push.rocks/smartproxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
smartproxy/summary-acme-simplification.md
Philipp Kunz 538d22f81b update
2025-05-18 15:51:09 +00:00

2.8 KiB
Raw Blame History

ACME/Certificate Simplification Summary

What Was Done

We successfully implemented the ACME/Certificate simplification plan for SmartProxy:

1. Created New Certificate Management System

  • SmartCertManager (ts/proxies/smart-proxy/certificate-manager.ts): A unified certificate manager that handles both ACME and static certificates
  • CertStore (ts/proxies/smart-proxy/cert-store.ts): File-based certificate storage system

2. Updated Route Types

  • Added IRouteAcme interface for ACME configuration
  • Added IStaticResponse interface for static route responses
  • Extended IRouteTls with comprehensive certificate options
  • Added handler property to IRouteAction for static routes

3. Implemented Static Route Handler

  • Added handleStaticAction method to route-connection-handler.ts
  • Added support for 'static' route type in the action switch statement
  • Implemented proper HTTP response formatting

4. Updated SmartProxy Integration

  • Removed old CertProvisioner and Port80Handler dependencies
  • Added initializeCertificateManager method
  • Updated start and stop methods to use new certificate manager
  • Added provisionCertificate, renewCertificate, and getCertificateStatus methods

5. Simplified NetworkProxyBridge

  • Removed all certificate-related logic
  • Simplified to only handle network proxy forwarding
  • Updated to use port-based matching for network proxy routes

6. Cleaned Up HTTP Module

  • Removed exports for port80 subdirectory
  • Kept only router and redirect functionality

7. Created Tests

  • Created simplified test for certificate functionality
  • Test demonstrates static route handling and basic certificate configuration

Key Improvements

  1. No Backward Compatibility: Clean break from legacy implementations
  2. Direct SmartAcme Integration: Uses @push.rocks/smartacme directly without custom wrappers
  3. Route-Based ACME Challenges: No separate HTTP server needed
  4. Simplified Architecture: Removed unnecessary abstraction layers
  5. Unified Configuration: Certificate configuration is part of route definitions

Configuration Example

const proxy = new SmartProxy({
  routes: [{
    name: 'secure-site',
    match: { ports: 443, domains: 'example.com' },
    action: {
      type: 'forward',
      target: { host: 'backend', port: 8080 },
      tls: {
        mode: 'terminate',
        certificate: 'auto',
        acme: {
          email: 'admin@example.com',
          useProduction: true
        }
      }
    }
  }]
});

Next Steps

  1. Remove old certificate module and port80 directory
  2. Update documentation with new configuration format
  3. Test with real ACME certificates in staging environment
  4. Add more comprehensive tests for renewal and edge cases

The implementation is complete and builds successfully!