5db952a069
The requests themselves now must be retrieve from the boringproxy server by TakingNames.io, over HTTPS. This provides several security benefits: * You can tell the user the request is coming from a specific domain. * Requests are tied to an ephemeral request-id, to prevent prebuilt phishing links. There is currently a single hard-coded exception for setting a single A record for an IP address. This is needed for bootstrapping a service that doesn't have any certs yet (ie the boringproxy admin domain), and will need to display a big scary message to users.
Disclaimer
boringproxy is currently beta-quality software. While I am a big believer in open source, my primary goal at the moment is to build a sustainable business around the code I write. So for the most part I can only afford to spend time fixing problems that arise in my own usage of boringproxy. That said, feel free to create GitHub issues and I'll try to help as I have time.
What is it?
If you have a webserver running on one computer (say your development laptop), and you want to expose it securely (ie HTTPS) via a public URL, boringproxy allows you to easily do that.
NOTE: For information on downloading and running boringproxy, it's best to start on the website, boringproxy.io. The information in this README is just for building from source.
Building
git clone https://github.com/boringproxy/boringproxy
cd boringproxy
If you don't already have golang installed:
./install_go.sh
source $HOME/.bashrc
go build
Running
Server
boringproxy server -admin-domain bpdemo.brng.pro
Client
boringproxy client -server bpdemo.brng.pro -token fKFIjefKDFLEFijKDFJKELJF -client-name demo-client -user demo-user