Provides a forwarding HTTPS server which transparently fetches and caches certificates via Let's Encrypt. This must run on 443 and 80 (HTTP just forwards to https://) and can't coexist with any other web server on your machine.
This is a bit like a forwarding SSH reverse proxy for services that can be seen by the machine you're running https-forward on.
This is so you can host random and long-lived services publicly on the internet—perfect for other services which don't care about certificates or HTTPS at all, and might be provided by Node or Go on a random high port (e.g., some dumb service running on localhost:8080
).
Note! This doesn't magic up domain names. You would use this service only if you're able to point DNS records to the IP address of a machine you're running this on, and that the machine is able to handle incoming requests on port 443 and 80 (e.g., on a home network, you'd have to set up port forwarding on your router).
go get -u github.com/charflow/https-forward
The default configuration is read at /etc/https-forward
.
Either way, it should be authored like this:
# hostname forward-to optional-basic-auth
host.example.com localhost:8080
blah.example.com 192.168.86.24:7999 user:pass
user-only.example.com localhost:9002 user # accepts any password
# ... specify host with '.' to suffix all following
.example.com
test localhost:9000
under-example any-hostname-here.com:9000
(example.com used above purely as an example. You'd replace it with a domain name you controlled, preferably with a wildcard DNS record.)
Restart or send SIGHUP
to the binary to reread the config file.
If incoming HTTPS requests take a long time and then fail, Let's Encrypt might have throttled you.
Unfortunately, the autocert
client in Go isn't very verbose about this.
This happens on a per-domain basis (rather than say, from your client IP), so just try a new domain (even a subdomain).