Skip to content

Fix command output, proxy setup, and HTTPS forwarding #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Sep 16, 2025
Merged

Fix command output, proxy setup, and HTTPS forwarding #47

merged 7 commits into from
Sep 16, 2025

Conversation

f0ssel
Copy link
Collaborator

@f0ssel f0ssel commented Sep 16, 2025
edited by blink-so bot
Loading

Fixes multiple issues with command execution and proxy behavior:

  • Fix command output: Commands now inherit stdout/stderr/stdin from parent process
  • Fix unprivileged mode: Set HTTP_PROXY/HTTPS_PROXY environment variables for proper traffic routing
  • Fix HTTPS forwarding: Preserve HTTPS scheme when forwarding requests instead of downgrading to HTTP
  • Fix rule evaluation: Construct full URLs with hostname for accurate pattern matching

@blink-so blink-so bot changed the title F0ssel/fix stdour Fix command output, proxy setup, and HTTPS forwarding Sep 16, 2025
blink-so bot and others added 5 commits September 16, 2025 18:28
@blink-so
Fix CONNECT handling in TLS termination path
ae7f202 
CONNECT requests coming through TLS termination were incorrectly
forwarded as regular HTTP requests instead of being handled by
handleConnect. This caused 400 errors when clients used CONNECT.

The fix adds proper CONNECT detection in handleDecryptedHTTPS,
matching the behavior in handleHTTP.
@blink-so
Use http:// for HTTPS_PROXY in unprivileged mode
3329580 
HTTPS_PROXY should use http:// to establish CONNECT tunnels
to the proxy, not https://. This is the standard approach
for HTTP proxies handling HTTPS traffic via CONNECT.

The proxy will still perform TLS termination on the tunneled
connections for full request visibility.
@blink-so
Add debugging for TLS connection hangs in CONNECT handling
c6ef8d5 
- Add read timeout to detect clients that don't send HTTP requests
- Add detailed TLS connection state logging
- Better error handling for timeout scenarios

This should help diagnose why CONNECT tunnels hang after TLS handshake.
@blink-so
Fix SetReadTimeout compilation error
d9efd45 
Replace SetReadTimeout (which doesn't exist) with SetReadDeadline.
Also reset the deadline after each successful request to allow
multiple requests on the same TLS connection.
@f0ssel
fix
68c5876
@f0ssel f0ssel merged commit 00ac2f7 into main Sep 16, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evgeniy-scherbina evgeniy-scherbina Awaiting requested review from evgeniy-scherbina

@bcpeinhardt bcpeinhardt Awaiting requested review from bcpeinhardt

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@f0ssel