v0.0.5

hieyou1 · Aug 8, 2024 · 1b0d799 · 1b0d799
1 parent e16044c
commit 1b0d799
Show file tree

Hide file tree

Showing 11 changed files with 178 additions and 86 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Changelog
 
+## v0.0.5
+
+- Add `ipFallback` to enable a default TLS configuration for those accessing the server that bypass SNI by connecting directly to its IP
+- Fix `child_procs` log type
+- Add option to serve more than one `host` per child process using an array
+- README enhancements
+
 ## v0.0.4
 
 - Add `handler` log type

diff --git a/README.md b/README.md
@@ -69,14 +69,15 @@ npm run build
 - `tcpFallback`: Set to true to enable the plaintext TCP & HTTP fallback; be sure to also set `tcpPort`.
 - `tcpPort`: Port InterTLS should listen on for `tcpFallback`. InterTLS expects plaintext HTTP traffic on this port. Usually 80. Ignored when `tcpFallback` is set to false.
 - `servers`: Array of servers for InterTLS to run, manage, and forward traffic to.
-  - `host`: Hostname of this server. Should match the server name that clients pass in for SNI, and (if using TCP fallback) the HTTP `Host` header.
+  - `host`: String or string array specifying hostname(s) of this server. Should match the server name that clients pass in for SNI and the HTTP `Host` header if using TCP fallback.
   - `tls`: TLS options for this server. Set to `{"dynamic": true}` to dynamically handle TLS, otherwise `cert`, `key`, and `requestCert` are required. `ca` and `rejectUnauthorized` are the two other options that have been tested and are explicitly defined in the schema, and YMMV with other [SecureContextOptions](https://nodejs.org/api/tls.html#tlscreatesecurecontextoptions), but feel free to try them and PR!
   - `process`: Node options for this server.
     - `main`: Node entrypoint of the server.
     - `cwd`: Working directory of the server.
     - `env` (optional): Object with environment variables to pass to the server. Defaults to {}.
     - `uid` (optional): User ID for the process. Defaults to the user of the process running InterTLS (which is probably not what you want!)
     - `gid` (optional): Group ID for the process. Defaults to the group of the process running InterTLS (which is probably not what you want!)
+- `ipFallback`: TLS configuration (see `servers.tls` above) for those accessing the server that bypass SNI by connecting directly to its IP.
 
 ## Handler options
 

diff --git a/config.json b/config.json
@@ -7,7 +7,10 @@
     "tcpPort": 80,
     "servers": [
         {
-            "host": "localhost",
+            "host": [
+                "localhost",
+                "127.0.0.1"
+            ],
             "tls": {
                 "cert": "./servers/example/cert",
                 "key": "./servers/example/key",

diff --git a/config.schema.json b/config.schema.json
@@ -2,6 +2,19 @@
   "$ref": "#/definitions/InterTLSConfiguration",
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
+    "DynamicServerTLSConfiguration": {
+      "additionalProperties": false,
+      "properties": {
+        "dynamic": {
+          "const": true,
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "dynamic"
+      ],
+      "type": "object"
+    },
     "InterTLSConfiguration": {
       "additionalProperties": false,
       "properties": {
@@ -11,6 +24,17 @@
         "encoding": {
           "$ref": "#/definitions/global.BufferEncoding"
         },
+        "ipFallback": {
+          "anyOf": [
+            {
+              "const": false,
+              "type": "boolean"
+            },
+            {
+              "$ref": "#/definitions/StaticServerTLSConfiguration"
+            }
+          ]
+        },
         "log": {
           "anyOf": [
             {
@@ -67,7 +91,17 @@
       "additionalProperties": false,
       "properties": {
         "host": {
-          "type": "string"
+          "anyOf": [
+            {
+              "type": "string"
+            },
+            {
+              "items": {
+                "type": "string"
+              },
+              "type": "array"
+            }
+          ]
         },
         "process": {
           "additionalProperties": false,
@@ -98,51 +132,7 @@
           "type": "object"
         },
         "tls": {
-          "anyOf": [
-            {
-              "additionalProperties": false,
-              "properties": {
-                "dynamic": {
-                  "const": true,
-                  "type": "boolean"
-                }
-              },
-              "required": [
-                "dynamic"
-              ],
-              "type": "object"
-            },
-            {
-              "additionalProperties": false,
-              "properties": {
-                "ca": {
-                  "type": "string"
-                },
-                "cert": {
-                  "type": "string"
-                },
-                "dynamic": {
-                  "const": false,
-                  "type": "boolean"
-                },
-                "key": {
-                  "type": "string"
-                },
-                "rejectUnauthorized": {
-                  "type": "boolean"
-                },
-                "requestCert": {
-                  "type": "boolean"
-                }
-              },
-              "required": [
-                "cert",
-                "key",
-                "requestCert"
-              ],
-              "type": "object"
-            }
-          ]
+          "$ref": "#/definitions/ServerTLSConfiguration"
         }
       },
       "required": [
@@ -152,6 +142,46 @@
       ],
       "type": "object"
     },
+    "ServerTLSConfiguration": {
+      "anyOf": [
+        {
+          "$ref": "#/definitions/DynamicServerTLSConfiguration"
+        },
+        {
+          "$ref": "#/definitions/StaticServerTLSConfiguration"
+        }
+      ]
+    },
+    "StaticServerTLSConfiguration": {
+      "additionalProperties": false,
+      "properties": {
+        "ca": {
+          "type": "string"
+        },
+        "cert": {
+          "type": "string"
+        },
+        "dynamic": {
+          "const": false,
+          "type": "boolean"
+        },
+        "key": {
+          "type": "string"
+        },
+        "rejectUnauthorized": {
+          "type": "boolean"
+        },
+        "requestCert": {
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "cert",
+        "key",
+        "requestCert"
+      ],
+      "type": "object"
+    },
     "global.BufferEncoding": {
       "enum": [
         "ascii",

diff --git a/dist/index.d.ts b/dist/index.d.ts
@@ -1,18 +1,21 @@
 import { Server as TLSServer } from 'tls';
 import { Server as TCPServer } from 'net';
 export type LogType = "newsock" | "sni" | "ipc" | "child_procs" | "init" | "handler";
+export interface DynamicServerTLSConfiguration {
+    dynamic: true;
+}
+export interface StaticServerTLSConfiguration {
+    dynamic?: false;
+    ca?: string;
+    cert: string;
+    key: string;
+    requestCert: boolean;
+    rejectUnauthorized?: boolean;
+}
+export type ServerTLSConfiguration = DynamicServerTLSConfiguration | StaticServerTLSConfiguration;
 export interface ServerConfiguration {
-    host: string;
-    tls: {
-        dynamic: true;
-    } | {
-        dynamic?: false;
-        ca?: string;
-        cert: string;
-        key: string;
-        requestCert: boolean;
-        rejectUnauthorized?: boolean;
-    };
+    host: string | string[];
+    tls: ServerTLSConfiguration;
     process: {
         main: string;
         cwd: string;
@@ -31,6 +34,7 @@ export interface InterTLSConfiguration {
     tcpPort?: string | number;
     servers: ServerConfiguration[];
     log?: boolean | LogType[];
+    ipFallback?: false | StaticServerTLSConfiguration;
 }
 export declare class InterTLS {
     private config;

diff --git a/dist/index.d.ts.map b/dist/index.d.ts.map
diff --git a/dist/index.js b/dist/index.js