Warning:
Early development stage. Do not use at home. You might not want to come back to other web servers.
The API is still undergoing some small changes.
Jucenit is a web server configurable through short scattered toml files. Internally uses nginx unit.
- Split your configuration across multiple files in Toml.
- Easy ssl renewal.
Your configuration chunks must be uniquely identified with a mandatory uuid.
Use it as a reverse-proxy.
# jucenit.toml
[[unit]]
uuid = "d3630938-5851-43ab-a523-84e0c6af9eb1"
listeners = ["*:443"]
[unit.match]
hosts = ["example.com"]
[unit.action]
proxy = "http://127.0.0.1:8888"
On queries like "https://example.com" it redirects to the port 8888 on private network.
Or for file sharing
# jucenit.toml
[[unit]]
uuid = "f37490cb-d4eb-4f37-bb85-d39dad6a21ab"
listeners = ["*:443"]
[unit.match]
hosts = ["test.com"]
uri = "/static"
[unit.action]
share = ["/home/website/static"]
On queries like "https://test.com/static/index.html" it redirects to /home/website/static/index.html
And many more possibilities at nginx unit. Update the global configuration with your configuration chunks.
jucenit push
# or
jucenit push --file jucenit.toml
The only way to cherry remove chunks from the global configuration is to edit the main configuration with:
jucenit edit
Or to delete everything previously pushed to the global configuration
jucenit clean
Add new certificates or Renew almost expired certificates.
jucenit ssl --renew
Remove every certificates.
jucenit ssl --clean
Run the daemon for automatic certificate creation and renewal
jucenit ssl --watch
See detailed project structure and functionning at INTERNALS.md
First, add the flake url to your flakes inputs.
inputs = {
jucenit.url = "github:pipelight/jucenit";
};
And enable the service in your configuration file;
services.jucenit.enable = true;
You first need a running instance of nginx-unit. See the installation guide:
Add the following configuration changes:
unitd --control '127.0.0.1:8080'
So it listens on tcp port 8080 instead of default unix socket.
Install on any linux distribution with cargo.
cargo install --git https://github.com/pipelight/jucenit
You need to run a background deamon for autossl.
Create a file like a systemd-unit file or an initd file for autossl.
It must run the following command:
jucenit ssl --watch
cli:
- add command to edit global configuration with favorite editor.
- add option to allow passing a toml string instead of a config file path to the executable.
- add "push -d" to remove a chunk from global configuration.
ssl certificates:
- parallel certificate renewal
- provide a template systemd unit (with nginx-unit sandboxing of course)
- add support for acme challenge http-01
- add support for acme challenge tls-ALPN-01
automation:
- make a daemon that watches certificates validity
global improvements:
- add a verbosity flag and better tracing
We need better tooling to easily share our makings to the world.
Licensed under GNU GPLv2 Copyright (C) 2023 Areskul