19 Commits

Author SHA1 Message Date
Owen
1c591d8f1b Merge branch 'main' into dev
Former-commit-id: e5e72ba615
2026-05-28 15:38:46 -07:00
Owen
71eb811829 Add sighup and block flag to block connections
Former-commit-id: 694a7986f5
2026-05-28 15:38:09 -07:00
rinseaid
79e21b7917 Fix X-Forwarded-Proto always set to "http" for TLS connections
httpConnCtx wraps *tls.Conn behind net.Conn, so Go's http.Server
cannot detect TLS via type assertion and r.TLS is always nil.
SetXForwarded() then always writes X-Forwarded-Proto: http.

Override using the isTLS context flag already set by ConnContext.


Former-commit-id: 817824bd6f
2026-05-13 22:38:35 -04:00
Owen
328b1aced3 Fix the redirect
Former-commit-id: 86155072de
2026-05-08 11:03:00 -07:00
Owen Schwartz
655cfa45fb Merge pull request #345 from LaurenceJJones/investigate/https-permanent-redirect-loop
fix(http): populate Request.TLS for private HTTPS via httpConnCtx

Former-commit-id: 4a9a4c4eec
2026-05-08 09:48:22 -07:00
Laurence
f871b5e324 fix(http): populate Request.TLS for private HTTPS via httpConnCtx
net/http only sets Request.TLS for *tls.Conn or conns implementing ConnectionState(). Our listener wrapped tls.Server in httpConnCtx with an embedded net.Conn, so TLS was never surfaced and r.TLS stayed nil. That triggered the HTTP→HTTPS permanent redirect on every request for HTTPS rules.

Add ConnectionState() on httpConnCtx delegating to the underlying TLS conn.
Add tests for TLS forwarding and plain TCP.


Former-commit-id: 146e7835eb
2026-05-08 15:17:31 +01:00
Laurence
85d51a300e fix(http): Set host header based on in
fix https://github.com/fosrl/pangolin/issues/2952 issue by setting the incoming host header to the outgoing one by the reverse proxy, this was the default behaviour when using single proxy but now since we use more features it now rewrites the host header


Former-commit-id: 6aa94c0c2a
2026-05-08 13:45:50 +01:00
Owen
367e4b03fe Update status code
Former-commit-id: 5090907307
2026-04-30 15:55:52 -07:00
Owen
07613ebe05 Fix incorrect redirect logic
Former-commit-id: a6533b3fa0
2026-04-29 21:11:07 -07:00
Laurence
dd735555c4 Support websocket upgrades in private HTTP proxy
Preserve optional ResponseWriter interfaces through statusCapture so httputil.ReverseProxy can hijack upgraded websocket connections. Add a regression test covering websocket traffic through the HTTP handler path.


Former-commit-id: 8e19e475bf
2026-04-29 07:12:35 +01:00
Owen
3a5ce705b8 Quiet message
Former-commit-id: 23caf57bf4
2026-04-27 20:10:35 -07:00
Owen
d28b9bbca3 Fix transport issue
Former-commit-id: bfd61ca511
2026-04-22 21:36:16 -07:00
Owen
232b3936de Try to add redirect
Former-commit-id: 294f99e024
2026-04-22 20:12:51 -07:00
Owen
3aae8264a8 Add x-forwarded-for
Former-commit-id: 26de268466
2026-04-20 15:04:59 -07:00
Owen
b3a23a719f Add logging
Former-commit-id: 12776d65c1
2026-04-11 21:56:28 -07:00
Owen
f8d8eaab2c Switch to scheme
Former-commit-id: 342af9e42d
2026-04-09 17:21:36 -04:00
Owen
90d486ca7f Pass the new data down from the websocket
Former-commit-id: 092535441e
2026-04-09 16:13:19 -04:00
Owen
aa50a339d2 Adjust to use data saved inside of the subnet rule
Former-commit-id: 5848c8d4b4
2026-04-09 16:04:11 -04:00
Owen
51c3f720fa Basic http is working
Former-commit-id: 47c646bc33
2026-04-09 11:43:26 -04:00