Closed cfcs closed 8 years ago
this looks great, thanks... I'll merge tomorrow after I tried it somehow
Example usage for testing:
Run tlstunnel
:
user@localhost:~/tlsping (master)$ ../tlstunnel/tlstunnel.native --cert proxy.public.certificate --key proxy.secret.key --haproxy1
[2016-02-04T00:22:33Z] listener started on 0.0.0.0:4433, forwarding to 127.0.0.1:8080
[2016-02-04T00:22:52Z] 127.0.0.1:54508: connection established (TLS version 1.2, TLS_DHE_RSA_WITH_AES_256_CCM)
netcat listener:
user@localhost:~$ nc -v -l -p 8080
listening on [any] 8080 ...
connect to [127.0.0.1] from localhost [127.0.0.1] 50062
PROXY TCP4 127.0.0.1 127.0.0.1 54508 4433
connect using tlsclient:
user@localhost:~/tlsclient $ ./tlsclient.native localhost:4433
Resolves hannesm#6
This commit adds a flag (
--haproxy1
) which causes tlstunnel to send connection details to the destination upon connection.This is useful if running
nginx
,Varnish
or similar behindtlstunnel
in order to obtain the IP of the client.Example of a TCP/IPv4 connection from 127.0.0.1:39837 to 127.0.0.1:4433:
Relevant
nginx
documentation on how to use the PROXY protocol: https://www.nginx.com/resources/admin-guide/proxy-protocol/