added support for running server over TLS, bumped to v1.4.0

Author: shadowy-pycoder

README.md

@@ -97,8 +97,12 @@ GitHub: https://github.com/shadowy-pycoder/go-http-proxy-to-socks
 Usage: gohpts [OPTIONS]
 Options:
   -h    Show this help message and exit.
+  -c string
+    	Path to certificate PEM encoded file
   -d	Show logs in DEBUG mode
   -j	Show logs in JSON format
+  -k string
+    	Path to private key PEM encoded file
   -l value
     	Address of HTTP proxy server (Default: localhost:8080)
   -p	Password for SOCKS5 proxy (not echoed to terminal)
@@ -130,6 +134,12 @@ gohpts -s 1080 -l 8080 -d -j -u user -p
 SOCKS5 Password: #you will be prompted for password input here
 ```
 
+Run http proxy over TLS connection
+
+```shell
+gohpts -s 1080 -l 8080 -c "path/to/certificate" -k "path/to/private/key"
+```
+
 ## License
 
 MIT

cmd/gohpts/cli.go

@@ -63,6 +63,8 @@ func root(args []string) error {
 		}
 		return nil
 	})
+	flags.StringVar(&conf.CertFile, "c", "", "Path to certificate PEM encoded file ")
+	flags.StringVar(&conf.KeyFile, "k", "", "Path to private key PEM encoded file ")
 	flags.BoolFunc("d", "Show logs in DEBUG mode", func(flagValue string) error {
 		conf.Debug = true
 		return nil

gohpts.go

@@ -90,6 +90,8 @@ type proxyApp struct {
 	httpClient *http.Client
 	sockDialer proxy.Dialer
 	logger     *zerolog.Logger
+	certFile   string
+	keyFile    string
 }
 
 func (p *proxyApp) doReq(w http.ResponseWriter, r *http.Request, socks bool) *http.Response {
@@ -312,8 +314,14 @@ func (p *proxyApp) handler() http.HandlerFunc {
 
 func (p *proxyApp) Run() {
 	p.httpServer.Handler = p.handler()
-	if err := p.httpServer.ListenAndServe(); err != nil {
-		p.logger.Fatal().Err(err).Msg("Unable to start HTTP server")
+	if p.certFile != "" && p.keyFile != "" {
+		if err := p.httpServer.ListenAndServeTLS(p.certFile, p.keyFile); err != nil {
+			p.logger.Fatal().Err(err).Msg("Unable to start HTTPS server")
+		}
+	} else {
+		if err := p.httpServer.ListenAndServe(); err != nil {
+			p.logger.Fatal().Err(err).Msg("Unable to start HTTP server")
+		}
 	}
 }
 
@@ -324,6 +332,8 @@ type Config struct {
 	Json      bool
 	User      string
 	Pass      string
+	CertFile  string
+	KeyFile   string
 }
 
 func New(conf *Config) *proxyApp {
@@ -364,6 +374,16 @@ func New(conf *Config) *proxyApp {
 		WriteTimeout:   writeTimeout,
 		MaxHeaderBytes: 1 << 20,
 		Protocols:      new(http.Protocols),
+		TLSConfig: &tls.Config{
+			MinVersion:       tls.VersionTLS12,
+			CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
+			CipherSuites: []uint16{
+				tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+				tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+				tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+				tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+			},
+		},
 	}
 	hs.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
 	hs.Protocols.SetHTTP1(true)
@@ -376,6 +396,18 @@ func New(conf *Config) *proxyApp {
 		},
 	}
 	logger.Info().Msgf("SOCKS5 Proxy: %s", conf.AddrSOCKS)
-	logger.Info().Msgf("HTTP Proxy: %s", conf.AddrHTTP)
-	return &proxyApp{httpServer: hs, sockClient: socks, httpClient: hc, sockDialer: dialer, logger: &logger}
+	if conf.CertFile != "" && conf.KeyFile != "" {
+		logger.Info().Msgf("HTTPS Proxy: %s", conf.AddrHTTP)
+	} else {
+		logger.Info().Msgf("HTTP Proxy: %s", conf.AddrHTTP)
+	}
+	return &proxyApp{
+		httpServer: hs,
+		sockClient: socks,
+		httpClient: hc,
+		sockDialer: dialer,
+		logger:     &logger,
+		certFile:   conf.CertFile,
+		keyFile:    conf.KeyFile,
+	}
 }

version.go

@@ -1,3 +1,3 @@
 package gohpts
 
-const Version string = "gohpts v1.3.4"
+const Version string = "gohpts v1.4.0"