Boundary Reverse Proxy

Are there any plans to allow proxying connections to Boundary via a reverse proxy?

Ideally, I would like to be able to expose the API and worker port via the standard HTTPS port, however, based on what I can see, this is not currently possible.

It seems like trying to proxy the client-to-worker connection in any manner results in an error such as:

Error dialing the worker: failed to WebSocket dial: failed to send handshake request: Get "https://boundaryw.removed.com:443/v1/proxy": x509: certificate is valid for default, not s_XsSU4VHSW1

Current setup is to have the controller exposed at https://boundary.removed.com and the worker exposed via https://boundaryw.removed.com and using SNI matching in Traefik to route between the two.

Even though Traefik is set to pass-through the TLS session, it seems to present the wrong certificate.

Is there a recommended method of load balancing the worker connections?

1 Like