socat SSL proxy

Author: badboy

src/Linux/socat-ssl-proxy.md

@@ -0,0 +1,19 @@
+# socat SSL proxy
+
+First create a self-signed certificate:
+
+```
+openssl genrsa -out server.key 2048
+# Note: answer localhost for your Common Name (CN)
+# other answers don't really matter
+openssl req -new -key server.key -x509 -days 3653 -out server.crt
+cat server.key server.crt > server.pem
+openssl dhparam -out dhparams.pem 2048
+cat dhparams.pem >> server.pem
+```
+
+Then use `socat` to listen on port 443 on all interfaces (IPv6 enabled) and forward (unencrypted) to `localhost:80`:
+
+```
+socat openssl-listen:443,fork,reuseaddr,cert=server.pem,cafile=server.crt,verify=0,openssl-min-proto-version=TLS1.3 TCP:localhost:80
+```