You put this Charm in front of an
http webservice to add
https security. It deploys a TLS/SSL/HTTPS termination proxy. All https traffic going to this server will be sent to the webserver as
Software & terms:
SSL Termination Proxy
This charm installs an HTTPS reverse proxy. The proxy secures traffic to a webservice in the private network using a Let's Encrypt HTTPS certificate. The proxy can also add basic username/password authentication if the
credentials config option is set.
This proxy receives an A+ rating on the Qualis SSL Server Test.
How to use
Deploy your http webservice.
juju deploy jenkins
Deploy the Proxy.
juju deploy cs:~tengu-team/ssl-termination-proxy
Expose the proxy.
juju expose ssl-termination-proxy
Configure your DNS server to point to the ssl-termination-proxy's public ip.
Let the proxy know what its DNS name is.
(See https://www.duckdns.org for free DNS names)
juju config ssl-termination-proxy fqdn=www.example.com
The proxy will now request a certificate from lets encrypt.
Connect the webservice with the proxy.
juju add-relation jenkins ssl-termination-proxy
Now you can surf to https://
and you wil reach the webservice.
[Optional] Configure basic auth
juju config ssl-termination-proxy credentials="<username> <password>"
Multiple accounts aren't supported for the moment.
This software was created in the IBCN research group of Ghent University in Belgium. This software is used in Tengu, a project that aims to make experimenting with data frameworks and tools as easy as possible.
- (string) Contact email for Let's Encrypt
- (string) Space-separated username and password for basic authentication.
- (string) Space separated list of extra deb packages to install.
- (string) Fully-Qualified Domain Name of server to register
- (string) listen address
- (string) List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
- (string) List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.
- (string) The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".
- (int) NGINX listen port