Add https for the server about ktra HOT 4 OPEN

I've been exploring recently exposing websites outside of a VPN, and it seems that it would be simpler to use a reverse proxy indeed to deal with TLS termination. This workaround would also allow to keep down the volume of code to maintain.

Maybe we could just include a docker-compose file that sets up a ktra image and nginx-certbot to give users a quick way to set up https if they do not already have a RP setup (assuming that users who have a RP already will know how to add https to ktra in their setup). What do you think ?

from ktra.

I think the end goal should be to have a https feature in ktra, but I agree that not a priority. I believe that would be nice cause a proxy have a cost and I think we go for an all in one registry with sparse-registry meaning a registry could need to handle A LOT of request. This make a user depend on third tool.

Handle TLS look trivial in warp exemple doc.

BTW certbot + docker pose a lot of problem and that not trivial at all to understand. (use docker stack and certbot is not easy at all, that work for simple docker use but any docker swarm use and you run into difficulty)

from ktra.

Makes sense. I was thinking about the pains of making a valid certificate, but I suppose this is an orthogonal problem to having tls handled in the server app.

from ktra.

I have a docker-compose that uses caddy as a reverse proxy. Certs are issued automatically and it works fantastic with ktra. I can make a pr if you're all interested

from ktra.