LetsEncrypt currently only supports ports 80/443 for ACME, so if
custom ports are used we need to disable automatically getting
certs.
Also changed it to only emit a warning when ports aren't
reachable from the internet, rather than failing.
Before we were pre-generating a DNS request ID every time the
add tunnel page was visited. Now we have a separate endpoint for
generating the IDs only after the user indicates they actually
want to perform a TakingNames.io domain request.
Removed unused CssId and moved members that should eventually be
removed from the API surface (ie internal values) to be together
so they're easier to identify later.
Can now bind to ports other than 80/443, using the -http-port and
-https-port arguments.
Assuming you already have the certs you need, HTTPS even works.
Unfortunately you can't get the certs automatically because
LetsEncrypt doesn't support ports other than 80/443 as far as I
know.
TakingNames.io now provides bootstrap domains, which simply
creates an A record based off the ip address of the requesting
server, without requiring any authorization. This allows
boringproxy to always use HTTPS, even when getting the admin
domain.
The requests themselves now must be retrieve from the boringproxy
server by TakingNames.io, over HTTPS. This provides several
security benefits:
* You can tell the user the request is coming from a specific
domain.
* Requests are tied to an ephemeral request-id, to prevent
prebuilt phishing links.
There is currently a single hard-coded exception for setting a
single A record for an IP address. This is needed for
bootstrapping a service that doesn't have any certs yet (ie the
boringproxy admin domain), and will need to display a big scary
message to users.
When using TakingNames.io for getting a domain for a new tunnel,
previously it redirected to the public IP of the server over HTTP.
Now uses the admin domain over HTTPS.
