feat(ssl): Add LetsEncrypt certificate option

2025-12-16 14:15:16 +01:00
parent 69a42d957d
commit eec632ff97
10 changed files with 568 additions and 11 deletions
--- a/config.yaml
+++ b/config.yaml
@@ -4,7 +4,21 @@
 # Listen address and port
 listen:
  address: "0.0.0.0"
-  port: 5432
+  port: 5400
+
+# TLS configuration
+# If enabled is true but cert_file/key_file are not specified or not found,
+# a self-signed certificate will be automatically generated for all external hostnames
+tls:
+  enabled: true
+  # cert_file: "/path/to/cert.pem"  # Optional: path to certificate file
+  # key_file: "/path/to/key.pem"    # Optional: path to private key file
+  # Let's Encrypt configuration (automatic certificate management)
+  letsencrypt:
+    enabled: false  # Set to true to use Let's Encrypt
+    email: "admin@secnex.io"  # Email for Let's Encrypt registration
+    cache_dir: "./certs/letsencrypt"  # Directory to store certificates (default: ./certs/letsencrypt)
+    staging: true  # Use Let's Encrypt staging environment for testing

 debug: true

@@ -13,5 +27,7 @@ debug: true
 mappings:
  - external: "mytestserver"
    internal: "localhost"
+    port: 5432
  - external: "mytestserver2"
-    internal: "deploy.deinserver.co"
+    internal: "localhost"
+    port: 5431