Skip to content
/ go-mtls-proxy Public

A simple mTLS proxy (tinyproxy + stunnel, no TLS inspection) and a Go client program that uses the proxy.

License

Apache-2.0 license
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ofirc/go-mtls-proxy

BranchesTags

Repository files navigation

go-mtls-proxy

A simple mTLS proxy (tinyproxy + stunnel, no TLS inspection) and a Go client program that uses the proxy.

It demonstrates how to use a client certificate to authenticate to a proxy server that requires it and curl a public URL.

This is based on the following repo: docker-mtls-https-proxy.

It differs from the above repo in the following ways:

  • It generates certs with SAN to make it comply with Go (needed for Go crypto/tls)
  • It adds a Go client program that uses the proxy

The project is meant for purely demonstration purposes, do not use it in production.

To run:

./scripts/generate-certs.sh
docker compose build
docker compose up

And then on a separate shell:

go run main.go
curl \
  --proxy https://localhost:8080 \
  --proxy-cacert ca.crt \
  --proxy-cert client.crt \
  --proxy-key client.key \
  https://ipv4.icanhazip.com

For example:

$ curl --proxy https://localhost:8080 --proxy-cacert ca.crt --proxy-cert client.crt --proxy-key client.key https://ipv4.icanhazip.com
84.228.242.243
$ go run main.go                                                                                                                     
84.228.242.243

About

A simple mTLS proxy (tinyproxy + stunnel, no TLS inspection) and a Go client program that uses the proxy.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages