Skip to content

Configuring mTLS with Private Locations

mTLS is a protocol that allows two parties to authenticate each other and ensure the integrity of the communication.

By default, the Private Location does not support mTLS. However, you can build a proxy that will be able to intercept the traffic and enable mTLS.

For example, you can use mitmproxy and configure the mTLS client certificates.

Here is an example of a docker-compose file that will start a Private Location and a mitmproxy instance. For it to work, you will need to have a ./certs directory with the client-cert.pem and client-key.pem files.

---
services:
  private-location:
    image: escapetech/cli:latest
    restart: always
    command: locations start -v location-name
    environment:
      - ESCAPE_API_KEY=<ESCAPE_API_KEY>
      - ESCAPE_BACKEND_PROXY_URL=mtls-proxy:8080
  mtls-proxy:
    image: mitmproxy/mitmproxy
    restart: always
    ports:
      - "8080:8080"
    volumes:
      - ./certs:/certs
    command: mitmproxy --set request_client_cert=True --set client_certs=client-cert.pem

Note

Further information about certificate installation is available in the mitmproxy mTLS documentation.