rust-rpxy with docker #175
-
I roughed in my first example with root@server:~/rpxy# cat config.toml listen_port = 80
listen_port_tls = 443
[apps.whoami]
server_name = 'whoami.example.com'
tls = { https_redirection = true, tls_cert_path = '/certs/server.pem', tls_cert_key_path = '/certs/server.key' }
reverse_proxy = [{ upstream = [{ location = 'whoami:80' }] }]
# reverse_proxy = [{ upstream = [{ location = 'whoami.example.com:80' }] }] ✅
# reverse_proxy = [{ upstream = [{ location = '192.168.168.230:80' }] }] ✅
[apps.hello]
server_name = 'hello.example.com'
tls = { https_redirection = true, tls_cert_path = '/certs/server.pem', tls_cert_key_path = '/certs/server.key' }
reverse_proxy = [{ upstream = [{ location = 'hello:8000' }] }] root@server:~/rpxy# cat docker-compose.yml networks:
hap-network:
name: "hap-network"
driver: bridge
ipam:
driver: default
config:
- subnet: "192.168.168.0/24"
gateway: "192.168.168.1"
services:
rpxy:
image: jqtype/rpxy:latest-slim
environment:
- WATCH=true
ports:
- 0.0.0.0:80:80
- 0.0.0.0:443:443
networks:
hap-network:
ipv4_address: 192.168.168.200
volumes:
- ./config.toml:/rpxy/config/rpxy-config/rpxy.toml
- ./config.toml:/etc/rpxy.toml
- ./certificates/example.com.crt:/certs/server.crt:ro
- ./certificates/example.com.key:/certs/server.key:ro
- ./certificates/example.com.pem:/certs/server.pem:ro
whoami:
image: traefik/whoami
container_name: whoami
hostname: whoami
# hostname: whoami.example.com
restart: unless-stopped
ports:
- 8080:80
networks:
hap-network:
ipv4_address: 192.168.168.230
hello:
image: crccheck/hello-world
container_name: hello
hostname: hello
restart: unless-stopped
ports:
- 8088:8000
networks:
hap-network:
ipv4_address: 192.168.168.240
I will investigate why I'm having an open port not exposed to TLS through Rust-Rpxy. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
Would I be able to do TLS/SNI Layer4 termination as it is done with caddy-l4 in I got livekit working with Caddy-L4 on my VPS using this version of Livekit. However, it has a rather complex Caddy-L4 TLS/SNI Layer-4 termination file which I would like to simplify I would also use this solution to host stalwart-mail-server and other greedy livekit-meet-docker caddy-l4.yml apps:
tls:
certificates:
automate:
- "#{$LIVEKIT_MEET_FQDN}"
- "#{$LIVEKIT_SERVER_FQDN}"
- "#{$LIVEKIT_TURN_FQDN}"
layer4:
servers:
main:
listen: [":443"]
routes:
- match:
- tls:
sni:
- "#{$LIVEKIT_MEET_FQDN}"
handle:
- handler: tls
connection_policies:
- alpn: ["http/1.1", "http/2"]
- handler: proxy
upstreams:
- dial: ["livekit-meet:3000"]
- match:
- tls:
sni:
- "#{$LIVEKIT_SERVER_FQDN}"
handle:
- handler: tls
connection_policies:
- alpn: ["http/1.1"]
- handler: proxy
upstreams:
- dial: ["livekit-server:7880"]
- match:
- tls:
sni:
- "#{$LIVEKIT_TURN_FQDN}"
handle:
- handler: tls
- handler: proxy
upstreams:
- dial: ["livekit-server:5349"]
|
Beta Was this translation helpful? Give feedback.
-
Hi @shoutmarble, The functionality seems to be "technically" possible with some modification of the code, and may be supported in future. |
Beta Was this translation helpful? Give feedback.
Hi @shoutmarble,
rpxy
does not support L4 proxy (TCP proxy) at this point. So unfortunately it doesn't support forwarding TCP stream by terminating TLS atrpxy
.The functionality seems to be "technically" possible with some modification of the code, and may be supported in future.