ipn/ipnlocal: add optional TLS termination on proxied TCP connections

Updates tailscale/corp#7515

Change-Id: Ib250fa20275971563adccfa72db48e0cec02b7a5
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick
2022-11-10 21:24:22 -08:00
committed by Brad Fitzpatrick
parent 56dfdbe190
commit c9d6a9cb4d
4 changed files with 28 additions and 14 deletions
+5 -4
View File
@@ -112,10 +112,11 @@ type TCPPortHandler struct {
// It is mutually exclusive with HTTPS.
TCPForward string `json:",omitempty"`
// TerminateTLS is whether tailscaled should terminate TLS
// connections before forwarding them to TCPForward. It is only
// used if TCPForward is non-empty. (the HTTPS mode )
TerminateTLS bool `json:",omitempty"`
// TerminateTLS, if non-empty, means that tailscaled should terminate the
// TLS connections before forwarding them to TCPForward, permitting only the
// SNI name with this value. It is only used if TCPForward is non-empty.
// (the HTTPS mode uses ServeConfig.Web)
TerminateTLS string `json:",omitempty"`
}
// HTTPHandler is either a path or a proxy to serve.