DEV Community

Cover image for ROFL Proxy for HTTPS Hosting
Zerod0wn Gaming
Zerod0wn Gaming

Posted on

ROFL Proxy for HTTPS Hosting

#oasisnetwork #cryptocurrency #web3 #blockchain

Some big developer news from the Oasis ecosystem: ROFL now supports proxy-based frontend hosting directly inside TEEs (Trusted Execution Environments).

Here’s what’s new:

  • No more manual proxy or TLS setup: ROFL auto-assigns subdomains (or lets you configure your own custom domain), handles DNS, and provisions TLS certs — all inside the TEE.

  • It uses Wireguard tunnels between the scheduler and the app, so traffic is encrypted, and TLS keys never leave the trusted enclave.

  • The deployment flow is super simple for devs:

  • Add domain annotation to your docker-compose (or similar) file.

  • Rebuild & redeploy. Run oasis rofl CLI to get DNS instructions.

  • Add DNS records + verification token.

  • Restart your app — TLS is provisioned automatically.

Why this is a big deal:

Full-stack confidential compute: React frontend + backend logic can now live in the same TEE, with full HTTPS.

Easier production deployment: No need to configure reverse proxies or external certificate providers separately.

Security + trust: All TLS keys are generated inside the TEE — even in-memory — so you don’t expose them.

If you're building privacy-preserving dApps or just want to run a secure UI for your backend inside a TEE, this is a game-changer.

Would love to know:

  • Who here is using ROFL for their apps?

  • Does this make you more likely to deploy frontend + backend in the same environment?

full thread can be found here!

Top comments (4)

Collapse
 
caerlower profile image
Manav

This is a genuinely useful update, getting HTTPS and proxying handled inside the TEE removes a lot of the friction that usually comes with deploying frontends.

It makes the process simple too, just set the domain, update DNS, redeploy, and the enclave takes care of TLS.

For anyone building privacy-focused apps, having the frontend and backend inside the same trusted boundary makes things much cleaner.

Collapse
 
adityasingh2824 profile image
Aditya Singh

This is a smart update love how ROFL now handles full-stack hosting (frontend + backend) inside a TEE, with automatic domain, DNS and TLS key provisioning. By eliminating manual proxy/TLS setup and keeping keys inside the enclave, it truly lowers the barrier for confidential full-stack apps. Thanks for making the deployment flow so developer-friendly!” (From article: ROFL Proxy for HTTPS Hosting)

Collapse
 
savvysid profile image
sid

Really slick update! hosting full HTTPS frontends inside a TEE with ROFL is a huge quality-of-life win for devs. No reverse proxies, no cert wrangling, no leaking TLS keys, just drop in a domain annotation and ROFL handles secure tunnels, DNS, and automated cert provisioning end-to-end. Makes confidential full-stack apps way more practical, and honestly lowers the barrier for anyone wanting privacy-preserving UIs or agent dashboards.

Some comments may only be visible to logged-in visitors. Sign in to view all comments.