M directives.go => directives.go +9 -0
@@ 94,6 94,15 @@ func parseBackend(backend *Backend, d *scfg.Directive) error {
}
switch u.Scheme {
+ case "tls":
+ host, _, err := net.SplitHostPort(u.Host)
+ if err != nil {
+ return fmt.Errorf("failed to parse backend address %q: %v", u.Host, err)
+ }
+ backend.TLSConfig = &tls.Config{
+ ServerName: host,
+ }
+ fallthrough
case "", "tcp":
backend.Network = "tcp"
backend.Address = u.Host
M server.go => server.go +7 -3
@@ 172,6 172,9 @@ func (fe *Frontend) handle(downstream net.Conn, tlsState *tls.ConnectionState) e
if err != nil {
return fmt.Errorf("failed to dial backend: %v", err)
}
+ if be.TLSConfig != nil {
+ upstream = tls.Client(upstream, be.TLSConfig)
+ }
defer upstream.Close()
if be.Proxy {
@@ 199,9 202,10 @@ func (fe *Frontend) handle(downstream net.Conn, tlsState *tls.ConnectionState) e
}
type Backend struct {
- Network string
- Address string
- Proxy bool
+ Network string
+ Address string
+ Proxy bool
+ TLSConfig *tls.Config // nil if no TLS
}
func duplexCopy(a, b io.ReadWriter) error {
M tlstunnel.1.scd => tlstunnel.1.scd +1 -0
@@ 50,6 50,7 @@ The following directives are supported:
The following URIs are supported:
- _[tcp://]<host>:<port>_ connects to a TCP server
+ - _tls://<host>:<port>_ connects to a TLS over TCP server
- _unix://<path>_ connects to a Unix socket
The _+proxy_ suffix can be added to the URI scheme to forward