inlets-connect is a proxy that supports HTTPS and the CONNECT method. It can be deployed as a side-car or stand-alone to proxy to a single address using TCP pass-through.

The use-case is for TLS pass-through for a HTTPS service via an inlets PRO tunnel. With this technique, the kubernetes.default.svc address can be used with a valid TLS SAN name, when forwarded into a remote cluster via inlets PRO.



For usage on Kubernetes, see: artifacts


go build && ./inlets-connect --upstream --port 3128

curl -x

Assuming that you want to proxy to, you can start a HTTPS proxy and then use curl to access it.

This example allows the proxy running on to accept a CONNECT request and forward traffic to the --upstream i.e.

From within Kubernetes, the --upstream is likely to be kubernetes.default.svc and the proxy is likely to be run in a Pod.

Within Docker

docker run -p 3128:3128 -ti -port 3128 -upstream ghost:443
2021/04/15 10:48:49 Version: 0.0.2      Commit: 3ec88704b162263511b46f33ee23f1c72f773d56
2021/04/15 10:48:49 Listening on 3128, allowed upstream: ghost:443

curl https://ghost -x