Proxy that terminates tls and serves its tls certificate!
Put the certificate API behind something like https://github.com/flashbots/cvm-reverse-proxy.
Generate certificate and key files
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt
openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=*.example.com" -out server.csr
openssl x509 -req -extfile <(printf "subjectAltName=DNS:example.com,DNS:www.example.com") -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
Run the proxy
go run ./cmd/proxy-server/main.go
Run the client (verification)
Assumes example.com is your domain (put 127.0.0.1 example.com in /etc/hosts).
go run ./cmd/proxy-client/main.go --proxy-url https://example.com:8081
Install dev dependencies
go install mvdan.cc/[email protected]
go install honnef.co/go/tools/cmd/[email protected]
go install github.com/golangci/golangci-lint/cmd/[email protected]
go install go.uber.org/nilaway/cmd/[email protected]Lint, test, format
make lint
make test
make fmt