Basically working, but still needs:
* UI for selecting TLS passthrough
* Client Let's Encrypt integration for automatically getting certs.
* More testing. The changes were pretty invasive.
Can now put "https://" in front of Client Address to force it to
use TLS. It doesn't do any verification of the upstream cert. This
is intended to work similarly to the way ngrok does it:
https://ngrok.com/docs#http-local-https
Client seems to be working when run manually with adb shell from
/data/local/tmp/ on a Moto G Power. Server fails when trying to
write /.local for the certs.
Services like Jellyfin weren't working apparently because the upstream
requests were using chunked encoding. Reading the entire request body
and forwarding it on seems to fix it.
Also overriding the Host header for upstream requests.
* The CSS styles were leaking information about tunnels, even for
things like the login page, which can be sent to anyone.
* Tokens could be created for any user by any user.
Not sure the feature is boring enough to keep. There are some tricky
things that still need to be solved like figuring out how to let
tunnels share the same public key, since the OpenSSH server seems to
only pick up the first instance of each key in the authorized_keys
file.
Also, what happens if someone wants to use their normal SSH key for
the server for a boringproxy tunnel. I could easily introduce a bug
that would lock someone out of their server in certain corner cases.
I think adding the ability to download the private key for each tunnel
will handle most cases for now.
