Hi,

Let me start by saying that this looks like a really interesting and polished project, and this is not so much a bug report as a request for feedback, or perhaps a feature request.

I'm experimenting with self-hosting sshx-server, which doesn't seem to be documented from what I can find, but I've pieced together what might be necessary from the Dockerfile and the development instructions. I've got the server running just fine, I can connect to it with sshx and I get a Link that opens successfully in the browser, but I then get crypto.subtle is undefined in the Firefox dev console.

From this question I gather that the reason might be that crypto.subtle refuses to run over HTTP, which I guess makes sense.

The problem is that my instance of sshx-server needs to run over unencrypted HTTP over a VPN, and there is no CA infrastructure set up that allows me to establish "green" TLS connections in this environment. I appreciate that in normal use-cases, it would be insane to run an sshx server over HTTP, but in this case it's not a problem because only connections over the VPN are allowed anyway, and they are already encrypted and authorized.

Questions:

1. Would it be possible to make this work without making changes to sshx-server? My initial thought was that maybe using something like nginx to reverse proxy the traffic could at least allow me to use self-signed TLS, but this would require sshx to take some kind of --insecure flag similar to curl to allow the certificate verification to fail, and the browser can then separately choose to connect "insecurely".

2. Any other ideas on how this could be made to work without having to set up an entire CA infrastructure for the VPN?