Skip to content

Reverse proxy injecting client certificate for mTLS communication

License

Notifications You must be signed in to change notification settings

crabtree/mtls-transmitter

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

mtls-transmitter

mtls-transmitter is a simple reverse proxy that injects client certificate for mTLS communication. It creates a reverse proxy that injects client certificate to incomming http requests and routes them to the https endpoint.

Building the binary

$ go build -o mtls-transmitter ./cmd/transmitter

Running the binary

$ ./mtls-transmitter -cert=/path/to/cert.pem -key=/path/to/key.pem -url=desired.host.com [-port=8080] [-skip-ssl]

Parameters

Parameters can also be set as flags or as environment variables, with flags attempting to take precedence.

Flag Env Var Description
-cert CERT The path to the client certificate; required
-key KEY The path to the client certificate key; required
-url URL The hostname:port to which the proxy fowards requests; required
-port PORT The port on which the proxy listens on; default: 8080
-skip-ssl SKIP_SSL If set to true, the proxy sill skip server certificate verification; default: false
-silent SILENT If set to true, the proxy will not log proxied events; default: false

Running inside the docker container

Building

$ docker build -t crabtree/mtls-transmitter .

Running

NOTE: To run mtls-transmitter inside the docker container you need to provide your client certificate to your container.

$ docker run --rm -v /path/to/cert-dir:/cert -p 8080:8080 crabtree/mtls-transmitter -cert /cert/cert.pem -key /cert/key.pem -url desired.host.com

Development

Use the following:

make          # to format and validate changes
make build    # to build the binary

See the Makefile for additional options.