ssl termination proxy #6

Supports: xenial

Add to new model

Description

You put this Charm in front of an http webservice to add https security. It deploys a TLS/SSL/HTTPS termination proxy. All https traffic going to this server will be sent to the webserver as http traffic.


Software & terms:

SSL Termination Proxy

This charm installs an HTTPS reverse proxy. The proxy secures traffic to a webservice in the private network using a Let's Encrypt HTTPS certificate. The proxy can also add basic username/password authentication if the credentials config option is set.

This proxy receives an A+ rating on the Qualis SSL Server Test.

How to use

HTTPS proxy

```bash

Deploy your http webservice.

juju deploy jenkins

Deploy the Proxy.

juju deploy cs:~tengu-team/ssl-termination-proxy

Expose the proxy.

juju expose ssl-termination-proxy

Configure your DNS server to point to the ssl-termination-proxy's public ip.

Let the proxy know what its DNS name is.

(See https://www.duckdns.org for free DNS names)

juju config ssl-termination-proxy fqdn=www.example.com

The proxy will now request a certificate from lets encrypt.

Connect the webservice with the proxy.

juju add-relation jenkins ssl-termination-proxy

Now you can surf to https:// and you wil reach the webservice.

```

[Optional] Configure basic auth

bash juju config ssl-termination-proxy credentials="<username> <password>"

Multiple accounts aren't supported for the moment.

Authors

This software was created in the IBCN research group of Ghent University in Belgium. This software is used in Tengu, a project that aims to make experimenting with data frameworks and tools as easy as possible.


Configuration

contact-email
(string) Contact email for Let's Encrypt
credentials
(string) Space-separated username and password for basic authentication.
extra_packages
(string) Space separated list of extra deb packages to install.
fqdn
(string) Fully-Qualified Domain Name of server to register
host
(string) listen address
127.0.0.1
install_keys
(string) List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
install_sources
(string) List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.
package_status
(string) The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".
install
port
(int) NGINX listen port
80