[GH-ISSUE #105] How to prevent just anyone joining your server. #56

New issue

Closed

opened 2026-05-05 10:59:00 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented 2026-05-05 10:59:00 -06:00

Owner

Copy link

Originally created by @1ubuntuuser on GitHub (Oct 30, 2019).
Original GitHub issue: https://github.com/mmatczuk/go-http-tunnel/issues/105

Hello, I have been playing around with this and it seems to be working well and easy to set up, maybe to easy. Then it occurred to me that my server isn't only allowing "known" clients to connect, but just anybody who happens to know the server IP.

How does one restrict what clients are allowed to connect to a server?

Thanks!

Originally created by @1ubuntuuser on GitHub (Oct 30, 2019). Original GitHub issue: https://github.com/mmatczuk/go-http-tunnel/issues/105 Hello, I have been playing around with this and it seems to be working well and easy to set up, maybe to easy. Then it occurred to me that my server isn't only allowing "known" clients to connect, but just anybody who happens to know the server IP. How does one restrict what clients are allowed to connect to a server? Thanks!

gitea-mirror closed this issue 2026-05-05 10:59:01 -06:00

gitea-mirror commented 2026-05-05 10:59:03 -06:00

Author

Owner

Copy link

@1ubuntuuser commented on GitHub (Oct 30, 2019):

Found something in the code.
rootCA := flag.String("rootCA", "", "Path to the trusted certificate chian used for client certificate authentication, if empty any client certificate is accepted")

Are the server configuration options located anywhere apart from the readme?

Not sure how to generate a rootCA but I think I have a start now.

<!-- gh-comment-id:547850496 --> @1ubuntuuser commented on GitHub (Oct 30, 2019): Found something in the code. `rootCA := flag.String("rootCA", "", "Path to the trusted certificate chian used for client certificate authentication, if empty any client certificate is accepted")` Are the server configuration options located anywhere apart from the readme? Not sure how to generate a rootCA but I think I have a start now.

gitea-mirror commented 2026-05-05 10:59:09 -06:00

Author

Owner

Copy link

@1ubuntuuser commented on GitHub (Oct 30, 2019):

That's enough for one night I think... Didn't get it going unfortunately.

sudo ./tunneld -tlsCrt server.crt -tlsKey server.key -rootCA rootCA.key

github.com/mmatczuk/go-http-tunnel

failed to create server: listener failed: missing TLSConfig

<!-- gh-comment-id:547917868 --> @1ubuntuuser commented on GitHub (Oct 30, 2019): That's enough for one night I think... Didn't get it going unfortunately. ``` sudo ./tunneld -tlsCrt server.crt -tlsKey server.key -rootCA rootCA.key github.com/mmatczuk/go-http-tunnel failed to create server: listener failed: missing TLSConfig ```

gitea-mirror commented 2026-05-05 10:59:10 -06:00

Author

Owner

Copy link

@1ubuntuuser commented on GitHub (Oct 30, 2019):

Alrighty, was able to use generate and use a ca.pem file. the server is rejecting requests from unauthenticated clients nicely. Unfortunately can't figure out the last piece of the puzzle which is how to generate client certificates using the root ca.

It sure would be nice to have someone write some instructions for newbies!

<!-- gh-comment-id:547942955 --> @1ubuntuuser commented on GitHub (Oct 30, 2019): Alrighty, was able to use generate and use a ca.pem file. the server is rejecting requests from unauthenticated clients nicely. Unfortunately can't figure out the last piece of the puzzle which is how to generate client certificates using the root ca. It sure would be nice to have someone write some instructions for newbies!

gitea-mirror commented 2026-05-05 10:59:11 -06:00

Author

Owner

Copy link

@1ubuntuuser commented on GitHub (Oct 30, 2019):

Success (finally)!
This write up shed some light on it.
https://stuff-things.net/2015/09/17/client-certificate-ca-setup-and-signing/

I also was able to study the container that is still in a PR to get an idea of how the keys are created.

Perhaps don't close this until you consider adding some instructions to the README.md?

<!-- gh-comment-id:547966081 --> @1ubuntuuser commented on GitHub (Oct 30, 2019): Success (finally)! This write up shed some light on it. https://stuff-things.net/2015/09/17/client-certificate-ca-setup-and-signing/ I also was able to study the container that is still in a PR to get an idea of how the keys are created. Perhaps don't close this until you consider adding some instructions to the README.md?

gitea-mirror commented 2026-05-05 10:59:12 -06:00

Author

Owner

Copy link

@stobias123 commented on GitHub (Dec 20, 2019):

@danielwilson654 - this use case is documented in the docs via -clients flag or use of root_ca

IMO this issue should be closed.

<!-- gh-comment-id:568079101 --> @stobias123 commented on GitHub (Dec 20, 2019): @danielwilson654 - this use case is documented in the docs via `-clients` flag or use of `root_ca ` IMO this issue should be closed.

gitea-mirror referenced this issue 2026-05-05 11:02:04 -06:00

[PR #56] [MERGED] keepalive: windows fix #128

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/go_modules/golang.org/x/net-0.38.0

revert-110-hotfix/dependency

mmt/websocket

mmt/old-websocket

2.1

v.2.0

v.1.2

v.1.1

v.1.0

Labels

Clear labels   

pull-request

Mirrored from GitHub Pull Request

No labels

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/go-http-tunnel#56

No description provided.