Some big developer news from the Oasis ecosystem: ROFL now supports proxy-based frontend hosting directly inside TEEs (Trusted Execution Environments).
Here’s what’s new:
No more manual proxy or TLS setup: ROFL auto-assigns subdomains (or lets you configure your own custom domain), handles DNS, and provisions TLS certs — all inside the TEE.
It uses Wireguard tunnels between the scheduler and the app, so traffic is encrypted, and TLS keys never leave the trusted enclave.
The deployment flow is super simple for devs:
Add domain annotation to your docker-compose (or similar) file.
Rebuild & redeploy. Run oasis rofl CLI to get DNS instructions.
Add DNS records + verification token.
Restart your app — TLS is provisioned automatically.
Why this is a big deal:
Full-stack confidential compute: React frontend + backend logic can now live in the same TEE, with full HTTPS.
Easier production deployment: No need to configure reverse proxies or external certificate providers separately.
Security + trust: All TLS keys are generated inside the TEE — even in-memory — so you don’t expose them.
If you're building privacy-preserving dApps or just want to run a secure UI for your backend inside a TEE, this is a game-changer.
Would love to know:
Who here is using ROFL for their apps?
Does this make you more likely to deploy frontend + backend in the same environment?
full thread can be found here!
Top comments (0)