Search code, repositories, users, issues, pull requests...

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

c2FmZQ / tlsproxy Public

Notifications You must be signed in to change notification settings
Fork 4
Star 44

Code
Issues 2
Pull requests
Discussions
Actions
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Security
Insights

Releases: c2FmZQ/tlsproxy

Releases Tags

Releases · c2FmZQ/tlsproxy

v0.1.0

20 Nov 00:18

github-actions

v0.1.0

a92ae98

This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

v0.1.0

Let's call this the first stable development release. We'll try to keep decent release notes going forward.

TLSPROXY is primarily a TLS termination proxy that uses letsencrypt to provide TLS encryption for any number of TCP or HTTP servers, and any number of server names concurrently on the same port.

Its functionality is similar to an stunnel server, but without the need to configure and run certbot separately.

TLSPROXY can also be used as a Reverse Proxy for HTTP(S) services, and optionally control access to these services with user authentication and authorization.

Overview of features:

Use Let's Encrypt automatically to get TLS certificates (http-01 & tls-alpn-01 challenges).
Terminate TLS connections, and forward the data to any TCP server in plaintext.
Terminate TLS connections, and forward the data to any TLS server. The data is encrypted in transit, but the proxy sees the plaintext.
Terminate TCP connections, and forward the TLS connection to any TLS server (passthrough). The proxy doesn't see the plaintext.
Terminate HTTPS connections, and forward the requests to HTTP or HTTPS servers (http/1 only, not recommended with c2fmzq-server).
TLS client authentication & authorization (when the proxy terminates the TLS connections).
Built-in Certificate Authority for managing client and backend server TLS certificates.
User authentication with OpenID Connect, SAML, and/or passkeys (for HTTP and HTTPS connections). Optionally issue JSON Web Tokens (JWT) to authenticated users to use with the backend services and/or run a local OpenID Connect server for backend services.
Access control by IP address.
Routing based on Server Name Indication (SNI), with optional default route when SNI isn't used.
Simple round-robin load balancing between servers.
Support any ALPN protocol in TLS, TLSPASSTHROUGH, or TCP mode.
Use the same TCP address (IPAddr:port) for any number of server names, e.g. foo.example.com and bar.example.com on the same xxx.xxx.xxx.xxx:443.

Assets 26

All reactions

v0.0.36

19 Nov 23:36

github-actions

v0.0.36

7df1eff

This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Learn about vigilant mode.

Compare

Choose a tag to compare

View all tags

v0.0.36

Experimenting with release notes
Ensure PKI endpoint is on CONSOLE or LOCAL backend. This is to avoid potential interference from javascript code running on backends.
Misc clean-up

Assets 26