Support Pomerium HTTP Proxy Functionality

[rorylshanks]

Is your feature request related to a problem? Please describe.

Pomerium has a somewhat undocumented mode whereby it acts as an https proxy. pomerium-cli proxy

We found this mode to me the most useful mode for us for many things, and it would be amazing if the pomerium desktop client also supported this.

Describe the solution you'd like

Describe alternatives you've considered

Explain any additional use-cases

If there are any use-cases that would help us understand the use/need/value please share them as they can help us decide on acceptance and prioritization.

Additional context

Add any other context or screenshots about the feature request here.

[desimone]

@megalan247 -- could you tell me more about your use case and tools you are using? We have been reluctant to document more broadly because it feels like an anti-pattern to the model of having every HTTP request be validated for authN/Z and context. I understand that not every tool fits nicely into the model though (e.g. kubectl vs vault).

Related PR:

• Add proxy command cli#56

[rorylshanks]

Hey,

We have an on-premise git server, which has the HTTP endpoint behind pomerium to secure it. The SSH endpoint is available publically so that people can clone repos, etc.

We have a certain situation whereby some people need to clone repos using https, as they are using software which can only speak https and not ssh. This special software can also not inject any additional headers, and also needs a specific basic auth Authorization header set, so the programmatic access function would not be suitable.

Therefore we need to have proper TLS termination, and Host headers being set, so just raw TCP passthrough wouldn't work. But the proxy function works perfectly.

Also just in general accessing HTTP APIs from a local development machine, in a standardized way.

Please let me know if you have any other questions about our use case.