feat: enable --https flag for HTTPS servers

loophole · Jan 7, 2021 · 5516660 · 5516660
1 parent 9c7aedc
commit 5516660
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 2 deletions.
diff --git a/cmd/http.go b/cmd/http.go
@@ -50,8 +50,8 @@ To expose port running on some local host e.g. 192.168.1.20 use 'loophole http <
 
 func init() {
 	initServeCommand(httpCmd)
-	localEndpointSpecs.HTTPS = false
-	httpCmd.Flags().BoolVar(&displayOptions.DisableProxyErrorPage, "disable-proxy-error-page", false, "disable proxy error page and return 502 when backend is not available")
+	httpCmd.Flags().BoolVar(&localEndpointSpecs.HTTPS, "https", false, "use if your server is already using HTTPS")
+	httpCmd.Flags().BoolVar(&displayOptions.DisableProxyErrorPage, "disable-proxy-error-page", false, "disable proxy error page and return 502 when your server is not available")
 
 	rootCmd.AddCommand(httpCmd)
 }
diff --git a/internal/app/loophole/loophole.go b/internal/app/loophole/loophole.go
@@ -122,6 +122,10 @@ func createTLSReverseProxy(localEndpoint lm.Endpoint, siteID string, basicAuthUs
 		serverBuilder = serverBuilder.
 			DisableProxyErrorPage()
 	}
+	if localEndpoint.Protocol == "https" {
+		serverBuilder = serverBuilder.
+			EnableInsecureHTTPSBackend()
+	}
 
 	if el := log.Debug(); el.Enabled() {
 		el.

diff --git a/internal/pkg/httpserver/httpserver.go b/internal/pkg/httpserver/httpserver.go
@@ -58,6 +58,7 @@ type ProxyServerBuilder interface {
 	ToEndpoint(lm.Endpoint) ProxyServerBuilder
 	WithBasicAuth(string, string) ProxyServerBuilder
 	DisableProxyErrorPage() ProxyServerBuilder
+	EnableInsecureHTTPSBackend() ProxyServerBuilder
 	Build() (*http.Server, error)
 }
 type proxyServerBuilder struct {
@@ -67,6 +68,7 @@ type proxyServerBuilder struct {
 	basicAuthUsername     string
 	basicAuthPassword     string
 	disableProxyErrorPage bool
+	disableCertCheck      bool
 }
 
 func (psb *proxyServerBuilder) ToEndpoint(endpoint lm.Endpoint) ProxyServerBuilder {
@@ -86,6 +88,11 @@ func (psb *proxyServerBuilder) DisableProxyErrorPage() ProxyServerBuilder {
 	return psb
 }
 
+func (psb *proxyServerBuilder) EnableInsecureHTTPSBackend() ProxyServerBuilder {
+	psb.disableCertCheck = true
+	return psb
+}
+
 func (psb *proxyServerBuilder) Build() (*http.Server, error) {
 	proxy := httputil.NewSingleHostReverseProxy(&url.URL{
 		Scheme: psb.endpoint.Protocol,
@@ -95,6 +102,12 @@ func (psb *proxyServerBuilder) Build() (*http.Server, error) {
 		proxy.ErrorHandler = proxyErrorHandler
 	}
 
+	if psb.disableCertCheck {
+		proxy.Transport = &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		}
+	}
+
 	var server *http.Server
 
 	if psb.basicAuthEnabled {