mirror of
https://github.com/yusing/godoxy.git
synced 2026-04-22 16:28:30 +02:00
initial autocert support, readme update
This commit is contained in:
40
README.md
40
README.md
@@ -13,6 +13,9 @@ In the examples domain `x.y.z` is used, replace them with your domain
|
||||
- [Configuration](#configuration)
|
||||
- [Labels](#labels)
|
||||
- [Environment Variables](#environment-variables)
|
||||
- [Config File](#config-file)
|
||||
- [Provider File](#provider-file)
|
||||
- [Supported Cert Providers](#supported-cert-providers)
|
||||
- [Examples](#examples)
|
||||
- [Single Port Configuration](#single-port-configuration-example)
|
||||
- [Multiple Ports Configuration](#multiple-ports-configuration-example)
|
||||
@@ -22,7 +25,6 @@ In the examples domain `x.y.z` is used, replace them with your domain
|
||||
- [Benchmarks](#benchmarks)
|
||||
- [Memory usage](#memory-usage)
|
||||
- [Build it yourself](#build-it-yourself)
|
||||
- [Getting SSL certs](#getting-ssl-certs)
|
||||
|
||||
## Key Points
|
||||
|
||||
@@ -30,6 +32,7 @@ In the examples domain `x.y.z` is used, replace them with your domain
|
||||
- auto detect reverse proxies from docker
|
||||
- additional reverse proxies from provider yaml file
|
||||
- allow multiple docker / file providers by custom `config.yml` file
|
||||
- auto certificate obtaining and renewal (See [Config File](#config-file) and [Supported Cert Providers](#supported-cert-providers))
|
||||
- subdomain matching **(domain name doesn't matter)**
|
||||
- path matching
|
||||
- HTTP proxy
|
||||
@@ -37,6 +40,7 @@ In the examples domain `x.y.z` is used, replace them with your domain
|
||||
- HTTP round robin load balance support (same subdomain and path across different hosts)
|
||||
- Auto hot-reload on container start / die / stop or config changes.
|
||||
- Simple panel to see all reverse proxies and health (visit port [panel port] of go-proxy `https://*.y.z:[panel port]`)
|
||||
- you can customize it by modifying [templates/panel.html](templates/panel.html)
|
||||
|
||||

|
||||
|
||||
@@ -52,7 +56,7 @@ In the examples domain `x.y.z` is used, replace them with your domain
|
||||
|
||||
### Binary
|
||||
|
||||
1. (Optional) Prepare your certificates in `certs/` to enable https. See [Getting SSL Certs](#getting-ssl-certs)
|
||||
1. (Optional) Prepare your wildcard (`*.y.z`) SSL cert in `certs/` to enable https. See [Getting SSL Certs](#getting-ssl-certs)
|
||||
|
||||
- cert / chain / fullchain: `./certs/cert.crt`
|
||||
- private key: `./certs/priv.key`
|
||||
@@ -67,7 +71,7 @@ In the examples domain `x.y.z` is used, replace them with your domain
|
||||
|
||||
2. Add networks to make sure it is in the same network with other containers, or make sure `proxy.<alias>.host` is reachable
|
||||
|
||||
3. (Optional) Mount your SSL certs to enable https. See [Getting SSL Certs](#getting-ssl-certs)
|
||||
3. (Optional) Mount your wildcard (`*.y.z`) SSL cert to enable https. See [Getting SSL Certs](#getting-ssl-certs)
|
||||
|
||||
- cert / chain / fullchain -> `/app/certs/cert.crt`
|
||||
- private key -> `/app/certs/priv.key`
|
||||
@@ -110,8 +114,8 @@ With container name, most of the time no label needs to be added.
|
||||
- http/https: defaults to first expose port (declared in `Dockerfile` or `docker-compose.yml`)
|
||||
- tcp/udp: is in format of `[<listeningPort>:]<targetPort>`
|
||||
- when `listeningPort` is omitted (not suggested), a free port will be used automatically.
|
||||
- `targetPort` must be a number, or the predefined names (see [stream.go](src/go-proxy/stream.go#L28))
|
||||
- `no_tls_verify`: whether skip tls verify when scheme is https
|
||||
- `targetPort` must be a number, or the predefined names (see [constants.go:14](src/go-proxy/constants.go#L14))
|
||||
- `proxy.<alias>.no_tls_verify`: whether skip tls verify when scheme is https
|
||||
- defaults to false
|
||||
- `proxy.<alias>.path`: path matching (for http proxy only)
|
||||
- defaults to empty
|
||||
@@ -136,6 +140,26 @@ With container name, most of the time no label needs to be added.
|
||||
- `GOPROXY_DEBUG`: set to `1` or `true` to enable debug behaviors (i.e. output, etc.)
|
||||
- `GOPROXY_REDIRECT_HTTP`: set to `0` or `false` to disable http to https redirect (only when certs are located)
|
||||
|
||||
### Config File
|
||||
|
||||
See [config.example.yml](config.example.yml)
|
||||
|
||||
### Provider File
|
||||
|
||||
See [providers.example.yml](providers.example.yml)
|
||||
|
||||
### Supported cert providers
|
||||
|
||||
- Cloudflare
|
||||
```yaml
|
||||
autocert:
|
||||
...
|
||||
options:
|
||||
auth_token: "YOUR_ZONE_API_TOKEN"
|
||||
```
|
||||
|
||||
Follow [this guide](https://cloudkul.com/blog/automcatic-renew-and-generate-ssl-on-your-website-using-lego-client/) to create a new token with `Zone.DNS` read and edit permissions
|
||||
|
||||
## Examples
|
||||
|
||||
### Single port configuration example
|
||||
@@ -334,10 +358,6 @@ It takes ~30 MB for 50 proxy entries
|
||||
|
||||
3. build binary with `make build`
|
||||
|
||||
4. start your container with `docker compose up -d`
|
||||
|
||||
## Getting SSL certs
|
||||
|
||||
I personally use `nginx-proxy-manager` to get SSL certs with auto renewal by Cloudflare DNS challenge. You may symlink the certs from `nginx-proxy-manager` to `certs/` folder relative to project root. (For docker) mount them to `go-proxy`'s `/app/certs`
|
||||
4. start your container with `make up` (docker) or `bin/go-proxy` (binary)
|
||||
|
||||
[panel port]: 8443
|
||||
|
||||
Reference in New Issue
Block a user