Skip to content

Commit

Permalink
Support HTTPS
Browse files Browse the repository at this point in the history
  • Loading branch information
dima424658 committed Aug 21, 2024
1 parent cb1f39b commit aab0dd5
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 1 deletion.
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,10 @@ BindAddress = 127.0.0.1:25345
#Username = ...
# Avoid using spaces in the password field
#Password = ...
# Specifying certificate and key enables HTTPS
#CertFile = ...
#KeyFile = ...
```

Alternatively, if you already have a wireguard config, you can import it in the
Expand Down
8 changes: 8 additions & 0 deletions config.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,8 @@ type HTTPConfig struct {
BindAddress string
Username string
Password string
CertFile string
KeyFile string
}

type Configuration struct {
Expand Down Expand Up @@ -431,6 +433,12 @@ func parseHTTPConfig(section *ini.Section) (RoutineSpawner, error) {
password, _ := parseString(section, "Password")
config.Password = password

certFile, _ := parseString(section, "CertFile")
config.CertFile = certFile

keyFile, _ := parseString(section, "KeyFile")
config.KeyFile = keyFile

return config, nil
}

Expand Down
17 changes: 16 additions & 1 deletion http.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package wireproxy
import (
"bufio"
"bytes"
"crypto/tls"
"encoding/base64"
"fmt"
"io"
Expand All @@ -23,6 +24,7 @@ type HTTPServer struct {
dial func(network, address string) (net.Conn, error)

authRequired bool
tlsRequired bool
}

func (s *HTTPServer) authenticate(req *http.Request) (int, error) {
Expand Down Expand Up @@ -141,9 +143,22 @@ func (s *HTTPServer) serve(conn net.Conn) {
}()
}

func (s *HTTPServer) listen(network, addr string) (net.Listener, error) {
if s.tlsRequired {
cert, err := tls.LoadX509KeyPair(s.config.CertFile, s.config.KeyFile)
if err != nil {
return nil, err
}

return tls.Listen(network, addr, &tls.Config{Certificates: []tls.Certificate{cert}})
}

return net.Listen(network, addr)
}

// ListenAndServe is used to create a listener and serve on it
func (s *HTTPServer) ListenAndServe(network, addr string) error {
server, err := net.Listen(network, addr)
server, err := s.listen(network, addr)
if err != nil {
return fmt.Errorf("listen tcp failed: %w", err)
}
Expand Down
4 changes: 4 additions & 0 deletions routine.go
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,10 @@ func (config *HTTPConfig) SpawnRoutine(vt *VirtualTun) {
server.authRequired = true
}

if config.CertFile != "" && config.KeyFile != "" {
server.tlsRequired = true
}

if err := server.ListenAndServe("tcp", config.BindAddress); err != nil {
log.Fatal(err)
}
Expand Down

0 comments on commit aab0dd5

Please sign in to comment.