transport: add TLS support

Implement reverseproxy.TLSTransport. We go ahead and store the provided TLSConfig object, but for now we only use it to indicate that we should use TLS. We don't actually use any of the provided values to configure the client. Fixes #25 Signed-off-by: Will Norris <will@tailscale.com>
tailscale · May 17, 2024 · ff64dc8 · ff64dc8
1 parent 1ed47be
commit ff64dc8
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 10 deletions.
diff --git a/module.go b/module.go
@@ -42,11 +42,7 @@ func getPlainListener(c context.Context, _ string, addr string, _ net.ListenConf
 	if network == "" {
 		network = "tcp"
 	}
-
-	ln := &tailscaleNode{
-		Server: s.Server,
-	}
-	return ln.Listen(network, ":"+port)
+	return s.Listen(network, ":"+port)
 }
 
 func getTLSListener(c context.Context, _ string, addr string, _ net.ListenConfig) (any, error) {

diff --git a/transport.go b/transport.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/caddyserver/caddy/v2"
 	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
+	"github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy"
 )
 
 func init() {
@@ -18,6 +19,10 @@ type Transport struct {
 	Name string `json:"name,omitempty"`
 
 	node *tailscaleNode
+
+	// A non-nil TLS config enables TLS.
+	// We do not currently use the config values for anything.
+	TLS *reverseproxy.TLSConfig `json:"tls,omitempty"`
 }
 
 func (t *Transport) CaddyModule() caddy.ModuleInfo {
@@ -64,14 +69,30 @@ func (t *Transport) Cleanup() error {
 
 func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) {
 	if req.URL.Scheme == "" {
-		req.URL.Scheme = "http"
+		if t.TLSEnabled() {
+			req.URL.Scheme = "https"
+		} else {
+			req.URL.Scheme = "http"
+		}
 	}
 	return t.node.HTTPClient().Transport.RoundTrip(req)
 }
 
+// TLSEnabled returns true if TLS is enabled.
+func (h Transport) TLSEnabled() bool {
+	return h.TLS != nil
+}
+
+// EnableTLS enables TLS on the transport.
+func (h *Transport) EnableTLS(config *reverseproxy.TLSConfig) error {
+	h.TLS = config
+	return nil
+}
+
 var (
-	_ http.RoundTripper     = (*Transport)(nil)
-	_ caddy.Provisioner     = (*Transport)(nil)
-	_ caddy.CleanerUpper    = (*Transport)(nil)
-	_ caddyfile.Unmarshaler = (*Transport)(nil)
+	_ http.RoundTripper         = (*Transport)(nil)
+	_ caddy.Provisioner         = (*Transport)(nil)
+	_ caddy.CleanerUpper        = (*Transport)(nil)
+	_ caddyfile.Unmarshaler     = (*Transport)(nil)
+	_ reverseproxy.TLSTransport = (*Transport)(nil)
 )