github-starred/go-http-tunnel

Fork 0

mirror of https://github.com/mmatczuk/go-http-tunnel.git synced 2026-05-15 14:16:17 -06:00

[GH-ISSUE #33] HTTP Proxy Error on some HTTPS endpoints #17

New issue

Closed

opened 2026-05-05 10:57:05 -06:00 by gitea-mirror · 3 comments

gitea-mirror commented

2026-05-05 10:57:05 -06:00

Owner

Originally created by @jonreeves on GitHub (Sep 27, 2017).
Original GitHub issue: https://github.com/mmatczuk/go-http-tunnel/issues/33

I'm unable to get access to a machine running PFSense over HTTPS. I get the following error in the Tunnel Client:

http: proxy error: x509: certificate signed by unknown authority

The odd thing is I have a NAS on the same network that uses HTTPS too and that one I'm able to reach just fine. Both have self-signed certificates, so I expect to get the Warning in the browser, but after proceeding beyond that warning, the PFSense one fails with a HTTP 502 error and I get that message in the Tunnel Client. The NAS one is just fine.

Any ideas? I already have insecure_skip_verify: true in the client config.

Originally created by @jonreeves on GitHub (Sep 27, 2017). Original GitHub issue: https://github.com/mmatczuk/go-http-tunnel/issues/33 I'm unable to get access to a machine running PFSense over HTTPS. I get the following error in the Tunnel Client: ``` http: proxy error: x509: certificate signed by unknown authority ``` The odd thing is I have a NAS on the same network that uses HTTPS too and that one I'm able to reach just fine. Both have self-signed certificates, so I expect to get the Warning in the browser, but after proceeding beyond that warning, the PFSense one fails with a HTTP 502 error and I get that message in the Tunnel Client. The NAS one is just fine. Any ideas? I already have `insecure_skip_verify: true` in the client config.

gitea-mirror closed this issue

2026-05-05 10:57:06 -06:00

gitea-mirror commented

2026-05-05 10:57:08 -06:00

Author

Owner

@mmatczuk commented on GitHub (Sep 27, 2017):

Hi @jonreeves insecure_skip_verify: true is for the tunnel client server communication not for proxying. I confirm that it would not work with self signed certificates. Can you use simple HTTP? If not maybe you can get https://letsencrypt.org certificate?

@mmatczuk commented on GitHub (Sep 27, 2017): Hi @jonreeves `insecure_skip_verify: true` is for the tunnel client server communication not for proxying. I confirm that it would not work with self signed certificates. Can you use simple HTTP? If not maybe you can get https://letsencrypt.org certificate?

gitea-mirror commented

2026-05-05 10:57:09 -06:00

Author

Owner

@mmatczuk commented on GitHub (Sep 27, 2017):

The best option would be to provide a proper handling on this by a separate tls tunnel type.

@mmatczuk commented on GitHub (Sep 27, 2017): The best option would be to provide a proper handling on this by a separate tls tunnel type.

gitea-mirror commented

2026-05-05 10:57:10 -06:00

Author

Owner

@jonreeves commented on GitHub (Sep 28, 2017):

ah ok, I just wanted to confirm I wasn't missing something. I can probably get the Root CA certs installed onto the machine where I run the server and it should work then. Thanks for the clarification. Great tool by the way.

@jonreeves commented on GitHub (Sep 28, 2017): ah ok, I just wanted to confirm I wasn't missing something. I can probably get the Root CA certs installed onto the machine where I run the server and it should work then. Thanks for the clarification. Great tool by the way.

No labels

pull-request

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/go-http-tunnel#17

No description provided.

Rows
Columns