Skip to content
Acts as ACME challenge proxy. Deploy Let's Encrypt certificates in networks with split DNS.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
haproxy-acme-validation-proxy-plugin @ a56691a
.gitmodules
Dockerfile
LICENSE
README.md
haproxy.cfg

README.md

HAProxy ACME proxy

Forward ACME challenge requests to local clients. Clients on the intranet with valid local dns entries can request certs using standard tools.

Configuration

Make sure your docker host uses the intranet dns server for name resolution.

By default, all domains are allowed. You should limit this to the domain prefixes used on the intranet to not leak requests. The environment variable ACME_DOMAINS holds a regex to filter incomming requests with.

asdf asfsdaf
.* any string/domain (default)
^intra\.example\.com$ exacty intra.example.com
(\.i\.example\.com)$|(\.iana\.org)$ any subdomain under i.example.com or any subdomain under iana.org

Keep in mind that a regex like iana\.org$ also matches a domain like whateverisinfrontiana.org, so better use something like (\.|^)iana.org$ in that case

Starting

Change 8888 to the port you want your firewall/gateway to forward requests to

docker run -p 8888:80 -e ACME_DOMAINS="(\.i\.example\.com)$" -d joellinn/haproxy-acme-proxy
You can’t perform that action at this time.