autocert support

[tcurdt]

Describe the feature request

A public facing https port needs a cert. It would be nice if the cert could automatically be obtained from letsencrypt.

Describe alternatives you've considered

I guess one could use caddy as another proxy in front - but that is less than ideal. It would be better to integrate

https://go-acme.github.io/lego/usage/library/

Affected area

• Docs
• Installation
• Performance and Scalability
• Security
• User Experience
• Test and Release
• Developer Infrastructure
• Client Plugin
• Server Plugin
• Extensions
• Others

[fatedier]

Can you describe more about your configures?

[tcurdt]

Let's say I have a http service on the LAN and I want to expose that via https on the a public machine.

I guess one could use frp to create a tunnel and then use e.g. caddy as a reverse proxy to that. Or maybe use cert-manager in DNS mode to obtain letsencrypt certs. Both not ideal.

It seems frp already supports TLS - so why not support getting the cert via acme directly?

[fatedier]

That makes sense.

I plan to support it in frp v2. Usage of HTTPS will be refactored future.

If it's easy to implement, i will add this in current release.

[almereyda]

In case one wanted to adopt implementation strategies from other approaches, there is boringproxy.io, which reuses caddyserver/certmagic for the task.

[dest1n1s]

Any progress on this? It'd be nice if frp supports automatic certificate renewal since it's cumbersome to have the certificates renewed on the relay server and then move them to the host.