From 7b2d4cffcb54ed12cfd2aa431020a233affb1edb Mon Sep 17 00:00:00 2001 From: Dany Mahmalat Date: Sun, 20 Feb 2022 23:32:42 -0500 Subject: [PATCH 1/8] Add acme-email flag to server --- boringproxy.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/boringproxy.go b/boringproxy.go index 410f696..7b523f5 100644 --- a/boringproxy.go +++ b/boringproxy.go @@ -53,6 +53,7 @@ func Listen() { allowHttp := flagSet.Bool("allow-http", false, "Allow unencrypted (HTTP) requests") publicIp := flagSet.String("public-ip", "", "Public IP") behindProxy := flagSet.Bool("behind-proxy", false, "Whether we're running behind another reverse proxy") + acmeEmail := flagSet.String("acme-email", "", "Email for ACME (ie Let's Encrypt)") acmeUseStaging := flagSet.Bool("acme-use-staging", false, "Use ACME (ie Let's Encrypt) staging servers") err := flagSet.Parse(os.Args[2:]) if err != nil { @@ -101,6 +102,10 @@ func Listen() { //certmagic.DefaultACME.DisableHTTPChallenge = true //certmagic.DefaultACME.DisableTLSALPNChallenge = true + if *acmeEmail != "" { + certmagic.DefaultACME.Email = *acmeEmail + } + if *acmeUseStaging { certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA } From 32d2ef14ee10467f9f26f6a193801ef814427f61 Mon Sep 17 00:00:00 2001 From: Dany Mahmalat Date: Mon, 21 Feb 2022 13:07:07 -0500 Subject: [PATCH 2/8] Add db-dir to specify where to save boringproxy_db.json --- boringproxy.go | 3 ++- database.go | 12 ++++++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/boringproxy.go b/boringproxy.go index 410f696..52bbf9c 100644 --- a/boringproxy.go +++ b/boringproxy.go @@ -46,6 +46,7 @@ func Listen() { flagSet := flag.NewFlagSet(os.Args[0], flag.ExitOnError) newAdminDomain := flagSet.String("admin-domain", "", "Admin Domain") sshServerPort := flagSet.Int("ssh-server-port", 22, "SSH Server Port") + dbDir := flagSet.String("db-dir", "", "Database file directory") certDir := flagSet.String("cert-dir", "", "TLS cert directory") printLogin := flagSet.Bool("print-login", false, "Prints admin login information") httpPort := flagSet.Int("http-port", 80, "HTTP (insecure) port") @@ -61,7 +62,7 @@ func Listen() { log.Println("Starting up") - db, err := NewDatabase() + db, err := NewDatabase(*dbDir) if err != nil { log.Fatal(err) } diff --git a/database.go b/database.go index 761dbc5..5bdf5e9 100644 --- a/database.go +++ b/database.go @@ -10,6 +10,8 @@ import ( "github.com/takingnames/namedrop-go" ) +var DBFolderPath string + type Database struct { AdminDomain string `json:"admin_domain"` Tokens map[string]TokenData `json:"tokens"` @@ -60,11 +62,13 @@ type Tunnel struct { AuthPassword string `json:"auth_password"` } -func NewDatabase() (*Database, error) { +func NewDatabase(path string) (*Database, error) { - dbJson, err := ioutil.ReadFile("boringproxy_db.json") + DBFolderPath = path + + dbJson, err := ioutil.ReadFile(DBFolderPath + "boringproxy_db.json") if err != nil { - log.Println("failed reading boringproxy_db.json") + log.Printf("failed reading %sboringproxy_db.json\n", DBFolderPath) dbJson = []byte("{}") } @@ -319,5 +323,5 @@ func (d *Database) DeleteUser(username string) { } func (d *Database) persist() { - saveJson(d, "boringproxy_db.json") + saveJson(d, DBFolderPath+"boringproxy_db.json") } From 58a2727f843ae01be4b8d95058fe86924d6f9198 Mon Sep 17 00:00:00 2001 From: "Willem@105.pve1.lan" Date: Wed, 23 Feb 2022 12:33:36 +0200 Subject: [PATCH 3/8] accept-ca-terms --- Dockerfile | 2 +- boringproxy.go | 6 ++++++ docker/server/README.md | 3 +++ docker/server/docker-compose.yml | 10 ++++++---- 4 files changed, 16 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 945640f..90afd94 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,6 @@ RUN if [[ "ORIGIN" == 'remote' ]] ; then git clone --depth 1 --branch "${BRANCH} COPY go.* ./ RUN go mod download COPY . . -RUN export VERSION='2' RUN cd cmd/boringproxy && CGO_ENABLED=0 GOOS=${GOOS} GOARCH=${GOARCH} \ go build -ldflags "-X main.Version=${VERSION}" \ @@ -25,6 +24,7 @@ RUN cd cmd/boringproxy && CGO_ENABLED=0 GOOS=${GOOS} GOARCH=${GOARCH} \ FROM scratch EXPOSE 80 443 +WORKDIR /storage COPY --from=builder /build/cmd/boringproxy/boringproxy / diff --git a/boringproxy.go b/boringproxy.go index 8e73c89..b81a767 100644 --- a/boringproxy.go +++ b/boringproxy.go @@ -56,6 +56,7 @@ func Listen() { behindProxy := flagSet.Bool("behind-proxy", false, "Whether we're running behind another reverse proxy") acmeEmail := flagSet.String("acme-email", "", "Email for ACME (ie Let's Encrypt)") acmeUseStaging := flagSet.Bool("acme-use-staging", false, "Use ACME (ie Let's Encrypt) staging servers") + acceptCATerms := flagSet.Bool("accept-ca-terms", false, "Automatically accept CA terms") err := flagSet.Parse(os.Args[2:]) if err != nil { fmt.Fprintf(os.Stderr, "%s: parsing flags: %s\n", os.Args[0], err) @@ -107,6 +108,11 @@ func Listen() { certmagic.DefaultACME.Email = *acmeEmail } + if *acceptCATerms { + certmagic.DefaultACME.Agreed = true + log.Print(fmt.Sprintf("Automatic agreement to CA terms with email (%s)", *acmeEmail)) + } + if *acmeUseStaging { certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA } diff --git a/docker/server/README.md b/docker/server/README.md index 4e589d4..40eec09 100644 --- a/docker/server/README.md +++ b/docker/server/README.md @@ -4,6 +4,9 @@ Edit docker-compose.yml and change the following under **commands** for service **boringproxy** - bp.example.com: your admin domain +- your-email-address: the email address to register with Let's Encrypt + +***Since the -accept-ca-terms flag is set in the compose file, this will automatically accept terms and conditions of Let's Encrypt.*** ## Build image from source and run server in docker You can build the image from source. This requires that you clone the GitHub repo and start docker using the compose command below: diff --git a/docker/server/docker-compose.yml b/docker/server/docker-compose.yml index f3e8753..6addc03 100644 --- a/docker/server/docker-compose.yml +++ b/docker/server/docker-compose.yml @@ -7,11 +7,13 @@ services: - "80:80" - "443:443" volumes: - - data:/opt/boringproxy/ - command: ["server", "-admin-domain", "bp.example.com", "-cert-dir", "/certmagic"] + - storage:/storage/ + - ssh://.ssh + - /etc/ssl/certs/:/etc/ssl/certs/:ro + command: ["server", "-admin-domain", "bp.example.com", "-acme-email", "your-email-address", "-accept-ca-terms", "-cert-dir", "/storage/certmagic", "-print-login"] environment: USER: "root" volumes: - data: - certmagic: + storage: + ssh: \ No newline at end of file From 3b639adec8d9b51c0ec94df63ccebe679f176c21 Mon Sep 17 00:00:00 2001 From: Anders Pitman Date: Wed, 23 Feb 2022 17:30:02 -0700 Subject: [PATCH 4/8] Fix client TLS bug Wasn't properly handling the ACME protocol for raw TLS tunnels. --- boringproxy.go | 2 +- client.go | 25 +++++++++++++++++++------ 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/boringproxy.go b/boringproxy.go index b81a767..7bcf11c 100644 --- a/boringproxy.go +++ b/boringproxy.go @@ -109,7 +109,7 @@ func Listen() { } if *acceptCATerms { - certmagic.DefaultACME.Agreed = true + certmagic.DefaultACME.Agreed = true log.Print(fmt.Sprintf("Automatic agreement to CA terms with email (%s)", *acmeEmail)) } diff --git a/client.go b/client.go index cfbeda0..2976cf2 100644 --- a/client.go +++ b/client.go @@ -345,17 +345,30 @@ func (c *Client) BoreTunnel(ctx context.Context, tunnel Tunnel) error { break //continue } + + // If ALPN type is acme-tls/1, certmagic will do its thing under the hood, and the + // connection should not be used. + if tlsConn, ok := conn.(*tls.Conn); ok { + tlsConn.Handshake() + if tlsConn.ConnectionState().NegotiatedProtocol == "acme-tls/1" { + tlsConn.Close() + continue + } + } + go c.handleConnection(conn, tunnel.ClientAddress, tunnel.ClientPort) } }() } - // TODO: There's still quite a bit of duplication with what the server does. Could we - // encapsulate it into a type? - err = c.certConfig.ManageSync(ctx, []string{tunnel.Domain}) - if err != nil { - log.Println("CertMagic error at startup") - log.Println(err) + if tunnel.TlsTermination != "passthrough" { + // TODO: There's still quite a bit of duplication with what the server does. Could we + // encapsulate it into a type? + err = c.certConfig.ManageSync(ctx, []string{tunnel.Domain}) + if err != nil { + log.Println("CertMagic error at startup") + log.Println(err) + } } <-ctx.Done() From 2547cb2b34d7fb817cbc29f371ec12dc6084ab92 Mon Sep 17 00:00:00 2001 From: Anders Pitman Date: Thu, 24 Feb 2022 11:38:57 -0700 Subject: [PATCH 5/8] Add tuntls command When used in conjunction with raw Client TLS termination, allows wrapping plain TCP in TLS with SNI routing. Supports both stdin/stdout (useful for things like ssh ProxyCommand) and listening on a local port and forwarding all connections to that port. --- cmd/boringproxy/main.go | 73 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 72 insertions(+), 1 deletion(-) diff --git a/cmd/boringproxy/main.go b/cmd/boringproxy/main.go index 4e28b61..5331dc1 100644 --- a/cmd/boringproxy/main.go +++ b/cmd/boringproxy/main.go @@ -2,9 +2,13 @@ package main import ( "context" + "crypto/tls" "flag" "fmt" + "io" + "net" "os" + "sync" "github.com/boringproxy/boringproxy" ) @@ -15,6 +19,7 @@ Commands: version Prints version information. server Start a new server. client Connect to a server. + tuntls Tunnel a raw TLS connection. Use "%[1]s command -h" for a list of flags for the command. ` @@ -25,7 +30,6 @@ func fail(msg string) { fmt.Fprintln(os.Stderr, msg) os.Exit(1) } - func main() { if len(os.Args) < 2 { fmt.Fprintln(os.Stderr, os.Args[0]+": Need a command") @@ -40,6 +44,44 @@ func main() { fmt.Println(Version) case "help", "-h", "--help", "-help": fmt.Printf(usage, os.Args[0]) + case "tuntls": + // This command is a direct port of https://github.com/anderspitman/tuntls + flagSet := flag.NewFlagSet(os.Args[0], flag.ExitOnError) + server := flagSet.String("server", "", "boringproxy server") + port := flagSet.Int("port", 0, "Local port to bind to") + err := flagSet.Parse(os.Args[2:]) + if err != nil { + fmt.Fprintf(os.Stderr, "%s: parsing flags: %s\n", os.Args[0], err) + os.Exit(1) + } + + if *server == "" { + fmt.Fprintf(os.Stderr, "server argument is required\n") + os.Exit(1) + } + + if *port == 0 { + // one-time tunnel over stdin/stdout + doTlsTunnel(*server, os.Stdin, os.Stdout) + } else { + // listen on a port and create tunnels for each connection + fmt.Fprintf(os.Stderr, "Listening on port %d\n", *port) + listener, err := net.Listen("tcp", fmt.Sprintf(":%d", *port)) + if err != nil { + fmt.Fprintf(os.Stderr, err.Error()) + os.Exit(1) + } + + for { + conn, err := listener.Accept() + if err != nil { + fmt.Fprintf(os.Stderr, err.Error()) + os.Exit(1) + } + + go doTlsTunnel(*server, conn, conn) + } + } case "server": boringproxy.Listen() case "client": @@ -97,3 +139,32 @@ func main() { fail(os.Args[0] + ": Invalid command " + command) } } + +func doTlsTunnel(server string, in io.Reader, out io.Writer) { + fmt.Fprintf(os.Stderr, "tuntls connecting to server: %s\n", server) + + conn, err := tls.Dial("tcp", fmt.Sprintf("%s:443", server), &tls.Config{ + //RootCAs: roots, + }) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to connect: "+err.Error()) + os.Exit(1) + } + + var wg sync.WaitGroup + wg.Add(2) + + go func() { + io.Copy(conn, in) + wg.Done() + }() + + go func() { + io.Copy(out, conn) + wg.Done() + }() + + wg.Wait() + + conn.Close() +} From 197e202d694b30d7901aa1aed9bf6ab0d8786a7d Mon Sep 17 00:00:00 2001 From: Anders Pitman Date: Thu, 24 Feb 2022 14:12:09 -0700 Subject: [PATCH 6/8] Implement raw server TLS tunnels Also cleaned up things a bit by moving the ProxyTcp logic into a separate file and sharing it between the client and server. --- api.go | 2 +- boringproxy.go | 11 +++- client.go | 98 +++------------------------------ templates/edit_tunnel.tmpl | 1 + tls_proxy.go | 108 +++++++++++++++++++++++++++++++++++++ tunnel_manager.go | 4 +- 6 files changed, 127 insertions(+), 97 deletions(-) create mode 100644 tls_proxy.go diff --git a/api.go b/api.go index d733fc0..8899370 100644 --- a/api.go +++ b/api.go @@ -374,7 +374,7 @@ func (a *Api) CreateTunnel(tokenData TokenData, params url.Values) (*Tunnel, err } tlsTerm := params.Get("tls-termination") - if tlsTerm != "server" && tlsTerm != "client" && tlsTerm != "passthrough" && tlsTerm != "client-tls" { + if tlsTerm != "server" && tlsTerm != "client" && tlsTerm != "passthrough" && tlsTerm != "client-tls" && tlsTerm != "server-tls" { return nil, errors.New("Invalid tls-termination parameter") } diff --git a/boringproxy.go b/boringproxy.go index 7bcf11c..7b77269 100644 --- a/boringproxy.go +++ b/boringproxy.go @@ -340,11 +340,11 @@ func Listen() { continue } - go p.handleConnection(conn) + go p.handleConnection(conn, certConfig) } } -func (p *Server) handleConnection(clientConn net.Conn) { +func (p *Server) handleConnection(clientConn net.Conn, certConfig *certmagic.Config) { clientHello, clientReader, err := peekClientHello(clientConn) if err != nil { @@ -358,6 +358,13 @@ func (p *Server) handleConnection(clientConn net.Conn) { if exists && (tunnel.TlsTermination == "client" || tunnel.TlsTermination == "passthrough") || tunnel.TlsTermination == "client-tls" { p.passthroughRequest(passConn, tunnel) + } else if exists && tunnel.TlsTermination == "server-tls" { + useTls := true + err := ProxyTcp(passConn, "127.0.0.1", tunnel.TunnelPort, useTls, certConfig) + if err != nil { + log.Println(err.Error()) + return + } } else { p.httpListener.PassConn(passConn) } diff --git a/client.go b/client.go index 2976cf2..9cf2d45 100644 --- a/client.go +++ b/client.go @@ -6,12 +6,10 @@ import ( "encoding/json" "errors" "fmt" - "io" "io/ioutil" "log" "net" "net/http" - "strings" "sync" "time" @@ -321,18 +319,6 @@ func (c *Client) BoreTunnel(ctx context.Context, tunnel Tunnel) error { } else { - if tunnel.TlsTermination == "client-tls" { - tlsConfig := &tls.Config{ - GetCertificate: c.certConfig.GetCertificate, - } - - tlsConfig.NextProtos = append([]string{"http/1.1", "h2", "acme-tls/1"}, tlsConfig.NextProtos...) - - tlsListener := tls.NewListener(listener, tlsConfig) - - listener = tlsListener - } - go func() { for { conn, err := listener.Accept() @@ -346,17 +332,14 @@ func (c *Client) BoreTunnel(ctx context.Context, tunnel Tunnel) error { //continue } - // If ALPN type is acme-tls/1, certmagic will do its thing under the hood, and the - // connection should not be used. - if tlsConn, ok := conn.(*tls.Conn); ok { - tlsConn.Handshake() - if tlsConn.ConnectionState().NegotiatedProtocol == "acme-tls/1" { - tlsConn.Close() - continue - } + var useTls bool + if tunnel.TlsTermination == "client-tls" { + useTls = true + } else { + useTls = false } - go c.handleConnection(conn, tunnel.ClientAddress, tunnel.ClientPort) + go ProxyTcp(conn, tunnel.ClientAddress, tunnel.ClientPort, useTls, c.certConfig) } }() } @@ -376,75 +359,6 @@ func (c *Client) BoreTunnel(ctx context.Context, tunnel Tunnel) error { return nil } -func (c *Client) handleConnection(conn net.Conn, upstreamAddr string, port int) { - - defer conn.Close() - - useTls := false - addr := upstreamAddr - - if strings.HasPrefix(upstreamAddr, "https://") { - addr = upstreamAddr[len("https://"):] - useTls = true - } - - var upstreamConn net.Conn - var err error - - if useTls { - tlsConfig := &tls.Config{ - InsecureSkipVerify: true, - } - upstreamConn, err = tls.Dial("tcp", fmt.Sprintf("%s:%d", addr, port), tlsConfig) - } else { - upstreamConn, err = net.Dial("tcp", fmt.Sprintf("%s:%d", addr, port)) - } - - if err != nil { - log.Print(err) - return - } - - defer upstreamConn.Close() - - var wg sync.WaitGroup - wg.Add(2) - - // Copy request to upstream - go func() { - _, err := io.Copy(upstreamConn, conn) - if err != nil { - log.Println(err.Error()) - } - - if c, ok := upstreamConn.(*net.TCPConn); ok { - c.CloseWrite() - } else if c, ok := upstreamConn.(*tls.Conn); ok { - c.CloseWrite() - } - - wg.Done() - }() - - // Copy response to downstream - go func() { - _, err := io.Copy(conn, upstreamConn) - //conn.(*net.TCPConn).CloseWrite() - if err != nil { - log.Println(err.Error()) - } - // TODO: I added this to fix a bug where the copy to - // upstreamConn was never closing, even though the copy to - // conn was. It seems related to persistent connections going - // idle and upstream closing the connection. I'm a bit worried - // this might not be thread safe. - conn.Close() - wg.Done() - }() - - wg.Wait() -} - func printJson(data interface{}) { d, _ := json.MarshalIndent(data, "", " ") fmt.Println(string(d)) diff --git a/templates/edit_tunnel.tmpl b/templates/edit_tunnel.tmpl index 30c3684..81a4adc 100644 --- a/templates/edit_tunnel.tmpl +++ b/templates/edit_tunnel.tmpl @@ -39,6 +39,7 @@ + diff --git a/tls_proxy.go b/tls_proxy.go new file mode 100644 index 0000000..dbc6476 --- /dev/null +++ b/tls_proxy.go @@ -0,0 +1,108 @@ +package boringproxy + +import ( + //"errors" + "crypto/tls" + "fmt" + "io" + "log" + "net" + "strings" + "sync" + + "github.com/caddyserver/certmagic" +) + +func ProxyTcp(conn net.Conn, addr string, port int, useTls bool, certConfig *certmagic.Config) error { + + if useTls { + tlsConfig := &tls.Config{ + GetCertificate: certConfig.GetCertificate, + } + + tlsConfig.NextProtos = append([]string{"http/1.1", "h2", "acme-tls/1"}, tlsConfig.NextProtos...) + + tlsConn := tls.Server(conn, tlsConfig) + + tlsConn.Handshake() + if tlsConn.ConnectionState().NegotiatedProtocol == "acme-tls/1" { + tlsConn.Close() + return nil + } + + go handleConnection(tlsConn, addr, port) + } else { + go handleConnection(conn, addr, port) + } + + return nil +} + +func handleConnection(conn net.Conn, upstreamAddr string, port int) { + + defer conn.Close() + + useTls := false + addr := upstreamAddr + + if strings.HasPrefix(upstreamAddr, "https://") { + addr = upstreamAddr[len("https://"):] + useTls = true + } + + var upstreamConn net.Conn + var err error + + if useTls { + tlsConfig := &tls.Config{ + InsecureSkipVerify: true, + } + upstreamConn, err = tls.Dial("tcp", fmt.Sprintf("%s:%d", addr, port), tlsConfig) + } else { + upstreamConn, err = net.Dial("tcp", fmt.Sprintf("%s:%d", addr, port)) + } + + if err != nil { + log.Print(err) + return + } + + defer upstreamConn.Close() + + var wg sync.WaitGroup + wg.Add(2) + + // Copy request to upstream + go func() { + _, err := io.Copy(upstreamConn, conn) + if err != nil { + log.Println(err.Error()) + } + + if c, ok := upstreamConn.(*net.TCPConn); ok { + c.CloseWrite() + } else if c, ok := upstreamConn.(*tls.Conn); ok { + c.CloseWrite() + } + + wg.Done() + }() + + // Copy response to downstream + go func() { + _, err := io.Copy(conn, upstreamConn) + //conn.(*net.TCPConn).CloseWrite() + if err != nil { + log.Println(err.Error()) + } + // TODO: I added this to fix a bug where the copy to + // upstreamConn was never closing, even though the copy to + // conn was. It seems related to persistent connections going + // idle and upstream closing the connection. I'm a bit worried + // this might not be thread safe. + conn.Close() + wg.Done() + }() + + wg.Wait() +} diff --git a/tunnel_manager.go b/tunnel_manager.go index 11efec7..7f994b1 100644 --- a/tunnel_manager.go +++ b/tunnel_manager.go @@ -35,7 +35,7 @@ func NewTunnelManager(config *Config, db *Database, certConfig *certmagic.Config if config.autoCerts { for domainName, tun := range db.GetTunnels() { - if tun.TlsTermination == "server" { + if tun.TlsTermination == "server" || tun.TlsTermination == "server-tls" { err = certConfig.ManageSync(context.Background(), []string{domainName}) if err != nil { log.Println("CertMagic error at startup") @@ -63,7 +63,7 @@ func (m *TunnelManager) RequestCreateTunnel(tunReq Tunnel) (Tunnel, error) { return Tunnel{}, errors.New("Owner required") } - if tunReq.TlsTermination == "server" { + if tunReq.TlsTermination == "server" || tunReq.TlsTermination == "server-tls" { if m.config.autoCerts { err := m.certConfig.ManageSync(context.Background(), []string{tunReq.Domain}) if err != nil { From dcb06497ad76635bddd52aa9cd135e1efb7afb2a Mon Sep 17 00:00:00 2001 From: Anders Pitman Date: Thu, 24 Feb 2022 14:33:13 -0700 Subject: [PATCH 7/8] Implement overriding SSH server per tunnel This lets you use a proxy for connecting to the SSH server, which is useful on networks that block SSH/port 22. For example you can use the boringproxy tuntls command to create a proxy that will tunnel the client's SSH connections over TLS to the server. It's all very meta and forces at least double encryption, but it could be useful. --- api.go | 18 ++++++++++++++++++ client.go | 1 + templates/edit_tunnel.tmpl | 9 +++++++++ tunnel_manager.go | 2 -- 4 files changed, 28 insertions(+), 2 deletions(-) diff --git a/api.go b/api.go index 8899370..c622527 100644 --- a/api.go +++ b/api.go @@ -378,6 +378,22 @@ func (a *Api) CreateTunnel(tokenData TokenData, params url.Values) (*Tunnel, err return nil, errors.New("Invalid tls-termination parameter") } + sshServerAddr := a.db.GetAdminDomain() + sshServerAddrParam := params.Get("ssh-server-addr") + if sshServerAddrParam != "" { + sshServerAddr = sshServerAddrParam + } + + sshServerPort := a.config.SshServerPort + sshServerPortParam := params.Get("ssh-server-port") + if sshServerPortParam != "" { + var err error + sshServerPort, err = strconv.Atoi(sshServerPortParam) + if err != nil { + return nil, errors.New("Invalid ssh-server-port parameter") + } + } + request := Tunnel{ Domain: domain, Owner: owner, @@ -389,6 +405,8 @@ func (a *Api) CreateTunnel(tokenData TokenData, params url.Values) (*Tunnel, err AuthUsername: username, AuthPassword: password, TlsTermination: tlsTerm, + ServerAddress: sshServerAddr, + ServerPort: sshServerPort, } tunnel, err := a.tunMan.RequestCreateTunnel(request) diff --git a/client.go b/client.go index 9cf2d45..dcdccb9 100644 --- a/client.go +++ b/client.go @@ -276,6 +276,7 @@ func (c *Client) BoreTunnel(ctx context.Context, tunnel Tunnel) error { } sshHost := fmt.Sprintf("%s:%d", tunnel.ServerAddress, tunnel.ServerPort) + fmt.Println(sshHost) client, err := ssh.Dial("tcp", sshHost, config) if err != nil { return errors.New(fmt.Sprintf("Failed to dial: ", err)) diff --git a/templates/edit_tunnel.tmpl b/templates/edit_tunnel.tmpl index 81a4adc..94366f2 100644 --- a/templates/edit_tunnel.tmpl +++ b/templates/edit_tunnel.tmpl @@ -59,6 +59,15 @@ +
+ + +
+
+ + +
+ diff --git a/tunnel_manager.go b/tunnel_manager.go index 7f994b1..0092a79 100644 --- a/tunnel_manager.go +++ b/tunnel_manager.go @@ -98,8 +98,6 @@ func (m *TunnelManager) RequestCreateTunnel(tunReq Tunnel) (Tunnel, error) { return Tunnel{}, err } - tunReq.ServerAddress = m.db.GetAdminDomain() - tunReq.ServerPort = m.config.SshServerPort tunReq.ServerPublicKey = "" tunReq.Username = m.user.Username tunReq.TunnelPrivateKey = privKey From da7396dc31624322d1f3567acc05fdf493e88ed7 Mon Sep 17 00:00:00 2001 From: Anders Pitman Date: Thu, 24 Feb 2022 14:51:28 -0700 Subject: [PATCH 8/8] Remove print --- client.go | 1 - 1 file changed, 1 deletion(-) diff --git a/client.go b/client.go index dcdccb9..9cf2d45 100644 --- a/client.go +++ b/client.go @@ -276,7 +276,6 @@ func (c *Client) BoreTunnel(ctx context.Context, tunnel Tunnel) error { } sshHost := fmt.Sprintf("%s:%d", tunnel.ServerAddress, tunnel.ServerPort) - fmt.Println(sshHost) client, err := ssh.Dial("tcp", sshHost, config) if err != nil { return errors.New(fmt.Sprintf("Failed to dial: ", err))