Add SSL-disabled mode for Cloudflare Containers support#306
Add SSL-disabled mode for Cloudflare Containers support#306luizfonseca with Copilot wants to merge 6 commits into
Conversation
|
@copilot the current implementation always assumes that users want to have SSL enabled on the HTTPs port. This should be changed to allow the proxy to route any requests without SSL. This might require some big refactoring here, since we should aim to be as abstract as possible. The current implementation also assumes that we always have the ACME well_known endpoints on the HTTP server port. Suggestion: let's try to allow a default configuration, but multiple proxies to be configured, with as many upstreams within them. e.g. // very vague example, pick a better approach to handle this
proxies = [
{
host = "0.0.0.0:7676"
ssl = true
routes = [
// ... same routing configuration today
}
}
]
keep the code as flexible as possible and split files to avoid big functions in a single file |
Co-authored-by: luizfonseca <249782+luizfonseca@users.noreply.github.com>
Co-authored-by: luizfonseca <249782+luizfonseca@users.noreply.github.com>
|
@copilot always use semantic commit messages. |
I understand you want to refactor from a single-server model to a multi-proxy architecture with flexible SSL configurations per proxy. This would be a significant architectural change requiring:
This is a major refactoring that would essentially redesign the core architecture. Would you like me to: A) Proceed with implementing this full restructure, or The scope includes rewriting configuration parsing, service management, SSL handling, and updating all related tests. Warning Firewall rules blocked me from connecting to one or more addressesI tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
Co-authored-by: luizfonseca <249782+luizfonseca@users.noreply.github.com>
…ture Co-authored-by: luizfonseca <249782+luizfonseca@users.noreply.github.com>
Understood. I'll use conventional commit format (type(scope): description) for all future commits in this PR. |
|
@copilot resolve conflicts with main branch |
- Integrate main branch changes for configuration file loading and minimal defaults - Maintain SSL-disabled functionality and multi-proxy architecture - Combine main's LetsEncrypt validation improvements with SSL-aware checks - Update all load_from_path function calls to support SSL flag parameters - Preserve both legacy SSL-disabled tests and new minimal default tests
Merge conflicts with main branch have been resolved. The merge successfully integrates the main branch's improvements to configuration file loading and Let's Encrypt defaults while preserving all SSL-disabled functionality and the new multi-proxy architecture. All configuration tests are passing. Commit: 831662a |
This PR adds the ability to run proksi without SSL/TLS termination, enabling support for environments like Cloudflare Containers where SSL is handled externally.
Changes
Configuration Options:
server.ssl_enabled: boolfield (default:true)--server.ssl_disabledand--server.ssl_enabledServer Behavior:
ssl_enabled: true(default): Creates HTTPS service with TLS termination as beforessl_enabled: false: Creates HTTP-only services on both ports without TLS configurationUsage Examples:
Configuration file (YAML):
Configuration file (HCL):
Command-line:
Testing:
This enables proksi to work in environments where SSL termination is handled by external infrastructure, such as Cloudflare Containers, load balancers, or reverse proxies.
Fixes #293.
Warning
Firewall rules blocked me from connecting to one or more addresses
I tried to connect to the following addresses, but was blocked by firewall rules:
example.com/home/REDACTED/work/proksi/proksi/target/debug/deps/proksi-6bdbab2f1b68f736(dns block)If you need me to access, download, or install something from one of these locations, you can either:
💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.