add tls

cmd/client/main.go

@@ -5,18 +5,28 @@ import (
 	"log"
 
 	"github.com/gotunnel/internal/client/tunnel"
+	"github.com/gotunnel/pkg/crypto"
 )
 
 func main() {
 	server := flag.String("s", "", "server address (ip:port)")
 	token := flag.String("t", "", "auth token")
 	id := flag.String("id", "", "client id (optional)")
+	noTLS := flag.Bool("no-tls", false, "disable TLS")
 	flag.Parse()
 
 	if *server == "" || *token == "" {
-		log.Fatal("Usage: client -s <server:port> -t <token> [-id <client_id>]")
+		log.Fatal("Usage: client -s <server:port> -t <token> [-id <client_id>] [-no-tls]")
 	}
 
 	client := tunnel.NewClient(*server, *token, *id)
+
+	// TLS 默认启用
+	if !*noTLS {
+		client.TLSEnabled = true
+		client.TLSConfig = crypto.ClientTLSConfig()
+		log.Printf("[Client] TLS enabled")
+	}
+
 	client.Run()
 }

cmd/server/main.go

@@ -9,6 +9,7 @@ import (
 	"github.com/gotunnel/internal/server/config"
 	"github.com/gotunnel/internal/server/db"
 	"github.com/gotunnel/internal/server/tunnel"
+	"github.com/gotunnel/pkg/crypto"
 )
 
 func main() {
@@ -38,6 +39,16 @@ func main() {
 		cfg.Server.HeartbeatTimeout,
 	)
 
+	// 配置 TLS（默认启用）
+	if !cfg.Server.TLSDisabled {
+		tlsConfig, err := crypto.GenerateTLSConfig()
+		if err != nil {
+			log.Fatalf("Generate TLS config error: %v", err)
+		}
+		server.SetTLSConfig(tlsConfig)
+		log.Printf("[Server] TLS enabled")
+	}
+
 	// 启动 Web 控制台
 	if cfg.Web.Enabled {
 		ws := app.NewWebServer(clientStore, server, cfg, *configPath)