Kapow! Behind a Reverse Proxy¶
In this section we present a series of reverse proxy configurations that augment the capabilities of Kapow!.
Note
In this section we refer to the host running the Kapow! server as
kapow:8080
.
Serving over HTTPS¶
Kapow! currently does not support HTTPS
but you can use a
reverse proxy to serve a Kapow! service via HTTPS
.
For testing purposes you can generate a self-signed certificate with the following command:
$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
Caddy¶
Automatic Let’s Encrypt Certificate
Caddy
automatically enablesHTTPS
usingLet's Encrypt
certificates given that some criteria are met.yourpublicdomain.example proxy / kapow:8080
Automatic Self-signed Certificate
If you want
Caddy
to automatically generate a self-signed certificate for testing you can use the following configuration.yourdomain.example proxy / kapow:8080 tls self_signed
Custom Certificate
If you already have a valid certificate for your server use this configuration.
yourdomain.example proxy / kapow:8080 tls /path/to/cert.pem /path/to/key.pem
HAProxy¶
With the following configuration you can run HAProxy
with a custom
certificate.
frontend myserver.local
bind *:443 ssl crt /path/to/myserver.local.pem
mode http
default_backend nodes
backend nodes
mode http
server kapow1 kapow:8080
Note
You can produce myserver.local.pem
from the certificates in
previous examples with this command:
$ cat /path/to/cert.pem /path/to/key.pem > /path/to/myserver.local.pem
nginx¶
With the following configuration you can run nginx
with a custom
certificate.
server {
listen 443 ssl;
server_name myserver.local;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
location / {
proxy_pass http://kapow:8080;
}
}