socat SSL proxy

First create a self-signed certificate:

openssl genrsa -out server.key 2048
# Note: answer localhost for your Common Name (CN)
# other answers don't really matter
openssl req -new -key server.key -x509 -days 3653 -out server.crt
cat server.key server.crt > server.pem
openssl dhparam -out dhparams.pem 2048
cat dhparams.pem >> server.pem

Then use socat to listen on port 443 on all interfaces (IPv6 enabled) and forward (unencrypted) to localhost:80:

socat openssl-listen:443,fork,reuseaddr,cert=server.pem,cafile=server.crt,verify=0,openssl-min-proto-version=TLS1.3 TCP:localhost:80
Last change: 2025-06-29, commit: e4987b8