at":"2026-06-12T13:23:06.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/seamys/luci-app-https-gateway","commit_stats":null,"previous_names":["seamys/luci-app-https-gateway"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/seamys/luci-app-https-gateway","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seamys%2Fluci-app-https-gateway","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seamys%2Fluci-app-https-gateway/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seamys%2Fluci-app-https-gateway/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seamys%2Fluci-app-https-gateway/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/seamys","download_url":"https://codeload.github.com/seamys/luci-app-https-gateway/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/seamys%2Fluci-app-https-gateway/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34393305,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-16T02:00:06.860Z","response_time":126,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acme","certificate","dns","homelab","https","letsencrypt","luci","nginx","openwrt","reverse-proxy"],"created_at":"2026-06-16T07:01:33.704Z","updated_at":"2026-06-16T07:01:36.008Z","avatar_url":"https://github.com/seamys.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# 🔒 luci-app-https-gateway\n\n**LAN HTTPS Reverse Proxy Gateway for OpenWrt**\n\n[![Release](https://img.shields.io/github/v/release/seamys/luci-app-https-gateway?style=flat-square\u0026logo=github)](https://github.com/seamys/luci-app-https-gateway/releases)\n[![License](https://img.shields.io/github/license/seamys/luci-app-https-gateway?style=flat-square)](LICENSE)\n[![Tests](https://img.shields.io/badge/tests-149%20passing-brightgreen?style=flat-square\u0026logo=checkmarx\u0026logoColor=white)](#testing)\n[![OpenWrt](https://img.shields.io/badge/OpenWrt-25.x-00B5E2?style=flat-square\u0026logo=openwrt\u0026logoColor=white)](https://openwrt.org/)\n[![Shell](https://img.shields.io/badge/shell-POSIX%20sh-4EAA25?style=flat-square\u0026logo=gnu-bash\u0026logoColor=white)](src/bin/https-gateway)\n[![i18n](https://img.shields.io/badge/i18n-English%20%7C%20中文-blue?style=flat-square\u0026logo=translate\u0026logoColor=white)](#internationalization)\n\nManage nginx reverse proxy, automatic ACME certificate issuance, and local DNS resolution through a LuCI web UI — providing HTTPS access for all your LAN services with zero manual configuration.\n\n[📖 Documentation](docs/) · [🐛 Report Bug](https://github.com/seamys/luci-app-https-gateway/issues) · [💡 Request Feature](https://github.com/seamys/luci-app-https-gateway/issues)\n\n\u003c/div\u003e\n\n---\n\n## ✨ Features\n\n| Feature | Description |\n|---------|-------------|\n| 🌐 **Multi-domain** | Add domains freely, each with an automatically issued TLS certificate |\n| 🃏 **Wildcard certs** | `*.example.com` — one certificate covers all subdomains |\n| 🔀 **Reverse proxy** | Proxy any HTTP service on LAN or public networks |\n| ⚡ **WebSocket** | One-click Upgrade header injection for real-time apps |\n| 🧭 **Auto DNS** | Automatically add domain → router IP resolution in dnsmasq |\n| 🔄 **Auto renewal** | Based on acme.sh, 90-day certificates auto-renew |\n| 🎨 **LuCI native** | Three-page UI: status overview, certificate management, proxy rules |\n| 🌍 **i18n** | English + Chinese Simplified, easily extensible |\n\n## 📋 Requirements\n\n| Requirement | Details |\n|-------------|---------|\n| Platform | OpenWrt 25.x (APK package manager) |\n| Domain | A registered domain name |\n| DNS API | Provider API credentials (Alibaba Cloud, Cloudflare, DNSPod, or GoDaddy) |\n\n## 📦 Dependencies\n\nAuto-installed: \n\n![nginx-ssl](https://img.shields.io/badge/-nginx--ssl-009639?style=flat-square\u0026logo=nginx\u0026logoColor=white)\n![acme-acmesh](https://img.shields.io/badge/-acme--acmesh-blue?style=flat-square)\n![acme-acmesh-dnsapi](https://img.shields.io/badge/-acme--acmesh--dnsapi-blue?style=flat-square)\n![curl](https://img.shields.io/badge/-curl-073551?style=flat-square\u0026logo=curl\u0026logoColor=white)\n![ca-bundle](https://img.shields.io/badge/-ca--bundle-grey?style=flat-square)\n![ca-certificates](https://img.shields.io/badge/-ca--certificates-grey?style=flat-square)\n\n## 🏗️ Project Structure\n\n```\n├── Makefile              OpenWrt SDK build definition\n├── src/\n│   ├── view/             LuCI JS frontend views (i18n via _())\n│   ├── bin/              Main service script → /usr/sbin/https-gateway\n│   ├── rpcd/             RPC backend → /usr/libexec/rpcd/https-gateway\n│   ├── config/           UCI default config → /etc/config/https_gateway\n│   ├── init/             procd init → /etc/init.d/https_gateway\n│   ├── uci-defaults/     First-boot script → /etc/uci-defaults/\n│   ├── share/            LuCI menu + ACL JSON\n│   └── i18n/             Translation files (POT + PO)\n│       ├── templates/    POT template (source strings)\n│       └── zh_Hans/      Chinese Simplified translation\n├── docs/                 Documentation\n└── tests/                Unit \u0026 integration tests (149 tests)\n```\n\n## 🚀 Installation\n\n### Pre-built Package (Recommended)\n\nDownload the `.ipk` matching your router's architecture from the [Releases](https://github.com/seamys/luci-app-https-gateway/releases) page:\n\n| Architecture | Target Devices |\n|--------------|----------------|\n| `x86_64` | Virtual machines, PC routers |\n| `aarch64_cortex-a53` | MediaTek MT7981/7986 (Filogic) |\n| `aarch64_generic` | Rockchip ARM64 boards |\n| `arm_cortex-a7_neon-vfpv4` | Allwinner sunxi |\n\n```sh\n# Transfer to router\nscp luci-app-https-gateway_*_x86_64.ipk root@192.168.0.1:/tmp/\n\n# Install (OpenWrt 23.x with opkg)\nssh root@192.168.0.1 'opkg install /tmp/luci-app-https-gateway_*.ipk'\n\n# Or OpenWrt 25.x with APK\nssh root@192.168.0.1 'apk add --allow-untrusted /tmp/luci-app-https-gateway_*.ipk'\n```\n\n### Manual Deployment (Development/Debug)\n\n```sh\nROUTER=root@192.168.0.1\n\nscp src/bin/https-gateway          ${ROUTER}:/usr/sbin/\nscp src/rpcd/https-gateway         ${ROUTER}:/usr/libexec/rpcd/\nscp src/config/https_gateway       ${ROUTER}:/etc/config/\nscp src/init/https_gateway         ${ROUTER}:/etc/init.d/\nscp src/uci-defaults/50-luci-https-gateway ${ROUTER}:/etc/uci-defaults/\nscp src/share/menu.d/luci-app-https-gateway.json ${ROUTER}:/usr/share/luci/menu.d/\nscp src/share/acl.d/luci-app-https-gateway.json  ${ROUTER}:/usr/share/rpcd/acl.d/\n\nssh ${ROUTER} 'mkdir -p /www/luci-static/resources/view/https-gateway'\nscp src/view/*.js ${ROUTER}:/www/luci-static/resources/view/https-gateway/\n\nssh ${ROUTER} 'chmod +x /usr/sbin/https-gateway /usr/libexec/rpcd/https-gateway /etc/init.d/https_gateway'\nssh ${ROUTER} '/etc/init.d/rpcd restart \u0026\u0026 /etc/init.d/https_gateway enable'\n```\n\n### ImageBuilder Built-in\n\n```sh\ncp src/bin/https-gateway           files/usr/sbin/\ncp src/rpcd/https-gateway          files/usr/libexec/rpcd/\ncp src/config/https_gateway        files/etc/config/\ncp src/init/https_gateway          files/etc/init.d/\ncp src/uci-defaults/50-luci-https-gateway files/etc/uci-defaults/\ncp src/share/menu.d/*.json         files/usr/share/luci/menu.d/\ncp src/share/acl.d/*.json          files/usr/share/rpcd/acl.d/\nmkdir -p files/www/luci-static/resources/view/https-gateway\ncp src/view/*.js                   files/www/luci-static/resources/view/https-gateway/\n```\n\n### APK/opkg Package Install (After SDK Build)\n\n```sh\n# opkg (OpenWrt 23.x)\nopkg install luci-app-https-gateway_1.0.1-1_all.ipk\n\n# APK (OpenWrt 25.x)\napk add --allow-untrusted luci-app-https-gateway_1.0.1-1_all.apk\n```\n\n## ⚡ Quick Configuration\n\n1. Navigate to **LuCI → Services → HTTPS Gateway**\n2. Enter email, select DNS provider, fill in API credentials\n3. Add a certificate (e.g. `*.example.com`)\n4. Add proxy rules (domain + path + upstream address)\n5. Enable gateway → **Save \u0026 Apply**\n6. Click **\"Issue/Renew Certificates\"**\n\n\u003e 💡 **Tip**: Start with staging mode enabled to test your setup without hitting Let's Encrypt rate limits.\n\n## 🧪 Testing\n\nRun the full test suite (no router required):\n\n```sh\nsh tests/run_all.sh\n```\n\n| Suite | Tests | Coverage |\n|-------|-------|----------|\n| `test_validation.sh` | 47 | Domain, location, upstream regex validation |\n| `test_nginx_conf.sh` | 37 | nginx config generation, TLS, WebSocket |\n| `test_dns_certs.sh` | 25 | Certificate paths, wildcard matching, DNS sync |\n| `test_integration.sh` | 25 | JSON output, UCI validation, service states |\n| `test_validate.sh` | 15 | Legacy regex smoke tests |\n\n## 🌍 Internationalization\n\nThe UI uses OpenWrt's standard PO/LMO i18n system:\n\n- Source strings in English with `_()` markers in JS views\n- Translations in `src/i18n/\u003clang\u003e/https-gateway.po`\n- Build produces `.lmo` binary files for LuCI runtime\n\n**Available languages**: English (base), 中文简体 (zh_Hans)\n\nTo add a new language, copy `src/i18n/templates/https-gateway.pot` to `src/i18n/\u003clang\u003e/https-gateway.po` and translate the `msgstr` entries.\n\n## 📋 Release\n\nTo create a new release:\n\n```sh\n# Bump version in Makefile, then:\ngit tag v1.1.0\ngit push origin v1.1.0\n```\n\nGitHub Actions will automatically:\n1. Download the OpenWrt SDK for each supported architecture\n2. Compile `.ipk` packages (x86_64, aarch64, arm)\n3. Create a source tarball for manual SDK builds\n4. Publish a GitHub Release with all assets attached\n\n### Supported architectures\n\n| Arch | SDK Target | Typical Devices |\n|------|-----------|-----------------|\n| x86_64 | x86/64 | VMs, soft routers |\n| aarch64_cortex-a53 | mediatek/filogic | GL.iNet MT3000, Xiaomi AX series |\n| aarch64_generic | rockchip/armv8 | NanoPi R4S/R5S, FriendlyElec |\n| arm_cortex-a7 | sunxi/cortexa7 | Orange Pi, Banana Pi |\n\n## 🤝 Contributing\n\n1. Fork the repository\n2. Create a feature branch (`git checkout -b feat/amazing-feature`)\n3. Run tests (`sh tests/run_all.sh`)\n4. Commit your changes (`git commit -m 'feat: add amazing feature'`)\n5. Push to the branch (`git push origin feat/amazing-feature`)\n6. Open a Pull Request\n\n## 📄 License\n\nThis project is licensed under the MIT License — see the [LICENSE](LICENSE) file for details.\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n**If this project helps you, consider giving it a ⭐**\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fseamys%2Fluci-app-https-gateway","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fseamys%2Fluci-app-https-gateway","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fseamys%2Fluci-app-https-gateway/lists"}