This is a simple Mutual TLS (mTLS) reverse proxy that handles mTLS with the client.
% git clone https://github.com/grokify/mtlsproxy
% cd mtlsproxy
Create test keys and certificates for server and client usage in non-interactive mode with 1 day expiration.
% openssl req -x509 -newkey rsa:4096 -keyout server_key.pem -out server_cert.pem -sha256 -days 1 -nodes -subj "/C=US/ST=California/L=Silicon Valley/O=Local/OU=Host/CN=localhost"
% openssl req -x509 -newkey rsa:4096 -keyout client_key.pem -out client_cert.pem -sha256 -days 1 -nodes -subj "/C=US/ST=California/L=Silicon Valley/O=Local/OU=Host/CN=client"
Ref: https://stackoverflow.com/a/10176685/1908967
% export MTLSP_SERVER_KEY_PATH=server_key.pem
% export MTLSP_SERVER_CERT_PATH=server_cert.pem
% export MTLSP_CLIENT_CA_PATHS=client_cert.pem
% export MTLSP_UPSTREAM_URL=http://example.com
% export MTLSP_PORT=8080
% go run main.go
2024/03/26 07:36:57 listen: [::]:8080
% curl --cert client_cert.pem --key client_key.pem --cacert server_crt.pem https://localhost:8080
Returns page from http://example.com.