Easy SSL setup

[shesek]

Provide a docker image that sets up nginx with certbot or a self-signed cert, as a reverse proxy to the http/electrum servers.

For the http api, this could also throw basic http auth into the mix (this does not solve authentication for the electrum server though, which cannot be done with the current electrum protocol and would require a separate authentication layer, like a vpn or an hidden service).

This could also potentially be implemented as part of the rust server itself (there are a few rust libaries for integrating with letsencrypt), but this is quite more complicated and doesn't seem to add much value over the simpler docker image option.

[leshik]

Nginx might be a hassle, what about Caddy?

[shesek]

Nginx supports terminating SSL for TCP servers (Electrum is JSON-RPC over TCP), it seems like Caddy doesn't support that quite yet [0] and is primarily oriented for HTTP servers. But Caddy is very nice and could be a good solution for the HTTP API, thanks for bringing it up as an option.

Regarding Electrum - after giving this some more thought, I'm not sure that bwt should be making it easier to setup SSL for Electrum. If this doesn't also come with an authentication solution, it would give a false sense of security and encourage people to make the servers publicly accessible in a way that could harm their privacy. I wouldn't want to make it appear like I'm giving a Kosher stamp to something that isn't actually safe. To make this private and secure they'll need to also setup something like a VPN, an SSH tunnel or a Tor hidden service -- in which case SSL doesn't really add much anyway.

[0] It looks like it is being worked on but its very early, with no source code published yet.

[mholt]

@shesek What are your requirements? It's working quite well already. Help me understand what you need.