{"id":43641641,"url":"https://github.com/sebidude/authproxy","last_synced_at":"2026-02-04T18:06:09.234Z","repository":{"id":57590953,"uuid":"115628465","full_name":"sebidude/authproxy","owner":"sebidude","description":"Reverse TLS proxy with x509 client auth.","archived":false,"fork":false,"pushed_at":"2020-02-11T08:07:36.000Z","size":57,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-06-21T20:00:10.017Z","etag":null,"topics":["authproxy","proxy","tls","vhost","x509"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sebidude.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-12-28T13:59:42.000Z","updated_at":"2020-02-11T08:02:22.000Z","dependencies_parsed_at":"2022-09-26T19:43:00.874Z","dependency_job_id":null,"html_url":"https://github.com/sebidude/authproxy","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/sebidude/authproxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sebidude%2Fauthproxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sebidude%2Fauthproxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sebidude%2Fauthproxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sebidude%2Fauthproxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sebidude","download_url":"https://codeload.github.com/sebidude/authproxy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sebidude%2Fauthproxy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29092792,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-04T03:31:03.593Z","status":"ssl_error","status_checked_at":"2026-02-04T03:29:50.742Z","response_time":62,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authproxy","proxy","tls","vhost","x509"],"created_at":"2026-02-04T18:06:09.167Z","updated_at":"2026-02-04T18:06:09.225Z","avatar_url":"https://github.com/sebidude.png","language":"Go","readme":"# authproxy\n\nSimple TLS reverse proxy with TLS client auth and vhost support.\n\n## Build\n```\ngo get github.com/sebidude/authproxy\n```\n## Run\n```\nauthproxy example/authproxy.yaml\n```\n\nExample config:\n```\n# The address on which the proxy accepts requests\nlistenAddress: localhost:8443\n\n# prometheus metrics can be collected from this address \n# the path to the metrics is /metrics\nmetricsAddress: localhost:8080\n\n# Specify the path(s) to a CA cert(s) for authenticating clients.\n# comment this option to turn off x509 client auth\ncaFiles: \n- example/certs/ca.crt\n\n# Configuration of the vhosts the proxy will handle\n# List of vhosts holding\n#  hostname: hostname[:port] which will trigger the proxy (SNI is used to determine the tls.Certificate)\n#  targetAddress: the URI to which the requests will be forwarded.\n#  log: set to true to log every request. if set to false no log messages will be written for the vhost\n#  headers: a map of headers which will be added to the forwarded request. \"Host\" and \"X-Real-IP\" will always be added.\n#  tls: the tls config\n#    certFile: path to the file holding the certificate to be used with this vhost\n#    keyFile: path to the file holding the key for the certFile \nvHosts:\n  - hostname: hangar:8443\n    targetAddress: http://localhost:9090\n    log: true\n    tls:\n      certFile: example/certs/hangar.crt\n      keyFile: example/certs/hangar.key\n      allowedOrgs:\n      - Millenium Falcon\n\n\n  - hostname: cantina:8443\n    targetAddress: http://localhost:9100\n    log: true\n    headers:\n      X-Forwarded-Proto: https\n      X-Forwarded-Ssl: on\n      X-Forwarded-Scheme: https\n    tls:\n      certFile: example/certs/cantina.crt\n      keyFile: example/certs/cantina.key\n\n```\n\nUse the client pkcs12 file ```example/certs/client-han.pfx``` for browser testing (password: han)\n\nServer certs can be issued by a different CA than the client certs but only one ClientCA is supported.\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsebidude%2Fauthproxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsebidude%2Fauthproxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsebidude%2Fauthproxy/lists"}