feat: add https support

Author: rehanvdm

API.md

@@ -78,6 +78,7 @@ export class MyStack extends cdk.Stack {
       // options: {
       //   extension: {
       //     layerVersionName: "tailscale-extension",
+      //     nodeTlsRejectUnauthorized: false, // Sets the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0'
       //   },
       //   lambda: {
       //     functionName: "tailscale-proxy",
@@ -124,6 +125,8 @@ use the [aws4](https://www.npmjs.com/package/aws4) package to sign requests.
 When calling the Proxy, include the following headers to specify the target machine:
 - `ts-target-ip`: The IP address of the Tailscale-connected machine/device.
 - `ts-target-port`: The port of the Tailscale-connected machine/device.
+- `ts-https`: OPTIONAL, if undefined, the default behaviour is to use https when the port is 443. If specified then it 
+  will override the default behaviour.
 
 These `ts-` headers are removed before the request is forwarded to the target machine.
 

README.md

@@ -1,7 +1,10 @@
 #!/bin/bash
 
 npm run default
+npm run bundle
 npm run compile
+cp assets/lambda/tailscale-proxy/index.js lib/lambda/tailscale-proxy/index.js
+
 
 # For this proxy package to be used in the -caller project
 npm link

npm-link-manual.sh

@@ -9,6 +9,7 @@ import { TailscaleLambdaExtension } from 'tailscale-lambda-extension';
 
 export interface TailscaleLambdaProxyPropsLambdaOption {
   readonly functionName?: string;
+  readonly nodeTlsRejectUnauthorized?: boolean;
 }
 
 export interface TailscaleLambdaProxyPropsOptions {
@@ -51,6 +52,7 @@ export class TailscaleLambdaProxy extends Construct {
       environment: {
         TS_SECRET_API_KEY: props.tsSecretApiKey.secretArn,
         TS_HOSTNAME: props.tsHostname,
+        ...(props.options?.lambda?.nodeTlsRejectUnauthorized === false) ? { NODE_TLS_REJECT_UNAUTHORIZED: '0' } : { },
       },
       timeout: cdk.Duration.minutes(15),
       memorySize: 256,

package-lock.json

@@ -1,4 +1,5 @@
 import * as http from 'http';
+import * as https from 'https';
 import { Metrics, MetricUnit } from '@aws-lambda-powertools/metrics';
 import {
   APIGatewayProxyEventV2, APIGatewayProxyResultV2,
@@ -7,6 +8,7 @@ import { SocksProxyAgent } from 'socks-proxy-agent';
 
 async function proxyHttpRequest(
   target: Pick<http.RequestOptions, 'hostname' | 'port' | 'agent'>,
+  isHttps: boolean | undefined,
   request: {
     path: string;
     method: string;
@@ -16,7 +18,10 @@ async function proxyHttpRequest(
 ): Promise<APIGatewayProxyResultV2> {
   return new Promise((resolve, reject) => {
     const chunks: Buffer[] = [];
-    const apiRequest = http.request({
+    const httpLib = isHttps == undefined ?
+      (target.port == 443 ? https : http) :
+      (isHttps ? https : http);
+    const apiRequest = httpLib.request({
       ...target,
       path: request.path,
       method: request.method,
@@ -58,6 +63,7 @@ export async function handler(event: APIGatewayProxyEventV2): Promise<APIGateway
   try {
     const socksProxyAgent = new SocksProxyAgent('socks://localhost:1055');
 
+    let isHttps = undefined; // Auto-detect, will be set for port 443
     if (!event.headers['ts-target-ip']) {
       return {
         statusCode: 400,
@@ -74,7 +80,9 @@ export async function handler(event: APIGatewayProxyEventV2): Promise<APIGateway
         },
       };
     }
-
+    if (event.headers['ts-https']) {
+      isHttps = event.headers['ts-https'] === 'true';
+    }
     if (event.headers['ts-metric-service']) {
       metrics = new Metrics({ namespace: 'tailscale-service', serviceName: event.headers['ts-metric-service'] });
       if (event.headers['ts-metric-dimension-name'] && event.headers['ts-metric-dimension-value']) {
@@ -95,7 +103,8 @@ export async function handler(event: APIGatewayProxyEventV2): Promise<APIGateway
       hostname: event.headers['ts-target-ip'],
       port: event.headers['ts-target-port'],
       agent: socksProxyAgent,
-    }, {
+    }, isHttps,
+    {
       path: event.requestContext.http.path,
       headers: targetHeaders,
       method: event.requestContext.http.method,