Skip to content

Copy httpjail Go implementation from coder/boundary #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Sep 9, 2025
Merged

Copy httpjail Go implementation from coder/boundary #1

merged 8 commits into from
Sep 9, 2025

Conversation

blink-so[bot]
Copy link

@blink-so blink-so bot commented Sep 9, 2025

This PR copies the complete httpjail Go implementation from the blink/httpjail-go-implementation branch in coder/boundary to this repository.

Changes

  • Replaced all existing contents with the httpjail implementation
  • Includes Go modules, source code, binaries, and documentation
  • Maintains the same directory structure and functionality

Files Added/Modified

  • Complete Go implementation with netjail, proxy, rules, and TLS packages
  • Pre-built binaries for Linux and macOS
  • Updated go.mod and go.sum
  • README.md with implementation details
  • Cleanup scripts and configuration files

blink-so bot and others added 8 commits September 9, 2025 13:52
@blink-so @f0ssel
Copy httpjail Go implementation from coder/boundary
293a677 
Co-authored-by: f0ssel <19379394+f0ssel@users.noreply.github.com>
@blink-so @f0ssel
Remove boundary binaries from repository
0d8c8c8 
Co-authored-by: f0ssel <19379394+f0ssel@users.noreply.github.com>
@blink-so @f0ssel
Remove CONNECT tunneling support from HTTP proxy
a78d858 
Removes handleConnect, relayConnections functions and CONNECT method
handling from the HTTP proxy. Now only supports TLS termination
via the HTTPS proxy for content inspection.

Co-authored-by: f0ssel <19379394+f0ssel@users.noreply.github.com>
@blink-so @f0ssel
Add automatic CA certificate trust setup
f9aff32 
Adds InstallCACertificate() method that:
- Installs CA cert to /usr/local/share/ca-certificates/ (Linux)
- Runs update-ca-certificates for system-wide trust
- Sets environment variables for tool-specific trust:
  - SSL_CERT_FILE, REQUESTS_CA_BUNDLE, CURL_CA_BUNDLE, NODE_EXTRA_CA_CERTS

Gracefully handles permission errors and continues operation.
Tools inside jail will now automatically trust proxy certificates.

Co-authored-by: f0ssel <19379394+f0ssel@users.noreply.github.com>
@f0ssel
Revert "Add automatic CA certificate trust setup"
8f8add4 
This reverts commit f9aff32.
@f0ssel
remove update script
3582142
@f0ssel
update to jail naming
25e6cca
@f0ssel
edit message
08d0dd1
@f0ssel f0ssel requested a review from bcpeinhardt September 9, 2025 16:39
bcpeinhardt
bcpeinhardt approved these changes Sep 9, 2025
View reviewed changes
Copy link
Collaborator

@bcpeinhardt bcpeinhardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Early match of prototype to get us started, will do any fixes in subsequent PRs

@bcpeinhardt bcpeinhardt merged commit 7f83353 into main Sep 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bcpeinhardt bcpeinhardt bcpeinhardt approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bcpeinhardt @f0ssel