mirror of
https://github.com/yusing/godoxy.git
synced 2026-05-25 01:00:00 -05:00
Yuzerion
5c7838bbfe
* feat(entrypoint): multiplex HTTPS TCP routes by TLS SNI with tls_termination Add an SNI router on the shared HTTPS listener that inspects TLS ClientHello SNI, matches TCP routes by alias while honoring domain filters, and either forwards TLS end-to-end without termination or terminates with autocert before plaintext upstream relay when tls_termination is enabled. Wire TCPTCPStream and idlewatcher through ConnProxy.ProxyConn instead of inline handlers. Validate tls_termination for TCP schemes only and refresh README and config examples. Bump internal/go-oidc submodule. * fix(entrypoint,route): align SNI shared HTTPS listen addrs and gate tls_termination Compare listen addresses with SplitHostPort so empty, 0.0.0.0, and :: wildcard hosts on the HTTPS port match the proxy’s shared HTTPS address for SNI route registration, keys, and passthrough eligibility. Require tls_termination TCP routes to listen on that shared HTTPS listener; add tests for address equality and validation. * refactor(net,entrypoint,route): centralize shared HTTPS listener matching helpers Move equivalence logic next to ProxyHTTPSAddr into internal/net/listen_addr.go and use it from SNI passthrough and tls_termination validation, dropping duplicated helpers. Close the SNI listener and finish the http_server task when StartServer fails after SNI Listen. Update README examples for autocert-gated tls_termination and HTTPS_ADDR-relative ports. * feat(entrypoint,net): open SNI HTTPS listener without autocert; widen wildcard host checks Remove the autocert guard so the shared HTTPS listener still starts the SNI multiplexer for passthrough when no certificate provider is configured. Extend IsWildcardListenHost for trimmed input, host:port and bracketed IPv6, using net.ParseIP and IsUnspecified for IPv4/IPv6. Add listen_addr tests, README detail, and align SNI passthrough tests with ProxyHTTPSAddr. * fix: apply CodeRabbit auto-fixes Fixed 2 file(s) based on 2 unresolved review comments. Co-authored-by: CodeRabbit <noreply@coderabbit.ai> * test(dev,compose): add TCP echo fixture and SNI passthrough smoke test Wire `cmd/tcp_echo_server` with plaintext and self-signed TLS listeners, dev.compose labels for passthrough and `tls_termination` aliases, and `scripts/tcp_echo_test.ts` invoked by `make tcp-echo-test` via bun. --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: CodeRabbit <noreply@coderabbit.ai>