jjkiers/layer4-proxy
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases 5 Activity

feat: Implement initial TLS termination and dynamic port handling (with compilation errors)

Browse Source
This commit is contained in:
Jacob Kiers
2026-02-20 21:50:59 +00:00
parent 913e50ff1c
commit 6bc6bb4d62
10 changed files with 273 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
PLAN.md Normal file
View File

@@ -0,0 +1,30 @@
## Plan for TLS Termination and Dynamic Port Handling
### Task
Modify the `l4p` (layer 4 proxy) to perform TLS termination and handle dynamic/random ports for backend services. The backend services are on a specific IPv6 address, and the user can dynamically determine the hostname of these services in the format "https://{port}.my-host". The proxy should listen on port 443 and use SNI for routing.
### Completed Actions
- Added `tokio-rustls`, `rustls-pemfile`, `anyhow` dependencies to `Cargo.toml`.
- Modified `src/config/config_v1.rs` to include `TlsTerminationConfig`, `CertificateConfig`, `SniCertificateConfig` structs and updated `ServerConfig`.
- Created `src/tls.rs` (multiple iterations due to compilation issues).
- Integrated `anyhow::Result` into various functions and imported `Context` to `src/servers/mod.rs`.
- Corrected imports in `src/main.rs`, `src/servers/mod.rs`, `src/servers/protocol/tcp.rs`.
- Removed `mod tls;` from `src/servers/protocol/mod.rs`.
- Attempted to fix various compilation errors related to `rustls` API changes, lifetime issues, and `tokio` task handling.
- Changed `handle.await??;` to explicit match for debugging purposes.
### Current State (with persistent errors)
The code currently has compilation errors, primarily related to:
1. **`src/servers/mod.rs`**: Still showing an error for `map_err` not found for unit type `()`. This arises from the complex double `Result` handling (`Result<anyhow::Result<()>, JoinError>`) when awaiting spawned tasks.
2. **`src/tls.rs`**: Facing issues with `rustls::pki_types::PrivateKeyDer` and `CertificateDer` conversions, specifically for ensuring `'static` lifetimes and incorrect method usages like `to_vec()` or `as_ref()`, or `into_owned()` methods not existing for certain types. The `borrowed data escapes outside of function` error indicates deeper lifetime mismatches.
### Next Steps (Requires Manual Intervention)
- **Refactor `src/servers/mod.rs` error handling**: The current `match handle.await` block needs to be carefully reviewed to ensure correct unwraping of the nested `Result` types and proper error propagation from `tokio::task::JoinError` to `anyhow::Error`.
- **Re-evaluate `src/tls.rs` `rustls::pki_types` usage**: A deeper understanding of `rustls-pki-types` crate and its `CertificateDer` and `PrivateKeyDer` lifetimes and conversion methods is needed. The specific error message `no method named to_vec found for struct PrivatePkcs8KeyDer` is a key indicator of incorrect usage.
- **Review `rustls` version and documentation**: It might be helpful to review the `rustls` and `tokio-rustls` documentation for version-specific changes and best practices regarding `pki_types` and asynchronous error handling.
This commit contains the work in progress as of the current session, including these unresolved errors, to allow for external review and debugging.