Implement raw TLS tunnels

My testing shows this works for WebSockets.
2025-02-25 18:55:29 -06:00 · 2022-02-11 13:04:59 -07:00 · 2022-02-11 13:04:59 -07:00 · 3be1f0b48c
commit 3be1f0b48c
parent 28a919f861
4 changed files with 23 additions and 10 deletions
--- a/api.go
+++ b/api.go
@ -300,7 +300,7 @@ func (a *Api) CreateTunnel(tokenData TokenData, params url.Values) (*Tunnel, err
 	}

 	tlsTerm := params.Get("tls-termination")
-	if tlsTerm != "server" && tlsTerm != "client" && tlsTerm != "passthrough" {
+	if tlsTerm != "server" && tlsTerm != "client" && tlsTerm != "passthrough" && tlsTerm != "client-tls" {
 		return nil, errors.New("Invalid tls-termination parameter")
 	}

--- a/boringproxy.go
+++ b/boringproxy.go
@ -334,7 +334,7 @@ func (p *Server) handleConnection(clientConn net.Conn) {

 	tunnel, exists := p.db.GetTunnel(clientHello.ServerName)

-	if exists && (tunnel.TlsTermination == "client" || tunnel.TlsTermination == "passthrough") {
+	if exists && (tunnel.TlsTermination == "client" || tunnel.TlsTermination == "passthrough") || tunnel.TlsTermination == "client-tls" {
 		p.passthroughRequest(passConn, tunnel)
 	} else {
 		p.httpListener.PassConn(passConn)
--- a/client.go
+++ b/client.go
@ -320,6 +320,18 @@ func (c *Client) BoreTunnel(ctx context.Context, tunnel Tunnel) error {

 	} else {

+		if tunnel.TlsTermination == "client-tls" {
+			tlsConfig := &tls.Config{
+				GetCertificate: c.certConfig.GetCertificate,
+			}
+
+			tlsConfig.NextProtos = append([]string{"http/1.1", "h2", "acme-tls/1"}, tlsConfig.NextProtos...)
+
+			tlsListener := tls.NewListener(listener, tlsConfig)
+
+			listener = tlsListener
+		}
+
 		go func() {
 			for {
 				conn, err := listener.Accept()
--- a/templates/edit_tunnel.tmpl
+++ b/templates/edit_tunnel.tmpl
@ -11,6 +11,15 @@
       <input type="text" id="domain" name="domain" value="{{$.Domain}}" required>
       <input type="hidden" id="tunnel-owner" name="owner" value="{{$.UserId}}">
     </div>
+     <div class='input'>
+       <label for="tls-termination">Tunnel Type:</label>
+       <select id="tls-termination" name="tls-termination">
+         <option value="client-tls">Client TLS</option>
+         <option value="client">Client HTTPS</option>
+         <option value="server">Server HTTPS</option>
+         <option value="passthrough">Passthrough</option>
+       </select>
+     </div>
     <div class='input'>
       <label for="tunnel-port">Tunnel Port:</label>
       <input type="text" id="tunnel-port" name="tunnel-port" value="Random">
@ -33,14 +42,6 @@
       <label for="client-port">Client Port:</label>
       <input type="text" id="client-port" name="client-port">
     </div>
-     <div class='input'>
-       <label for="tls-termination">TLS Termination:</label>
-       <select id="tls-termination" name="tls-termination">
-         <option value="client">Client</option>
-         <option value="server">Server</option>
-         <option value="passthrough">Passthrough</option>
-       </select>
-     </div>
     <div class='input'>
       <label for="allow-external-tcp">Allow External TCP:</label>
       <input type="checkbox" id="allow-external-tcp" name="allow-external-tcp">