Joxy is a containerized TCP proxy that terminates TLS using certificates automatically issued by Let´s encrypt. This makes it easy to add encryption to any TCP listener which is normally not supported by traditional HTTP loadbalancers such as a websockets server.

This project uses these tools and dependencies:

• Go as well as make for building the service
• Godep for maintaining Go dependencies
• Kubernetes available through Container Engine
• Container Registry

See the Makefile for an example container build. This assumes we have access to a google cloud registry. Change REGISTRY and IMAGE environment variables to match your own project.

See kubernetes for an example deployment configuration.
The deployment arguments must be changed:

• domain: the domain name that resolves to our service.
• backend: the non-TLS service we want to proxy to.

HTTP pprof is enabled and available on port 8080. When running on Kubernetes, you can forward this port to localhost

kubectl port-forward joxy-4056657478-myuh6 8080:8080

You can then access http:https://localhost:8080/debug/pprof/, see pprof documentation for more information.

This service is dependent on running as a single instance due to how Let's encrypt challenging works. Future plan is to use a distributed lock through etcd to allow coordinating challenges when more than one instance is running.