Reputation: 167
Go - ReverseProxy to Apache proxy error: x509: certificate signed by unknown authority
i have some troubles with my own ReverseProxy i've written in Go. I want to connect my Golang-Webserver with my Apache Webserver. My Apache Webserver should be running on https and the Reverse-Proxy too. So i've written following code, but I always get the error: proxy error: x509: certificate signed by unknown authority. So must the apache uses the same certificate as the apache or what is the problem? Here some code snippets but I think its a problem with the certificates without ssl everything works fine :(
func (p *Proxy) directorApache(req *http.Request) {
mainServer := fmt.Sprintf("%s:%d", Config.HostMain, Config.PortMain)
req.URL.Scheme = "https"
req.URL.Host = mainServer
}
func (p *Proxy) directorGo(req *http.Request) {
goServer := fmt.Sprintf("%s:%d", Config.GoHost, Config.GoPort)
req.URL.Scheme = "http"
req.URL.Host = goServer
}
func (p *Proxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
fmt.Println(req.URL.Path)
if p.isGoRequest(req) {
fmt.Println("GO")
p.goProxy.ServeHTTP(rw, req)
return
}
p.httpProxy.ServeHTTP(rw, req)
}
func main() {
var configPath = flag.String("conf", "./configReverse.json", "Path to the Json config file.")
flag.Parse()
proxy := New(*configPath)
cert, err := tls.LoadX509KeyPair(Config.PathCert, Config.PathPrivateKey)
if err != nil {
log.Fatalf("server: loadkeys: %s", err)
}
config := tls.Config{InsecureSkipVerify: true, Certificates: []tls.Certificate{cert}}
listener, err := net.Listen("tcp",
net.JoinHostPort(proxy.Host, strconv.Itoa(proxy.Port)))
if err != nil {
log.Fatalf("server: listen: %s", err)
}
log.Printf("server: listening on %s")
proxy.listener = tls.NewListener(listener, &config)
serverHTTPS := &http.Server{
Handler: proxy.mux,
TLSConfig: &config,
}
if err := serverHTTPS.Serve(proxy.listener); err != nil {
log.Fatal("SERVER ERROR:", err)
}
}
I tried a lot and generated several self-signed SSL-Certificates but nothing solved my problem. Hope somebody can help me.
greetings
David
Upvotes: 3
Views: 4838
Answers (1)
Reputation: 109425
If you're using a self-signed certificate in the backend server, you need to tell your proxy's http client to not verify the certificate.
You can override the default for the http package:
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
Or create a new Transport specifically for your proxy:
httpProxy.Transport = &http.Transport{
Proxy: http.ProxyFromEnvironment,
Dial: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).Dial,
TLSHandshakeTimeout: 10 * time.Second,
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
Upvotes: 12
Related Questions
- Golang HTTP x509: certificate signed by unknown authority error
- Trouble getting reverse proxy working with TLS (to proxied server) in Golang with Gin
- Docker go image - cannot go get - x509: certificate signed by unknown authority
- Confirm TLS certificate while performing ReverseProxy in GoLang
- net::ERR_CERT_INVALID using Go backend
- Golang https certificate error: remote error: tls: unknown certificate authority
- How to use a self-signed certificate through proxy server client
- Golang ReverseProxy with Apache2 SNI/Hostname error
- SSL with GoLang using reverse proxy Nginx
- Apache reverse proxy set up SSL certificate