proxy: add JWT request signing support (#19)

- Refactored middleware and request hander logging. - Request refactored to use context.Context. - Add helper (based on Alice) to allow middleware chaining. - Add helper scripts to generate elliptic curve self-signed certificate that can be used to sign JWT. - Changed LetsEncrypt scripts to use acme instead of certbot. - Add script to have LetsEncrypt sign an RSA based certificate. - Add documentation to explain how to verify headers. - Refactored internal/cryptutil signer's code to expect a valid EC priv key. - Changed JWT expiries to use default leeway period. - Update docs and add screenshots. - Replaced logging handler logic to use context.Context. - Removed specific XML error handling. - Refactored handler function signatures to prefer standard go idioms.
2025-05-22 13:37:19 +02:00 · 2019-01-22 21:44:22 -08:00 · 2019-01-22 21:44:22 -08:00 · 426e003b03
commit 426e003b03
parent 98b8c7481f
30 changed files with 1711 additions and 588 deletions
--- a/scripts/generate_wildcard_cert.sh
+++ b/scripts/generate_wildcard_cert.sh
@ -1,11 +1,16 @@
 #!/bin/bash

-# requires certbot
-certbot certonly --manual \
-	--agree-tos \
-	-d *.corp.example.com \
-	--preferred-challenges dns-01 \
-	--server https://acme-v02.api.letsencrypt.org/directory \
-	--config-dir le/config \
-	--logs-dir le/work \
-	--work-dir le/work
+# requires acme.sh
+# see : https://github.com/Neilpang/acme.sh
+# uncomment below to install
+# curl https://get.acme.sh | sh
+
+# assumes cloudflare, but many DNS providers are supported
+
+export CF_Key="x"
+export CF_Email="x@x.com"
+
+$HOME/.acme.sh/acme.sh \
+	--issue \
+	-d '*.corp.beyondperimeter.com' \
+	--dns dns_cf