Single-command SSL reverse proxy with autogenerated certificates (LetsEncrypt, self-signed, provided)
Clone or download
Latest commit 2b10ebf Nov 26, 2018

README.md

ssl-proxy

Simple single-command SSL reverse proxy with autogenerated certificates (LetsEncrypt, self-signed)

A handy and simple way to add SSL to your thing running on a VM--be it your personal jupyter notebook or your team jenkins instance. ssl-proxy autogenerates SSL certs and proxies HTTPS traffic to an existing HTTP server in a single command.

Usage

With auto self-signed certificates

ssl-proxy -from 0.0.0.0:4430 -to 127.0.0.1:8000

This will immediately generate self-signed certificates and begin proxying HTTPS traffic from https://0.0.0.0:4430 to http://127.0.0.1:8000. No need to ever call openssl. It will print the SHA256 fingerprint of the cert being used for you to perform manual certificate verification in the browser if you would like (before you "trust" the cert).

I know nginx is often used for stuff like this, but I got tired of dealing with the boilerplate and wanted to explore something fun. So I ended up throwing this together.

With auto LetsEncrypt SSL certificates

ssl-proxy -from 0.0.0.0:443 -to 127.0.0.1:8000 -domain=mydomain.com

This will immediately generate, fetch, and serve real LetsEncrypt certificates for mydomain.com and begin proxying HTTPS traffic from https://0.0.0.0:443 to http://127.0.0.1:8000. For now, you need to ensure that ssl-proxy can bind port :443 and that mydomain.com routes to the server running ssl-proxy (as you may have expected, this is not the tool you should be using if you have load-balancing over multiple servers or other deployment configurations).

Provide your own certs

ssl-proxy -cert cert.pem -key myKey.pem -from 0.0.0.0:4430 -to 127.0.0.1:8000

You can provide your own existing certs, of course. Jenkins still has issues serving the fullchain certs from letsencrypt properly, so this tool has come in handy for me there.

Installation

Simply download and uncompress the proper prebuilt binary for your system from the releases tab. Then, add the binary to your path or start using it locally (./ssl-proxy).

If you're using wget, you can fetch and uncompress the proper binary in one command:

wget -qO- $BINARY_RELEASE_LINK | tar xvz

Build from source

You must have Golang installed on your system along with make and dep. Then simply clone the repository and run make.

Attribution

Icons made by Those Icons from www.flaticon.com is licensed by CC 3.0 BY