TLS Endpoints for Proxy and Controller #24
Comments
|
Before this feature is available, we could have a frontend config that means "This frontend is always accessed via HTTPS." When set, the frontend would set the |
|
The last time I set up a zrok instance I decided to use Caddy as the reverse proxy. It was a dramatically improved experience over Nginx. I have no opinions about comparative performance. A native server TLS feature alone wouldn't tempt me away from using Caddy, now that I've tasted managed certs. I'm happy to share my Caddy setup, and it makes me wonder if we could embed Caddy in the frontend like we did for the backend, and enjoy Caddy's modular ACME solvers. |
|
If zrok provides native server TLS then I'd still need an external solver like certbot, and I'd need a watchdog process to notice when the cert is renewed and HUP zrok frontend, depending on the deployment env. That is, send a HUP (assuming the zrok frontend catches HUPs to reload config) if running as a systemd service, and perform a rolling pod replacement if in K8s, and probably a ham-fisted container bounce if running in Docker Compose. |
Enable native (not through an external reverse proxy) TLS for both the
zrok proxyand thezrok ctrlendpoints.The text was updated successfully, but these errors were encountered: