Introduction🔗

ferron is a webserver written in rust. This webserver have the Automatic TLS feature for deSEC implemented which makes it quite easy to create a TLS http server listen on localhost 🤩 🥳.

Pre-Requirements:

• curl
• deSEC Account
• own Domain => referred in this post as DOMAIN

Get Token.🔗

To be able to add the acme challenge to the deSEC is a Token required. How to get and mange tokens for deSEC is documented at Manage Tokens

config and start ferron🔗

The config file ferron.kdl.

* {

  protocols "h1" "h2" "h3"

  log "/dev/stdout"
  error_log "/dev/stderr"

  default_http_port 8080  // for real webserver change the port to 80
  default_https_port 8443 // for real webserver change the port to 443

  trust_x_forwarded_for #true

  auto_tls
  auto_tls_contact "Your-letsencrypt@Email-address"
  auto_tls_cache "letsencrypt-cache"
  auto_tls_letsencrypt_production
  auto_tls_challenge "dns-01" provider="desec" api_token="THE-TOKEN"

}

*.DOMAIN {
  
  status 200 url="/static_return" body="OK"

  root "wwwroot"
}

After the Install process can you use the above config file to start ferron.

# ./ferron -c /datadisk/Downloads/ferronweb/ferron-2.0.0-beta.16/ferron.kdl
HTTP server is listening on [::]:8080...
HTTPS server is listening on [::]:8443...
HTTP/3 server is listening on [::]:8443...

Finally🔗

Wenn everything works as designed should can you cal curl on localhost with an valid TLS Certificate.

curl -v --compressed \
  --resolve test2.DOMAIN:8443:127.0.0.1 \
  --http2 --http2-prior-knowledge \
  -H 'X-Forwarded-For: 10.1.1.1,20.2.2.2' \
  https://test2.DOMAIN:8443/static_return

ferron shows then the right IP from the first X-Forwarded-For entry.

# ./ferron -c /datadisk/Downloads/ferronweb/ferron-2.0.0-beta.16/ferron.kdl
HTTP server is listening on [::]:8080...
HTTPS server is listening on [::]:8443...
HTTP/3 server is listening on [::]:8443...
10.1.1.1 - - [22/Oct/2025:23:08:02 +0200] "GET /static_return HTTP/2.0" 200 2 "-" "curl/8.5.0"