diff --git a/api.go b/api.go
index dd9a98e..b604461 100644
--- a/api.go
+++ b/api.go
@@ -296,6 +296,11 @@ func (a *Api) CreateTunnel(tokenData TokenData, params url.Values) (*Tunnel, err
}
}
+ tlsTerm := params.Get("tls-termination")
+ if tlsTerm != "server" && tlsTerm != "client" && tlsTerm != "passthrough" {
+ return nil, errors.New("Invalid tls-termination parameter")
+ }
+
request := Tunnel{
Domain: domain,
SshKey: sshKey.Key,
@@ -306,6 +311,7 @@ func (a *Api) CreateTunnel(tokenData TokenData, params url.Values) (*Tunnel, err
AllowExternalTcp: allowExternalTcp,
AuthUsername: username,
AuthPassword: password,
+ TlsTermination: tlsTerm,
}
tunnel, err := a.tunMan.RequestCreateTunnel(request)
diff --git a/client.go b/client.go
index 71a6dfc..9923bec 100644
--- a/client.go
+++ b/client.go
@@ -239,15 +239,21 @@ func (c *BoringProxyClient) BoreTunnel(tunnel Tunnel) context.CancelFunc {
}
tlsListener := tls.NewListener(listener, tlsConfig)
- http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+ httpMux := http.NewServeMux()
+
+ httpMux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
proxyRequest(w, r, tunnel, c.httpClient, tunnel.ClientPort)
})
+ httpServer := &http.Server{
+ Handler: httpMux,
+ }
+
// TODO: It seems inefficient to make a separate HTTP server for each TLS-passthrough tunnel,
// but the code is much simpler. The only alternative I've thought of so far involves storing
// all the tunnels in a mutexed map and retrieving them from a single HTTP server, same as the
// boringproxy server does.
- go http.Serve(tlsListener, nil)
+ go httpServer.Serve(tlsListener)
} else {
diff --git a/webui/index.tmpl b/webui/index.tmpl
index 78bf781..3f09882 100644
--- a/webui/index.tmpl
+++ b/webui/index.tmpl
@@ -134,6 +134,14 @@
+
+
+
+