vulcand

Setup https proxy with vulcand

More than 3 years have passed since last update.

vulcand supports not only http but also https. This is the way to set up https proxy and use it as a insecure https proxy for a development environment.

Basic usage of vulcand is quite simple, see Quick Start — Vulcand documentation 2.0 documentation.


Setup https proxy

To use https with vulcand, it needs to set Host configuration with a certificate and a key.


Create seal key

First, we have to create seal key to secure our certificates and keys in etcd.

vctl secret new_key

# It can be exported to a file
vctl secret new_key --file path/to/file

We can run the command as a container like below:

docker run -it --rm -v /path/to/dir:/path/to/dir mailgun/vulcand:v0.8.0-beta.3 vctl secret new_key --file /path/to/dir/seal_key


Add host configuration

Currently there's a bug to set configuration as a json via etcd api (docs). We have to use vctl to add hosts configuration.

trouble making https work · Issue #210 · mailgun/vulcand

vctl host upsert -name example.com --cert=/path/to/cert.pem --privateKey=/path/to/private.key

If vulcand runs as a container, do exec and then set host configuration with vctl:

/usr/bin/docker run -d --name vulcand \

-p 443:443 -p 80:80 -p 8181:8181 -p 8182:8182 \
-v /path/to:/path/to \
mailgun/vulcand:v0.8.0-beta.3 \
/go/bin/vulcand \
-apiInterface="0.0.0.0" \
-etcd="http://10.1.1.1:2379" \
-port=80 \
-sealKey=<sealKey>

# exec
/usr/bin/docker exec -it vulcand vctl host upsert -name example.com --cert=/path/to/cert.pem --privateKey=/path/to/private.key


Create listener

etcdctl set /vulcand/listeners/ls1

'{
"Id":"ls1",
"Protocol":"https",
"Address":{"Network":"tcp","Address":"0.0.0.0:443"}
}'


Skip Verification of TLS

To configure insecure mode for a development environment, Set InsecureSkipVerify to Settings -> TLS of both of Backend and Listener.


Listener

etcdctl set /vulcand/listeners/ls1

'{
"Id":"ls1",
"Protocol":"https",
"Address":{"Network":"tcp","Address":"0.0.0.0:443"},
"Settings":{
"TLS":{
"InsecureSkipVerify":true}
}
}'


Backend

etcdctl set /vulcand/backends/web/backend

'{"Id":"web","Type":"http",
"Settings":{
"TLS":{
"InsecureSkipVerify":true}
}
}'