Add passthrough flag for proxy

[paulgb]

This adds a flag to the proxy to allow a "passthrough" SocketAddr used when a backend can't be resolved. All unknown hosts will be proxied to this backend, but it will all be TLS terminated with the same certificate, so if this is used to resolve other hostnames a custom certificate will need to be passed in which covers all of them.

Only HTTP is supported for the upstream connection.

This will close #289.

[aws-amplify-us-east-1]

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-290.d1ifbpoduxv8ai.amplifyapp.com

[rolyatmax]

From this comment

One possibility would be to allow a "fallback" address that anything that is not a current backend is proxied to. In a multi-drone context this would provide a way to display a custom page when an invalid domain is accessed.

If I'm understanding correctly, user visits status.example.com, Plane DNS sends them to a drone (?), the drone's proxy doesn't find a status backend and so proxies to the passthrough upstream? How does Plane DNS know to send status.example.com to a drone?

[paulgb]

The use case where this came up is a situation with just one Drone, where Plane DNS isn’t used at all. Instead, status.blah.blah is caught by a wildcard DNS record and sent to the IP that Plane is running on.

Another use case is custom error pages when DNS is cached (so we don’t have a chance to serve NXDOMAIN) but a backend has been swept. Currently we serve a plain 404 in this case, but this could be used to serve a custom error page.