Commit 259af85e authored by Kamil Trzciński's avatar Kamil Trzciński

Add support for --listen-proxy

parent 78de2cf5
......@@ -15,13 +15,17 @@ var REVISION = "HEAD"
var listenHTTP = flag.String("listen-http", ":80", "The address to listen for HTTP requests")
var listenHTTPS = flag.String("listen-https", "", "The address to listen for HTTPS requests")
var listenProxy = flag.String("listen-proxy", "", "The address to listen for proxy requests")
var pagesDomain = flag.String("pages-domain", "gitlab-example.com", "The domain to serve static pages")
var pagesRootCert = flag.String("root-cert", "", "The default certificate to serve static pages")
var pagesRootKey = flag.String("root-key", "", "The default certificate to serve static pages")
var pagesRootCert = flag.String("root-cert", "", "The default path to file certificate to serve static pages")
var pagesRootKey = flag.String("root-key", "", "The default path to file certificate to serve static pages")
var serverHTTP = flag.Bool("serve-http", true, "Serve the pages under HTTP")
var http2proto = flag.Bool("http2", true, "Enable HTTP2 support")
var pagesRoot = flag.String("pages-root", "shared/pages", "The directory where pages are stored")
const XForwardedProto = "X-Forwarded-Proto"
const XForwardedProtoHttps = "https"
type theApp struct {
domains domains
}
......@@ -40,12 +44,12 @@ func (a *theApp) ServeTLS(ch *tls.ClientHelloInfo) (*tls.Certificate, error) {
return nil, nil
}
func (a *theApp) ServeHTTP(ww http.ResponseWriter, r *http.Request) {
func (a *theApp) serveContent(ww http.ResponseWriter, r *http.Request, https bool) {
w := newLoggingResponseWriter(ww)
defer w.Log(r)
// Add auto redirect
if r.TLS == nil && !*serverHTTP {
if https && !*serverHTTP {
u := *r.URL
u.Scheme = "https"
u.Host = r.Host
......@@ -67,6 +71,17 @@ func (a *theApp) ServeHTTP(ww http.ResponseWriter, r *http.Request) {
domain.ServeHTTP(&w, r)
}
func (a *theApp) ServeHTTP(ww http.ResponseWriter, r *http.Request) {
https := r.TLS != nil
a.serveContent(ww, r, https)
}
func (a *theApp) ServeProxy(ww http.ResponseWriter, r *http.Request) {
forwardedProto := r.Header.Get(XForwardedProto)
https := forwardedProto == XForwardedProtoHttps
a.serveContent(ww, r, https)
}
func (a *theApp) UpdateDomains(domains domains) {
fmt.Printf("Domains: %v", domains)
a.domains = domains
......@@ -86,7 +101,7 @@ func main() {
wg.Add(1)
go func() {
defer wg.Done()
err := ListenAndServe(*listenHTTP, &app)
err := ListenAndServe(*listenHTTP, app.ServeHTTP)
if err != nil {
log.Fatal(err)
}
......@@ -98,7 +113,19 @@ func main() {
wg.Add(1)
go func() {
defer wg.Done()
err := ListenAndServeTLS(*listenHTTPS, *pagesRootCert, *pagesRootKey, &app)
err := ListenAndServeTLS(*listenHTTPS, *pagesRootCert, *pagesRootKey, app.ServeHTTP, app.ServeTLS)
if err != nil {
log.Fatal(err)
}
}()
}
// Listen for HTTP proxy requests
if *listenProxy != "" {
wg.Add(1)
go func() {
defer wg.Done()
err := ListenAndServe(*listenProxy, app.ServeProxy)
if err != nil {
log.Fatal(err)
}
......
......@@ -6,12 +6,9 @@ import (
"net/http"
)
type TLSHandler interface {
http.Handler
ServeTLS(*tls.ClientHelloInfo) (*tls.Certificate, error)
}
type TLSHandlerFunc func(*tls.ClientHelloInfo) (*tls.Certificate, error)
func ListenAndServe(addr string, handler http.Handler) error {
func ListenAndServe(addr string, handler http.HandlerFunc) error {
// create server
server := &http.Server{Addr: addr, Handler: handler}
......@@ -25,11 +22,11 @@ func ListenAndServe(addr string, handler http.Handler) error {
return server.ListenAndServe()
}
func ListenAndServeTLS(addr string, certFile, keyFile string, handler TLSHandler) error {
func ListenAndServeTLS(addr string, certFile, keyFile string, handler http.HandlerFunc, tlsHandler TLSHandlerFunc) error {
// create server
server := &http.Server{Addr: addr, Handler: handler}
server.TLSConfig = &tls.Config{}
server.TLSConfig.GetCertificate = handler.ServeTLS
server.TLSConfig.GetCertificate = tlsHandler
if *http2proto {
err := http2.ConfigureServer(server, &http2.Server{})
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment