IntenseWebs/boringproxy
3
0
Fork 0
mirror of https://github.com/boringproxy/boringproxy.git synced 2025-02-25 18:55:29 -06:00
Code Issues Packages Projects Releases Wiki Activity

Implement setting TlsTermination on server

Browse Source
This commit is contained in:
Anders Pitman 2020-11-27 16:01:40 -07:00
parent 560d682a31
commit 5befc74c11
3 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
api.go
View File

@ -296,6 +296,11 @@ func (a *Api) CreateTunnel(tokenData TokenData, params url.Values) (*Tunnel, err
} }
} }
tlsTerm := params.Get("tls-termination")
if tlsTerm != "server" && tlsTerm != "client" && tlsTerm != "passthrough" {
return nil, errors.New("Invalid tls-termination parameter")
}
request := Tunnel{ request := Tunnel{
Domain: domain, Domain: domain,
SshKey: sshKey.Key, SshKey: sshKey.Key,
@ -306,6 +311,7 @@ func (a *Api) CreateTunnel(tokenData TokenData, params url.Values) (*Tunnel, err
AllowExternalTcp: allowExternalTcp, AllowExternalTcp: allowExternalTcp,
AuthUsername: username, AuthUsername: username,
AuthPassword: password, AuthPassword: password,
TlsTermination: tlsTerm,
} }
tunnel, err := a.tunMan.RequestCreateTunnel(request) tunnel, err := a.tunMan.RequestCreateTunnel(request)

10
client.go
View File

@ -239,15 +239,21 @@ func (c *BoringProxyClient) BoreTunnel(tunnel Tunnel) context.CancelFunc {
} }
tlsListener := tls.NewListener(listener, tlsConfig) tlsListener := tls.NewListener(listener, tlsConfig)
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { httpMux := http.NewServeMux()
httpMux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
proxyRequest(w, r, tunnel, c.httpClient, tunnel.ClientPort) proxyRequest(w, r, tunnel, c.httpClient, tunnel.ClientPort)
}) })
httpServer := &http.Server{
Handler: httpMux,
}
// TODO: It seems inefficient to make a separate HTTP server for each TLS-passthrough tunnel, // TODO: It seems inefficient to make a separate HTTP server for each TLS-passthrough tunnel,
// but the code is much simpler. The only alternative I've thought of so far involves storing // but the code is much simpler. The only alternative I've thought of so far involves storing
// all the tunnels in a mutexed map and retrieving them from a single HTTP server, same as the // all the tunnels in a mutexed map and retrieving them from a single HTTP server, same as the
// boringproxy server does. // boringproxy server does.
go http.Serve(tlsListener, nil) go httpServer.Serve(tlsListener)
} else { } else {

8
webui/index.tmpl
View File

@ -134,6 +134,14 @@
<input type="password" id="password" name="password"> <input type="password" id="password" name="password">
</div> </div>
</div> </div>
<div class='input'>
<label for="tls-termination">TLS Termination:</label>
<select id="tls-termination" name="tls-termination">
<option value="server">Server</option>
<option value="client">Client</option>
<option value="passthrough">Passthrough</option>
</select>
</div>
<button class='button' type="submit">Submit</button> <button class='button' type="submit">Submit</button>
</form> </form>
</div> </div>