Support mTLS on the Client Config for HTTPS

[skaravad]

We would like to offload TLS and mTLS (client cert auth) to a reverse proxy (HTTPS only) , so in theory Piko server need not have this feature.

On the Piko Client , if the TLS config can be extended to use client cert and key , it would really improve the overall security posture of the communication.

When mTLS is enabled , we can drop any un-authorized clients connections which is better security for servers open to the internet.

[andydunstall]

@skaravad Thanks for opening, I'll aim to add this weekend

I'll add mTLS to the server too just for consistency, though will start with adding it to the agent

[skaravad]

Thank you @andydunstall , really appreciate it.

[andydunstall]

@skaravad I've added #195 and tested mTLS locally, though please confirm this works ok for you before I merge

Such as you can run piko agent http my-endpoint localhost:3000 --connect.url ... --connect.tls.cert ./client.crt --connect.tls.key ./client.key

Thanks!

[skaravad]

hi @andydunstall , I was able to test the agent with mTLS , it is working as designed. Thank you so much for enabling this, it really helps to reinforce the security. Kudos to you and the contributors of this project , very simple, efficient and extensible, hope to see more features / adoption in the future.

Thank you again for enabling this feature.