Implement setting TlsTermination on server

2025-02-25 18:55:29 -06:00 · 2020-11-27 16:01:40 -07:00 · 2020-11-27 16:01:40 -07:00 · 5befc74c11
commit 5befc74c11
parent 560d682a31
3 changed files with 22 additions and 2 deletions
--- a/api.go
+++ b/api.go
@ -296,6 +296,11 @@ func (a *Api) CreateTunnel(tokenData TokenData, params url.Values) (*Tunnel, err
 		}
 	}

+	tlsTerm := params.Get("tls-termination")
+	if tlsTerm != "server" && tlsTerm != "client" && tlsTerm != "passthrough" {
+		return nil, errors.New("Invalid tls-termination parameter")
+	}
+
 	request := Tunnel{
 		Domain:           domain,
 		SshKey:           sshKey.Key,
@ -306,6 +311,7 @@ func (a *Api) CreateTunnel(tokenData TokenData, params url.Values) (*Tunnel, err
 		AllowExternalTcp: allowExternalTcp,
 		AuthUsername:     username,
 		AuthPassword:     password,
+		TlsTermination:   tlsTerm,
 	}

 	tunnel, err := a.tunMan.RequestCreateTunnel(request)
--- a/client.go
+++ b/client.go
@ -239,15 +239,21 @@ func (c *BoringProxyClient) BoreTunnel(tunnel Tunnel) context.CancelFunc {
 			}
 			tlsListener := tls.NewListener(listener, tlsConfig)

-			http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+			httpMux := http.NewServeMux()
+
+			httpMux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 				proxyRequest(w, r, tunnel, c.httpClient, tunnel.ClientPort)
 			})

+			httpServer := &http.Server{
+				Handler: httpMux,
+			}
+
 			// TODO: It seems inefficient to make a separate HTTP server for each TLS-passthrough tunnel,
 			// but the code is much simpler. The only alternative I've thought of so far involves storing
 			// all the tunnels in a mutexed map and retrieving them from a single HTTP server, same as the
 			// boringproxy server does.
-			go http.Serve(tlsListener, nil)
+			go httpServer.Serve(tlsListener)

 		} else {

--- a/webui/index.tmpl
+++ b/webui/index.tmpl
@ -134,6 +134,14 @@
                   <input type="password" id="password" name="password">
                 </div>
               </div>
+               <div class='input'>
+                 <label for="tls-termination">TLS Termination:</label>
+                 <select id="tls-termination" name="tls-termination">
+                   <option value="server">Server</option>
+                   <option value="client">Client</option>
+                   <option value="passthrough">Passthrough</option>
+                 </select>
+               </div>
               <button class='button' type="submit">Submit</button>
            </form>
          </div>