https://github.com/eastlondoner/tailscale-ssl-proxy

:lock: Simple zero-config SSL reverse proxy for Tailscale users (LetsEncrypt certs)
https://github.com/eastlondoner/tailscale-ssl-proxy

https proxy ssl tailscale

Last synced: 3 months ago
JSON representation

:lock: Simple zero-config SSL reverse proxy for Tailscale users (LetsEncrypt certs)

• Host: GitHub
• URL: https://github.com/eastlondoner/tailscale-ssl-proxy
• Owner: eastlondoner
• License: mit
• Created: 2022-01-24T15:46:58.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2022-03-08T15:48:17.000Z (over 2 years ago)
• Last Synced: 2024-01-16T21:50:36.880Z (5 months ago)
• Topics: https, proxy, ssl, tailscale
• Language: Go
• Homepage:
• Size: 114 KB
• Stars: 12
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Lists

• awesome-stars - eastlondoner/tailscale-ssl-proxy - :lock: Simple zero-config SSL reverse proxy for Tailscale users (LetsEncrypt certs) (Go)
• awesome-stars - eastlondoner/tailscale-ssl-proxy - :lock: Simple zero-config SSL reverse proxy for Tailscale users (LetsEncrypt certs) (Go)

README

        


  
tailscale-ssl-proxy

  
Simple single-command SSL reverse proxy for Tailscale




A handy way to add Tailscale SSL support to your locally running thing -- be it your personal jupyter notebook, nodejs app or any other http application. 

`tailscale-ssl-proxy` uses the official Tailscale go package to get trusted LetsEncrypt SSL certs and then proxies HTTPS traffic to your existing HTTP server in a single command. `tailscale-ssl-proxy` also redirects unencrypted HTTP traffic on port 80 to HTTPS.

## Installation

Download the latest version of tailscale-ssl-proxy using the installer script in the github release:

```sh

# Install the correct binary to ./bin

curl -L https://github.com/eastlondoner/tailscale-ssl-proxy/releases/download/v0.0.6/install-tailscale-ssl-proxy.sh | sh -s

```

The installer script will fetch the latest `tailscale-ssl-proxy` binary for your OS and place it in `./bin/tailscale-ssl-proxy`

To use `tailscale-ssl-proxy` from anyhwere you now need to add it to your PATH:

#### For most linux-based systems including Mac OS

Move the binary to `/usr/local/bin`

```sh

# Move the binary to /usr/local/bin

mv ./bin/tailscale-ssl-proxy /usr/local/bin

```

#### For Windows systems

TBC - need to figure out what the instructions for Windows systems are

## Quickstart

```sh

tailscale-ssl-proxy

# Listening on [::]:443

# Listening on [::]:80

# Proxying calls from https://:443 (SSL/TLS) to http://localhost:8080

# Redirecting http requests on :80 to https on port :443

```

This will immediately fetch, real LetsEncrypt certificates for the machine's Tailscale address.

## Usage

Print usage using the `-help` option

```sh

tailscale-ssl-proxy -help

```

```

Usage of tailscale-ssl-proxy

  -from string

    	the tcp address and port this proxy should listen for requests on (default ":443")

  -redirectHTTP string

    	the tcp address and port this proxy should listen for http->https request redirects. Set to 'off' to disable http->https redirect (default ":80")

  -to string

    	the address and port for which to proxy requests to (default "http://localhost:8080")

```

## Warning

The ssl certificate files (including the private key) are written to the current working directory as `cert.pem` and `key.pem` - that is the behaviour of the tailscale client. The private key is sensitive use at your own risk.

### Examples

#### Proxy to port 3000 (instead of 8080)

```sh

tailscale-ssl-proxy -to :3000

# Listening on [::]:443

# Listening on [::]:80

# Proxying calls from https://:443 (SSL/TLS) to http://localhost:3000

# Redirecting http requests on :80 to https on port :443

```

#### Disable HTTP -> HTTPS Redirect

```sh

tailscale-ssl-proxy -redirectHTTP off

# Listening on [::]:443

# Proxying calls from https://:443 (SSL/TLS) to http://localhost:8080

```

Simply include the `-redirectHTTP` flag when running the program.

#### Serve https on port 8443 (instaead of 443)

```sh

tailscale-ssl-proxy -from 0.0.0.0:8443

# Listening on [::]:8443

# Listening on [::]:80

# Proxying calls from https://0.0.0.0:8443 (SSL/TLS) to http://localhost:8080

# WARN: You must serve on port :443 for the LetsEncrypt certs that tailscale uses to be valid

# Redirecting http requests on :80 to https on port :8443

```

Simply include the `-redirectHTTP` flag when running the program.

### Build from source 

#### Build from source using Docker

You can build `tailscale-ssl-proxy` for all platforms quickly using the included Docker configurations.

If you have `docker-compose` installed you can use the `./docker-make` script:

```sh

./docker-make build

```

That will build a binary for your local system and place it in the root directory.

#### Build from source locally

You must have Golang installed on your system along with `make`. Then simply clone the repository and run `make`. 

## Attribution

Forked from ssl-proxy by Suyash Kumar