Add support for TLS #164
Comments
|
Sounds a nice feature to have you have it already working ? |
|
@allamand yeah, I can add a PR if there's interest. |
|
That would be nice, I’ll love to see if that can fit my use case |
|
@chadbean thanks. do you have sample configuring the tls ? |
|
@allamand it could be used like this, for example: docker run --rm -ti \
-v ~/.aws:/root/.aws \
-v /path/to/your/certs/server.crt:/etc/ssl/certs/server.crt \
-v /path/to/your/certs/server.key:/etc/ssl/certs/server.key \
-p 8080:8080 \
-e 'AWS_SDK_LOAD_CONFIG=true' \
-e 'AWS_PROFILE=<your profile name>' \
public.ecr.aws/aws-observability/aws-sigv4-proxy:1.7 \
--enable-tls \
--tls-cert-file=/etc/ssl/certs/server.crt \
--tls-key-file=/etc/ssl/certs/server.key \
--name execute-api --region <aws region> \
--host <redacted>.execute-api.<aws region>.amazonaws.com Note the new The certs can be self-signed certs. I tested with a key/pair generated with |
|
@allamand any updates on this ? |
|
Yes I didn’t managed to make it work in my use case, Ideally I would not want to terminate tos on the proxy so not sure why I need to pass some certificate here ? |
|
@allamand you can skip the TLS flags if you don't need TLS support. It was just added for my use-case because I was proxying EKS and kubectl won't send the Authorization header to the proxy if it's not a TLS connection. |
|
ok thanks this is working |
I'm using this proxy in front of an API Gateway with IAM authorization which proxies to Nginx and finally to an EKS cluster. Kubectl only will send its bearer token (using the Authorization) header if the connection to the server is using TLS and I'd rather not add yet another proxy in front of this one to terminate TLS.
Would you be open to adding optional TLS support? I have it working locally and I was thinking about these flags:
If so, I'd be happy to create a PR to support this.
The text was updated successfully, but these errors were encountered: