[Feature Request] TLS and Lets Encrypt Support

[jpillora]

I want to support manual TLS with certs and automatic with Let's Encrypt (see acmewrapper. However, this would require a tls.json file (or a set of files) to store TLS state, and with Let's Encrypt you'd also need to specify a hostname and you'd be restricted to port 80/443. All of this adds complexity so, I ended up leaving TLS support out for now. Since the SSH protocol is already performing full authentication and encryption, I see TLS as an optional nice to have.

Encrypting the keys using the server key then storing them encrypted out in the open, in a public database somewhere might work... First I'd need to use a proper PBKDF for the server key.

Please mention any comments/ideas you have below

[jpillora]

In the meantime, for easy TLS, use Caddy with:

https://chisel.mydomain.com {
    tls "webmaster@mydomain.com"
    log / stdout "[{when}] {method} {host}{uri} => [{status}] {size}b {latency} ({remote})"
    proxy / http://localhost:4444 {
        websocket
    }
}

Run your chisel server on port 4444. Point chisel.mydomain.com at your server. Run caddy with this Caddyfile and it will use Let's Encrypt to automatically setup HTTPS.

[testcaoy7]

You need to add a keywork "websocket" in your Caddyfile.

[jpillora]

Thanks, updated above

[jpillora]

TLS with lets encrypt support is now built into chisel, please test v1.7.0-rc7. Hoping to release v1.7.0 stable soon