Skip to content

Latest commit

 

History

History
50 lines (43 loc) · 1.4 KB

README.md

File metadata and controls

50 lines (43 loc) · 1.4 KB
Raw

Simple SSL bridge

Client example:

$ docker run --rm  -p 3000:3000 \
    -e PORT=3000 \
    -e DST=socat-server:4000 \
    -v pathToClientCert.pem:/cert.pem \
    -v pathToKey.pem:/key.pem \
    yadd/socat-client

Server example

$ docker run --rm  -p 4000:4000 \
    -e PORT=4000 \
    -e DST=hidden-server:80 \
    -v pathToClientCert.pem:/cert.pem \
    -v pathToKey.pem:/key.pem

Environment variables

  • VERIFY: certificate verification. When ̀VERIFY=0` is set:
    • it disable server certificate validation when used on client side
    • it disable the requirement of a certificate on server side
  • PORT: the port to listen to. Default:
    • server: 443
    • client: 80
  • DST: the destination. Default:
    • client: 127.0.0.1:443
    • server: 127.0.0.1:80

Certificates

For the CA certificate, the certificate and the key, you can set the content using an environment variable. Then files are ignored. The content must replace "new line" characters by \n (serialized string)

  • Certificate
    • CERTFILE, default to /cert.pem
    • CERT: the certificate serialized
  • Key
    • KEYFILE, default to /key.pem
    • KEY: the key serialized
  • CA certificate (can be partner certificate)
    • CAFILE
    • CACERT: the CA certificate serialized
    • CAPATH: alternative to CAFILE, give a directory with certificates (with links generated by openssl rehash of course)