Simple proxy server meant to be run in secure a Google Cloud environment.
In order to use it with Google Cloud Secret manager you need to specify projectId environment variable.
Server supports two use-cases:
- TLS connection to any server using TLS certificates from Google Cloud Secret Manager
TLS connection is implemented using POST method, because CONNECT method is not supported by some cloud providers
You need to specify request method, url, name of a public certificate and a private key in the following headers:
X-Proxy-Method -- HTTP method
X-Proxy-Url -- requested URL
X-Proxy-Cert -- TLS public certificate name/path
X-Proxy-Key -- TLS private key name/path
All headers which you want to pass to the actual server should be prefixed with X-Request-
- Signing data with PEM private key
In order to do that just send a request to/signendpoint with your data in the body and following headers:
X-Proxy-Key-- private key name/path
X-Proxy-Signature-Algorithm-- signature algorithm (supported rs256 and ps256 values)
Proxy is meant to be run in the secured environment, that is why no authentication is implemented.