introduce tls support

This commit is contained in:
Vladislav Yarmak 2020-05-24 01:18:01 +03:00
parent dcccb190de
commit b4d4505cde
3 changed files with 52 additions and 3 deletions

View File

@ -9,6 +9,7 @@ Dumbiest HTTP proxy ever.
* Zero-configuration * Zero-configuration
* Supports CONNECT method and forwarding of HTTPS connections * Supports CONNECT method and forwarding of HTTPS connections
* Supports `Basic` proxy authentication * Supports `Basic` proxy authentication
* Supports TLS operation mode (HTTP(S) proxy over TLS)
## Installation ## Installation
@ -72,6 +73,10 @@ $ ~/go/bin/dumbproxy -h
auth parameters (default "none://") auth parameters (default "none://")
-bind-address string -bind-address string
HTTP proxy listen address (default ":8080") HTTP proxy listen address (default ":8080")
-cert string
enable TLS and use certificate
-key string
key for TLS certificate
-timeout duration -timeout duration
timeout for network operations (default 10s) timeout for network operations (default 10s)
-verbosity int -verbosity int

25
main.go
View File

@ -26,6 +26,7 @@ type CLIArgs struct {
auth string auth string
verbosity int verbosity int
timeout time.Duration timeout time.Duration
cert, key string
} }
@ -36,6 +37,8 @@ func parse_args() CLIArgs {
flag.IntVar(&args.verbosity, "verbosity", 20, "logging verbosity " + flag.IntVar(&args.verbosity, "verbosity", 20, "logging verbosity " +
"(10 - debug, 20 - info, 30 - warning, 40 - error, 50 - critical)") "(10 - debug, 20 - info, 30 - warning, 40 - error, 50 - critical)")
flag.DurationVar(&args.timeout, "timeout", 10 * time.Second, "timeout for network operations") flag.DurationVar(&args.timeout, "timeout", 10 * time.Second, "timeout for network operations")
flag.StringVar(&args.cert, "cert", "", "enable TLS and use certificate")
flag.StringVar(&args.key, "key", "", "key for TLS certificate")
flag.Parse() flag.Parse()
return args return args
} }
@ -52,14 +55,30 @@ func run() int {
proxyLogger := NewCondLogger(log.New(logWriter, "PROXY : ", proxyLogger := NewCondLogger(log.New(logWriter, "PROXY : ",
log.LstdFlags | log.Lshortfile), log.LstdFlags | log.Lshortfile),
args.verbosity) args.verbosity)
mainLogger.Info("Starting proxy server...")
auth, err := NewAuth(args.auth) auth, err := NewAuth(args.auth)
if err != nil { if err != nil {
mainLogger.Critical("Failed to instantiate auth provider: %v", err) mainLogger.Critical("Failed to instantiate auth provider: %v", err)
return 3 return 3
} }
handler := NewProxyHandler(args.timeout, auth, proxyLogger)
err = http.ListenAndServe(args.bind_address, handler) var server http.Server
server.Addr = args.bind_address
server.Handler = NewProxyHandler(args.timeout, auth, proxyLogger)
server.ErrorLog = log.New(logWriter, "HTTPSRV : ", log.LstdFlags | log.Lshortfile)
mainLogger.Info("Starting proxy server...")
if args.cert != "" {
cfg, err1 := makeServerTLSConfig(args.cert, args.key, "")
if err1 != nil {
mainLogger.Critical("TLS config construction failed: %v", err)
return 3
}
server.TLSConfig = cfg
err = server.ListenAndServeTLS("", "")
} else {
err = server.ListenAndServe()
}
mainLogger.Critical("Server terminated with a reason: %v", err) mainLogger.Critical("Server terminated with a reason: %v", err)
mainLogger.Info("Shutting down...") mainLogger.Info("Shutting down...")
return 0 return 0

View File

@ -9,6 +9,9 @@ import (
"errors" "errors"
"net/http" "net/http"
"bufio" "bufio"
"crypto/tls"
"crypto/x509"
"io/ioutil"
) )
const COPY_BUF = 128 * 1024 const COPY_BUF = 128 * 1024
@ -108,3 +111,25 @@ func copyBody(wr io.Writer, body io.Reader) {
} }
} }
} }
func makeServerTLSConfig(certfile, keyfile, cafile string) (*tls.Config, error) {
var cfg tls.Config
cert, err := tls.LoadX509KeyPair(certfile, keyfile)
if err != nil {
return nil, err
}
cfg.Certificates = []tls.Certificate{cert}
if cafile != "" {
roots := x509.NewCertPool()
certs, err := ioutil.ReadFile(cafile)
if err != nil {
return nil, err
}
if ok := roots.AppendCertsFromPEM(certs); !ok {
return nil, errors.New("Failed to load CA certificates")
}
cfg.ClientCAs = roots
cfg.ClientAuth = tls.VerifyClientCertIfGiven
}
return &cfg, nil
}