Would it be possible to drop the -domains parameter and just support all domains?

I'm running onto NAT VPS so I can't expose 443 port. I'm trying to use different port.

root@nano128:~# /root/go/bin/httpsify --domains="d741.tk" --port="15019"
2016/11/14 11:12:12 [INFO][d741.tk] acme: Obtaining bundled SAN certificate
2016/11/14 11:12:13 [INFO][d741.tk] acme: Could not find solver for: dns-01
2016/11/14 11:12:13 [INFO][d741.tk] acme: Trying to solve TLS-SNI-01
2016/11/14 11:12:17 err> map[d741.tk:acme: Error 403 - urn:acme:error:unauthorized - Incorrect validation certificate for TLS-SNI-01 challenge. Requested 638f9367252d736c13116be9b8bcd5b6.68a1b4f03dd5de043acc7f6c2b7e891c.acme.invalid from 37.59.43.140:443. Received certificate containing ''
Error Detail:
	Validation for d741.tk:443
	Resolved to:
		37.59.43.140
	Used: 37.59.43.140

]

Just found out that the whole CLI API has changed after updating my cluster resulting in dead container. It would be nice to avoid such a problem in future. There are two main concerns: stability of CLI API and tags for docker images.

P.S. Also readme became obsolete after removal of --redirect flag.

This will be a useful feature.

2019/11/12 05:13:55 http: TLS handshake error from 10.255.0.2:46632: 403 urn:acme:error:unauthorized: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.

It would be nice to obtain certificates on start and not on first request

Hi, i'm trying to connect httpsify via docker-compose like that:

version: '3.4'
services: 
  ... some containers ...
  nginx:
    container_name: nginx
    command: wait-for app:8000 -- nginx -g "daemon off;"
    depends_on:
      - app
      - frontend
    image: nginx:alpine
    networks:
      - main
    ports:
      - "80:80"
    restart: on-failure
    volumes:
      - ${PWD}/nginx.conf:/etc/nginx/nginx.conf
      - ${PWD}/wait-for:/bin/wait-for
  httpsify:
    container_name: httpsify
    depends_on:
      - nginx
    image: alash3al/httpsify
    ports:
      - "443:443" 
    volumes:
      - ./httpsify:/.httpsify
    networks:
      - main
networks:
  main:

Config is:

{
	"a1.somedomain.com": ["http://nginx:81"],
	"a2.somedomain.com": ["http://nginx:82"]
}

apps on 80 port(https) are working correctly, but https raise errors:

httpsify         | ⇛ Parsing the specified flags ...
httpsify         | ⇛ Loading the provided json hosts file from (/.httpsify/hosts.json) ...
httpsify         | ⇛ Watching the hosts file for any change to hot reload it ...
httpsify         | ⇛ Running the HTTP server on address (:http) ...
httpsify         | ⇛ Running the HTTPS (HTTP/2) server on address (:https) ...
httpsify         | ⇛ Get https://acme-v01.api.letsencrypt.org/directory: x509: certificate signed by unknown authority
httpsify         | 2019/05/01 05:31:00 http: TLS handshake error from 2.95.221.131:56033: acme/autocert: missing certificate

How to solve this?

Hello.

My name is Nelson, I am from Nicaragua, can you help me with a reverse proxy , i would be glad to pay you for your services.

1. I am behind a firewall

2. The client is a Android Application, it can sends an HTTP request with the proxy and then to the SSH server to create the tunnel

3. On the internet I found the following:
   HTTP proxy: 50.18.211.227:8043
   Fully qualified domain name (FQDN): 5ef50094901b6f5fccdfd0f6-172-245-22-211.cloudmi.datami.net

The proxy is linked to their domain, the only thing that altered was the domain which removed their IP that it had and put or added mine 172-245-22-211 so that your proxy will not reject the connection.

I show you the connection that WIRESHARK shows me. What you send and what you receive :

It is possible to create a proxy that support CONNECT method and support HTTPS or SSL like that proxy I found on the internet ?

The proxy 50.18.211.227:8043 response is :

HTTP/1.1 200 Connection established.
Server: sdgw

then goes the response from my SSH dropbear and the tunnel is created.

i want a proxy like that on my VPS .

I am going to wait for your reply.

So things work fine if I use just a domain name ("host" in the lingo of HTTP I guess) but as soon as the URL has a path things stop working. I believe

req, err := http.NewRequest(r.Method, *backend, r.Body)

should really be something like

req, err := http.NewRequest(r.Method, *backend+r.URL.Path, r.Body)

instead. But since I am not much of a HTTP protocol person, I am not 100% sure about this. Any insights?

The download containing the windows binaries of version 3.2 has weird content and miss the .exe file.

The HOSTS map is updated in place when the hosts file is updated, with a simple mutex but unfortunately it may be concurrently accessed (1,2) during such an update.

Secondly, decoding JSON into the HOSTS map will only overwrite existing entries, so deleted entries will persist, and type errors may leave the map in an inconsistent state (see playground example).

The mutex should also be to changed to an RWMutex, with the shared locks for the read operations and a write lock for the reloading.

Instead of decoding the file into &HOSTS, directly a new map should be allocated, and then assigned to the HOSTS variable. The write mutex can be obtained after the file has been successfully loaded, protecting just the assignment, this would have the additional benefit of reducing lock contention, allowing requests to be handled while the new hosts file is being parsed.

I am unable to use this with a wildcard subdomain / or convert all wildcard to part

Eg subdomain.example.com/*/
Or

*.example.com/mypath

Anyhelp?