Add HTTP proxy support for tunnel connections

[shayonj]

This PR adds support for HTTP and SOCKS proxy configurations to cloudflared tunnel connections via standard environment variables (HTTP_PROXY, HTTPS_PROXY, ALL_PROXY). This enables cloudflared to work in enterprise environments that require all outbound traffic to route through corporate proxy infrastructure.

Changes include:

• Added proxyAwareDialer struct that implements both HTTP CONNECT and SOCKS proxy protocols
• Modified rawTCPService and tcpOverWSService to use proxy.Dialer interface instead of net.Dialer
• Added proxy detection using proxy.FromEnvironmentUsing() for SOCKS proxies and http.ProxyFromEnvironment() for HTTP proxies
• There is now a createProxyDialer to make delegation easy
• DNS dialer specifically uses direct connection to avoid circular dependencies when resolving proxy hostnames
• Added tests

Proxy precedence order:

• SOCKS proxy detection via ALL_PROXY environment variable
• HTTP proxy detection via HTTP_PROXY/HTTPS_PROXY environment variables (supports both upper and lower case)

3. Direct connection fallback when no proxy is configured

Authentication support:

• Basic authentication via URL format (http://user:pass@proxy:8080)
• Proxy-Authorization headers for HTTP CONNECT method
• SOCKS4/SOCKS5 proxy support via golang.org/x/net/proxy

Usage Example:

export HTTP_PROXY="http://user:pass@proxy.corp.com:8080"
export HTTPS_PROXY="http://user:pass@proxy.corp.com:8080"

# Or SOCKS proxy
export ALL_PROXY="socks5://proxy.corp.com:1080"

./cloudflared tunnel run --credentials-file tunnel.json my-tunnel

Example:

#1076

[yash-srivastava]

Hi, will this work for quick tunnel setup as well? ./cloudflared tunnel --loglevel debug --url http://localhost:8080. Because when I ran this I was not able to see the log lines which you configured in code.

[GoncaloGarcia]

Hey! Thank you for the PR.

As discussed offline it seems like your interest is mostly the HTTP proxy? If so, we don't need to introduce support for SOCKS proxy in this PR.

Additionally, I wasn't able to verify the behavior by setting up a local instance of mitmproxy and setting the flags as your example suggests. Could you provide a script that sets up a basic example with a client + cloudflared running a tunnel + mitmproxy logging the requests?

[GoncaloGarcia]

Could you use the request struct instead and req.Write instead?

// Build CONNECT request using http.Request
    req := &http.Request{
        Method:     "CONNECT",
        URL:        &url.URL{Host: addr},
        Host:       addr,
        Proto:      "HTTP/1.1",
        ProtoMajor: 1,
        ProtoMinor: 1,
        Header:     make(http.Header),
    }

Also, is there a reason why you're hardcoding HTTP 1.1?

[GoncaloGarcia]

Could you use golang.org/x/net/http/httpproxy instead of checking for these variables manually?

[GoncaloGarcia]

Could you add some tests that use the authentication variables in the proxy URL and another for NO_PROXY?