{{ define "admin-tunnel-edit-http-rule" }} {{ template "nav-sidebar" . }}
{{ template "navbar-user" . }}

HTTP/S Traffic

{{ if .UpdateTraffic }}

Update or reset the HTTP traffic, security and routing rules.

{{ else }}

Create a new HTTP traffic rule. Setup upstream server values, encryption options and any additional security mechanisms.

{{ end }}
{{ if len (.Error "client") }}
{{ .Error "client" }}
{{ end }}
{{ if len (.Error "domain") }}
{{ .Error "domain" }}
{{ end }}


{{ if len (.Error "upstreamURL") }}
{{ .Error "upstreamURL" }}
{{ end }}

{{ if len (.Error "insecureUpstream") }}
{{ .Error "insecureUpstream" }}
{{ end }}
{{ if len (.Error "destination") }}
{{ .Error "destination" }}
{{ end }}


{{ if not .DisableInspect }} {{ if len (.Error "inspect") }}
{{ .Error "inspect" }}
{{ end }}
{{ end }} {{ if len (.Error "redirect") }}
{{ .Error "redirect" }}
{{ end }}

TLS

The default TLS encryption method will utilize the Spokes server to terminate TLS. Note this is typically implemented by installing a wildcard certificate in the certs-extra directory.

Using Let's Encrypt or custom certificates will implement end-to-end encrypted traffic with the tunnel.

{{ if len (.Error "serverTLS") }}
{{ .Error "serverTLS" }}
{{ end }} {{ if .UpdateTraffic }}

Note, if you used custom certificates earlier and want to continue using them you must upload them again with the inputs below. The client will not carry past ones forward.

{{ end }}

Authentication

Users will be required to input a passphrase into a captive portal login and authenticate, restricting traffic otherwise. Resetting the password removes an existing password login. It will also remove 2FA as well.

{{ if len (.Error "password") }}
{{ .Error "password" }}
{{ end }}
{{ if len .Http.Password }}
An authentication password is already set. Leave the input fields below empty to maintain it.
{{ end }} {{ if len (.Error "oidclientid") }}
{{ .Error "oidclientid" }}
{{ end }} {{ if len (.Error "oidclientsecret") }}
{{ .Error "oidclientsecret" }}
{{ end }} {{ if len (.Error "oidproviderURL") }}
{{ .Error "oidproviderURL" }}
{{ end }} {{ if len (.Error "oidredirectURL") }}
{{ .Error "oidredirectURL" }}
{{ end }}

Optionally customize the authentication page with a title, logo and link to another website. Check the URLs you input are correct.

{{ if len (.Error "siteTitle") }}
{{ .Error "siteTitle" }}
{{ end }}

Basic-Digest

Restrict requests to tunnels using HTTP Basic-Digest that authenticates each request.

{{ if len (.Error "digestUser") }}
{{ .Error "digestUser" }}
{{ end }}

{{ if len (.Error "digestPassword") }}
{{ .Error "digestPassword" }}
{{ end }}


{{ template "firewall-traffic-edit" . }}
{{ template "menu-toggle" . }}
{{ template "loading-dialog" . }} {{ end }} {{ define "admin-tunnel-edit-tcp-rule" }} {{ template "nav-sidebar" . }}
{{ template "navbar-user" . }}

Port Traffic

Reset an existing traffic rule or update the destination for traffic.

{{ if len (.Error "client") }}
{{ .Error "client" }}
{{ end }}

{{ if len (.Error "destination") }}
{{ .Error "destination" }}
{{ end }}

{{ if len (.Error "destPort") }}
{{ .Error "destPort" }}
{{ end }}


{{ template "firewall-traffic-edit" . }}
{{ template "menu-toggle" . }}
{{ template "loading-dialog" . }} {{ end }} {{ define "firewall-traffic-edit" }} {{ $firewall := .Firewall }}
{{ if len (.Error "firewall") }}
{{ .Error "firewall" }}
{{ end }}

Firewall

Allow or restrict traffic to this TCP application using CIDR notation to identify the IPv4 or IPv6 networks. Some example networks can be the following: 1.2.3.4/16 for IP4 or 2345:0425:2CA1:0000::0000/64 for IPv6.

Note, rules must use proper sequence numbers that begin with 1, e.g. 1, 2, 3.

{{ if eq (len $firewall) 0 }} {{ end }} {{ range $i, $rule := $firewall }} {{ end }}
Sequence Action Network

No firewall rules for this traffic rule.

{{ end }}