Categorygithub.com/grokify/mtlsproxy
repositorypackage
0.1.2
Repository: https://github.com/grokify/mtlsproxy.git
Documentation: pkg.go.dev
Overview
Dependencies
8
Dependents
0

# README

mTLS Proxy

This is a simple Mutual TLS (mTLS) reverse proxy that handles mTLS with the client.

Clone the Server

% git clone https://github.com/grokify/mtlsproxy
% cd mtlsproxy

Generate Key and Certificate

Create test keys and certificates for server and client usage in non-interactive mode with 1 day expiration.

% openssl req -x509 -newkey rsa:4096 -keyout server_key.pem -out server_cert.pem -sha256 -days 1 -nodes -subj "/C=US/ST=California/L=Silicon Valley/O=Local/OU=Host/CN=localhost"
% openssl req -x509 -newkey rsa:4096 -keyout client_key.pem -out client_cert.pem -sha256 -days 1 -nodes -subj "/C=US/ST=California/L=Silicon Valley/O=Local/OU=Host/CN=client"

Ref: https://stackoverflow.com/a/10176685/1908967

Configure and Start Server

% export MTLSP_SERVER_KEY_PATH=server_key.pem
% export MTLSP_SERVER_CERT_PATH=server_cert.pem
% export MTLSP_CLIENT_CA_PATHS=client_cert.pem
% export MTLSP_UPSTREAM_URL=http://example.com
% export MTLSP_PORT=8080
% go run main.go
2024/03/26 07:36:57 listen:  [::]:8080

Make mTLS Request using cURL

% curl --cert client_cert.pem --key client_key.pem --cacert server_crt.pem  https://localhost:8080

Returns page from http://example.com.

References

  1. https://pkg.go.dev/net/http/httputil#ReverseProxy
  2. https://gist.github.com/JalfResi/6287706
  3. https://github.com/habibiefaried/mtls-tcp-proxy/tree/main
  4. https://github.com/picatz/mtls-proxy
  5. https://stackoverflow.com/questions/76684798/proxy-server-in-go-using-existing-net-conn
  6. https://stackoverflow.com/questions/35390726/confirm-tls-certificate-while-performing-reverseproxy-in-golang
  7. https://blog.joshsoftware.com/2021/05/25/simple-and-powerful-reverseproxy-in-go/
  8. https://medium.com/trendyol-tech/golang-ile-custom-reverse-proxy-yapmak-7a4198fe86fc
  9. https://stackoverflow.com/questions/63899700/how-to-stop-showing-target-url-in-reverseproxy-in-golang-using-newsinglehostreve
  10. https://stackoverflow.com/questions/54385164/golang-reverse-proxy-multiple-target-urls-without-appending-subpaths
  11. https://stackoverflow.com/questions/23164547/golang-reverseproxy-not-working
  12. https://stackoverflow.com/questions/50694429/curl-with-client-certificate-authentication
  13. https://stackoverflow.com/questions/70207857/reverse-proxy-using-go-to-cloud-run-instance
  14. https://www.integralist.co.uk/posts/golang-reverse-proxy/
  15. https://github.com/picatz/mtls-proxy/blob/main/pkg/proxy/server.go
  16. https://www.reddit.com/r/golang/comments/zdsgon/octoproxy_simple_tcptls_proxy_support_mutual/
  17. https://smallstep.com/hello-mtls/doc/combined/go/nginx-proxy
  18. https://smallstep.com/hello-mtls/doc/client/curl
  19. https://medium.com/@brucifi/working-with-tls-client-certificates-f67437a9aeb9
  20. https://downey.io/notes/dev/curl-using-mutual-tls/