Sometimes even though you don’t have a certificate, you want your traffic to still be end-to-end encrypted. To do this, provide -key and -crt command line options when starting a tunnel: relay connect -s demo -key tls.key -crt tls.crt -crypto tls-pass-through Auto-generating TLS certificate Webhook Relay client can terminate TLS for you, so you can have your traffic end-to-end encrypted without worrying about your local service supporting TLS. It is possible that the server you want to expose can’t terminate TLS connections. TLS pass-through enabled, make sure your destination '' can terminate HTTPS TLS termination After you’ve set up the custom domain, use the -host argument to connect the TLS tunnel on your own domain.įorward TLS traffic over your own custom domain relay connect -host -crypto tls-pass-through The custom domain you register should be the same as the one in your SSL certificate ().
The instructions to set this up are identical to those described in the previous section, we will just be specifying new -host option. Once you have your key and certificate, it’s time to run a a TLS tunnel on your own custom domain name. For the sake of example, we’ll assume that you were issued an SSL certificate for the domain.
How to do this is specific to your web server and SSL certificate provider and beyond the scope of this documentation. First, you’ll need to buy an SSL (TLS) certificate for a domain name that you own and configure your local web server to use that certificate and its private key to terminate TLS connections. If you want your certificates to match and be protected from man-in-the-middle attacks, you need two things. If you try to load up that page in a web browser, it will ask you to add an exception. You need to specify that because your local HTTPS server doesn’t have the TLS key and certificate necessary to terminate traffic for any *webrelay.io subdomains. In previous command example -insecure option is required so that we can ignore certificate warnings. Now, you can access it with curl: curl -insecure TLS pass-through tunnels without certificate warnings TLS pass-through enabled, make sure your destination '' can terminate HTTPS To specify TLS pass-through mode when using connect command: relay connect -crypto tls-pass-through
Webhook Relay supports TLS tunnels and it’s really easy to use them: For production traffic or anything that includes sensitive information such as authentication tokens, you will want your tunnel traffic to be encrypted with your own key and certificate. HTTPS tunnels terminate TLS (SSL) traffic at the Webhook Relay servers ( *.webrelay.io). TLS tunnels are available for all paid plans.
0 kommentar(er)
