-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathservices.go
116 lines (104 loc) · 2.53 KB
/
services.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
package main
import (
"crypto/tls"
log "github.com/Sirupsen/logrus"
"strings"
)
type TLSConfig map[string]string
type ServiceConfig struct {
Front string
Back string
FrontConfig TLSConfig
BackConfig TLSConfig
}
type ServicePack []ServiceConfig
func (service_pack ServicePack) run() {
log.WithFields(log.Fields{
"service_count": len(service_pack),
}).Info("proxyd starting")
listener_failed := make(chan error)
for _, service_config := range service_pack {
go listenAndProxy(service_config, listener_failed)
}
for i := 0; i < len(service_pack); i++ {
service_error := <-listener_failed
log.WithFields(log.Fields{
"error": service_error,
}).Warn("service died")
}
log.Fatal("all services died")
}
func listenAndProxy(config ServiceConfig, failed chan error) {
front_tls_config, err := populateTLSConfig(config.FrontConfig)
if err != nil {
log.WithFields(log.Fields{
"error": err.Error(),
}).Error("error populating front TLS configuration")
}
back_tls_config, err := populateTLSConfig(config.BackConfig)
if err != nil {
log.WithFields(log.Fields{
"error": err.Error(),
}).Error("error populating back TLS configuration")
}
listener, err := listenAny(config.Front, front_tls_config)
if err != nil {
failed <- err
return
}
for {
conn, err := listener.Accept()
if err != nil {
log.WithFields(log.Fields{
"error": err.Error(),
}).Info("unable to accept connection")
failed <- err
return
} else {
go proxyBack(conn, config.Back, back_tls_config)
}
}
}
func populateTLSConfig(tls_config TLSConfig) (tls.Config, error) {
config := tls.Config{}
if len(tls_config) == 0 {
return config, nil
}
cert_data := ""
key_data := ""
insecure := false
for tls_config_key, value := range tls_config {
if tls_config_key == "CERT" {
cert_data = value
} else if tls_config_key == "KEY" {
key_data = value
} else if tls_config_key == "InsecureSkipVerify" {
insecure = value == "true"
} else if tls_config_key == "NextProtos" {
config.NextProtos = strings.Split(value, ",")
}
}
if cert_data != "" && key_data != "" {
certificate, err := tls.X509KeyPair(
[]byte(cert_data),
[]byte(key_data),
)
if err != nil {
return config, err
}
config.Certificates = []tls.Certificate{certificate}
}
if insecure {
config.InsecureSkipVerify = true
}
// root CAs
// cypher suites
// PreferServerCipherSuites
// SessionTicketsDisabled
// SessionTicketKey
// MinVersion
// MaxVersion
// CurvePreferences
// DynamicRecordSizingDisabled
return config, nil
}