mirror of
https://github.com/boringproxy/boringproxy.git
synced 2025-02-25 18:55:29 -06:00
Implement specifying cert directory
Also fixed a bug where client TLS termination was failing to get new certs I believe because the TLS listener hadn't started up yet. I didn't notice it before because I'm running the client and server on the same machine and the server currently gets certs on startup even for non-server TLS tunnels
This commit is contained in:
@@ -39,6 +39,7 @@ func Listen() {
|
||||
flagSet := flag.NewFlagSet(os.Args[0], flag.ExitOnError)
|
||||
adminDomain := flagSet.String("admin-domain", "", "Admin Domain")
|
||||
sshServerPort := flagSet.Int("ssh-server-port", 22, "SSH Server Port")
|
||||
certDir := flagSet.String("cert-dir", "", "TLS cert directory")
|
||||
flagSet.Parse(os.Args[2:])
|
||||
|
||||
webUiDomain := *adminDomain
|
||||
@@ -56,6 +57,9 @@ func Listen() {
|
||||
}
|
||||
|
||||
certmagic.DefaultACME.DisableHTTPChallenge = true
|
||||
if *certDir != "" {
|
||||
certmagic.Default.Storage = &certmagic.FileStorage{*certDir}
|
||||
}
|
||||
//certmagic.DefaultACME.DisableTLSALPNChallenge = true
|
||||
//certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA
|
||||
certConfig := certmagic.NewDefault()
|
||||
|
||||
20
client.go
20
client.go
@@ -39,9 +39,14 @@ func NewBoringProxyClient() *BoringProxyClient {
|
||||
token := flagSet.String("token", "", "Access token")
|
||||
name := flagSet.String("client-name", "", "Client name")
|
||||
user := flagSet.String("user", "admin", "user")
|
||||
certDir := flagSet.String("cert-dir", "", "TLS cert directory")
|
||||
flagSet.Parse(os.Args[2:])
|
||||
|
||||
certmagic.DefaultACME.DisableHTTPChallenge = true
|
||||
|
||||
if *certDir != "" {
|
||||
certmagic.Default.Storage = &certmagic.FileStorage{*certDir}
|
||||
}
|
||||
certConfig := certmagic.NewDefault()
|
||||
|
||||
httpClient := &http.Client{}
|
||||
@@ -225,13 +230,6 @@ func (c *BoringProxyClient) BoreTunnel(tunnel Tunnel) context.CancelFunc {
|
||||
//defer listener.Close()
|
||||
|
||||
if tunnel.TlsTermination == "client" {
|
||||
// TODO: There's still quite a bit of duplication with what the server does. Could we
|
||||
// encapsulate it into a type?
|
||||
err = c.certConfig.ManageSync([]string{tunnel.Domain})
|
||||
if err != nil {
|
||||
log.Println("CertMagic error at startup")
|
||||
log.Println(err)
|
||||
}
|
||||
|
||||
tlsConfig := &tls.Config{
|
||||
GetCertificate: c.certConfig.GetCertificate,
|
||||
@@ -255,6 +253,14 @@ func (c *BoringProxyClient) BoreTunnel(tunnel Tunnel) context.CancelFunc {
|
||||
// boringproxy server does.
|
||||
go httpServer.Serve(tlsListener)
|
||||
|
||||
// TODO: There's still quite a bit of duplication with what the server does. Could we
|
||||
// encapsulate it into a type?
|
||||
err = c.certConfig.ManageSync([]string{tunnel.Domain})
|
||||
if err != nil {
|
||||
log.Println("CertMagic error at startup")
|
||||
log.Println(err)
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
go func() {
|
||||
|
||||
@@ -30,6 +30,8 @@ func proxyRequest(w http.ResponseWriter, r *http.Request, tunnel Tunnel, httpCli
|
||||
|
||||
downstreamReqHeaders := r.Header.Clone()
|
||||
|
||||
// TODO: should probably pass in address instead of using localhost,
|
||||
// mostly for client-terminated TLS
|
||||
upstreamAddr := fmt.Sprintf("localhost:%d", port)
|
||||
upstreamUrl := fmt.Sprintf("http://%s%s", upstreamAddr, r.URL.RequestURI())
|
||||
|
||||
|
||||
Reference in New Issue
Block a user