Add support for an HTTP reverse proxy

[eric]

I've found that some services care about the Host: header that is used for HTTP requests, so this provides a way to modify it.

[markpash]

Hi @eric I think it's super useful to have the ability to do things like this, but I feel other tools like nginx/traefik/caddy can do a much better job at it than we can, so I don't really know where to draw the line with features to add to the sidecar.

Would we only support plain HTTP? Would we do HTTPS? If we do HTTPS, do we proxy on SNI or terminate TLS? If we terminate TLS do we give the user the ability to configure TLS ciphers etc... I don't want to add features that would just end up re-implementing some other software with less flexibility. Could you provide some justification and how this feature helps you? Thanks!

[eric]

For my specific case, Speedify has a webserver that is embedded in it that has a very simplistic authentication scheme that denies anything that doesn't have a Host: header of localhost.

I would say keep implementing those things as people have the need to spend the effort to implement them. This is a fun and interesting tool that will have limited appeal but also may and up being useful for people in interesting circumstances.

[axsuul]

This would also be valuable for me. For example, Traefik has its own Web UI that can be served on HTTP port 8081 and I'd like to be able to tunnel to it via tailscale-sidecar. So it's kind of meta and using another Traefik instance to access this wouldn't make sense.