feat: add support tls redirection for http proxy

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
2026-02-27 09:53:21 +08:00 · 2024-11-22 14:54:40 +08:00
parent b748584696
commit 089dab6de4
1 changed files with 19 additions and 1 deletions
--- a/http.go
+++ b/http.go
@@ -2,6 +2,7 @@ package main

 import (
 	"bufio"
+	"crypto/tls"
 	"encoding/binary"
 	"errors"
 	"fmt"
@@ -229,6 +230,17 @@ func listenHttpProxy(brk *broker) {
 		log.Fatal().Msg(err.Error())
 	}

+	if cfg.WebUISslCert != "" && cfg.WebUISslKey != "" {
+		crt, err := tls.LoadX509KeyPair(cfg.SslCert, cfg.SslKey)
+		if err != nil {
+			log.Fatal().Msg(err.Error())
+		}
+
+		tlsConfig := &tls.Config{Certificates: []tls.Certificate{crt}}
+
+		ln = tls.NewListener(ln, tlsConfig)
+	}
+
 	cfg.HttpProxyPort = ln.Addr().(*net.TCPAddr).Port

 	log.Info().Msgf("Listen http proxy on: %s", ln.Addr().(*net.TCPAddr))
@@ -302,7 +314,13 @@ func httpProxyRedirect(br *broker, c *gin.Context) {
 		if err != nil {
 			host = c.Request.Host
 		}
-		location = "http://" + host
+
+		if cfg.WebUISslCert != "" && cfg.WebUISslKey != "" {
+			location = "https://" + host
+		} else {
+			location = "http://" + host
+		}
+
 		if cfg.HttpProxyPort != 80 {
 			location += fmt.Sprintf(":%d", cfg.HttpProxyPort)
 		}