https://github.com/unifield/revprox
A TLS reverse proxy customized for Unifield's needs
https://github.com/unifield/revprox
certificate ssl tls
Last synced: 5 months ago
JSON representation
A TLS reverse proxy customized for Unifield's needs
- Host: GitHub
- URL: https://github.com/unifield/revprox
- Owner: Unifield
- License: mit
- Created: 2016-12-22T11:32:44.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2024-05-29T09:22:29.000Z (about 2 years ago)
- Last Synced: 2024-06-20T07:59:42.998Z (about 2 years ago)
- Topics: certificate, ssl, tls
- Language: Go
- Size: 64.5 KB
- Stars: 0
- Watchers: 5
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# revprox
A TLS reverse proxy customized for Unifield's needs.
Given an instance name, it appends the domain name to get a FQDN for
itself. It then checks if it has a valid key/cert in $fqdn.{key,cer}
in the current directory. If not, it tries to fetch via LetsEncrypt.
If that fails, it exits with an error code 1.
Once it has a valid certificate, it starts running. It listens on port
8061 and issues redirects for any incoming request to the HTTPS on
the FQDN. It listens on the HTTPS port and does reverse proxying of all
requests to port 18061, where OpenERP Web should be running.
## Running in Linux as a non-priv user
Build it like this:
```
export GOPATH=~/GOPATH
mkdir -p $GOPATH/src
git clone git@github.com:Unifield/revprox.git $GOPATH/src/revprox
cd $GOPATH/src/revprox
make
```
or
```
go build && sudo setcap CAP_NET_BIND_SERVICE=+eip revprox
```
The `setcap` command will allow `revprox` to bind to the appropriate priviledge port.
Note that this won't work if `revprox` is on a filesystem with the `nosuid` flag enabled (you can run `mount` to check this). If that's the case, you might need to move the file elsewhere so that it's able to bind. (N.B. : `cp` won't carry the capabilities across filsystems, you might need to reapply the setcap.)