0+git.277a94265.1 MB
Apache-2.0
strict
core20
A forwarding HTTPS server using Let's Encrypt
Provides a forwarding HTTPS server which transparently fetches and caches certificates via Let's Encrypt. This must run on 443 and 80 (http:// just forwards to https://, no forwarding happens unencrypted) and can't coexist with any other web server on your machine.
Why? This is so you can host random and long-lived services publicly on the internet—perfect for other services which are served on http://, don't care about certificates or HTTPS at all, and might be provided by Node or Go on a random high port (e.g., some dumb service running on
Note! This doesn't magic up domain names. You would use this service only if you're able to point DNS records to the IP address of a machine you're running this on, and that the machine is able to handle incoming requests on port 443 and 80 (e.g., on a home network, you'd have to set up port forwarding on your router).
Configure this via
(example.com used above purely as an example.
You'd replace it with a domain name you controlled, preferably with a wildcard DNS (https://en.wikipedia.org/wiki/WildcardDNSrecord) record like
Restart with
Why? This is so you can host random and long-lived services publicly on the internet—perfect for other services which are served on http://, don't care about certificates or HTTPS at all, and might be provided by Node or Go on a random high port (e.g., some dumb service running on
localhost:8080).Note! This doesn't magic up domain names. You would use this service only if you're able to point DNS records to the IP address of a machine you're running this on, and that the machine is able to handle incoming requests on port 443 and 80 (e.g., on a home network, you'd have to set up port forwarding on your router).
Configure this via
/var/snap/https-forward/common/config, which is empty after install. It should be authored like this: # hostname forward-to optional-basic-auth host.example.com localhost:8080 blah.example.com 192.168.86.24:7999 user:pass user-only.example.com localhost:9002 user # accepts any password # Specify host with '.' to suffix all following .example.com test localhost:9000 under-example any-hostname-here.com:9000 # Clear the current suffix with a single "." (otherwise below would be "*.example.com.example.com") . # You can include ? or * to glob-match domain parts (this does NOT match "-") *.example.com localhost:9000 test-v?*.example.com localhost:9999 # matches "test-v1", "test-v100", but NOT "test-v" or "test-vx-123" # serves a blank dummy page (but generate https cert, perhaps as a placeholder) serves-nothing.example.com(example.com used above purely as an example.
You'd replace it with a domain name you controlled, preferably with a wildcard DNS (https://en.wikipedia.org/wiki/WildcardDNSrecord) record like
*.example.com.)Restart with
snap restart https-forward to reread the config file (or try killall -SIGHUP https-forward to signal it instead). You can read logs to ensure that the file has been parsed properly:sudo journalctl -f -u snap.https-forward.https-forwardUpdate History
0+git.277a942 (6)13 Dec 2025, 09:47 UTC
4 Jul 2019, 06:01 UTC
18 Aug 2025, 02:58 UTC
13 Dec 2025, 09:47 UTC