2017-04-17 22:47:53 +02:00
package server
2016-01-13 22:45:49 +01:00
import (
2016-08-16 16:26:10 +01:00
"context"
2016-01-13 22:45:49 +01:00
"crypto/tls"
2016-06-15 22:38:40 +02:00
"crypto/x509"
2016-01-29 20:34:17 +01:00
"encoding/json"
2017-10-10 14:50:03 +02:00
"fmt"
2016-06-15 22:38:40 +02:00
"io/ioutil"
2017-11-18 01:10:03 +01:00
stdlog "log"
2017-08-18 15:34:04 +02:00
"net"
2016-02-26 15:29:53 +01:00
"net/http"
2018-06-07 09:46:03 +02:00
"net/http/httputil"
2016-02-26 15:29:53 +01:00
"net/url"
"os"
"os/signal"
2017-04-04 02:36:23 -07:00
"sync"
2016-02-26 15:29:53 +01:00
"time"
2016-02-19 14:55:23 -08:00
2017-08-25 21:32:03 +02:00
"github.com/armon/go-proxyproto"
2016-06-03 17:58:33 +02:00
"github.com/containous/mux"
2016-08-18 13:03:10 +02:00
"github.com/containous/traefik/cluster"
2017-08-25 16:10:03 +02:00
"github.com/containous/traefik/configuration"
2018-04-23 15:30:03 +02:00
"github.com/containous/traefik/configuration/router"
2018-05-28 11:46:03 +02:00
"github.com/containous/traefik/h2c"
2016-08-18 14:20:11 +02:00
"github.com/containous/traefik/log"
2017-08-23 20:46:03 +02:00
"github.com/containous/traefik/metrics"
2016-02-24 16:43:39 +01:00
"github.com/containous/traefik/middlewares"
2017-05-09 14:02:44 +02:00
"github.com/containous/traefik/middlewares/accesslog"
2018-01-10 17:48:04 +01:00
"github.com/containous/traefik/middlewares/tracing"
2016-02-24 16:43:39 +01:00
"github.com/containous/traefik/provider"
2016-03-31 18:57:08 +02:00
"github.com/containous/traefik/safe"
2018-03-06 10:12:04 +01:00
traefiktls "github.com/containous/traefik/tls"
2016-02-24 16:43:39 +01:00
"github.com/containous/traefik/types"
2017-10-10 14:50:03 +02:00
"github.com/containous/traefik/whitelist"
2018-01-22 12:16:03 +01:00
"github.com/sirupsen/logrus"
2017-07-19 12:02:51 +02:00
"github.com/urfave/negroni"
2018-07-03 12:44:04 +02:00
"github.com/xenolf/lego/acme"
2016-01-13 22:45:49 +01:00
)
2018-04-11 16:30:04 +02:00
var httpServerLogger = stdlog . New ( log . WriterLevel ( logrus . DebugLevel ) , "" , 0 )
2016-01-13 22:46:44 +01:00
2018-07-19 17:30:06 +02:00
func newHijackConnectionTracker ( ) * hijackConnectionTracker {
return & hijackConnectionTracker {
conns : make ( map [ net . Conn ] struct { } ) ,
}
}
type hijackConnectionTracker struct {
conns map [ net . Conn ] struct { }
lock sync . RWMutex
}
// AddHijackedConnection add a connection in the tracked connections list
func ( h * hijackConnectionTracker ) AddHijackedConnection ( conn net . Conn ) {
h . lock . Lock ( )
defer h . lock . Unlock ( )
h . conns [ conn ] = struct { } { }
}
// RemoveHijackedConnection remove a connection from the tracked connections list
func ( h * hijackConnectionTracker ) RemoveHijackedConnection ( conn net . Conn ) {
h . lock . Lock ( )
defer h . lock . Unlock ( )
delete ( h . conns , conn )
}
// Shutdown wait for the connection closing
func ( h * hijackConnectionTracker ) Shutdown ( ctx context . Context ) error {
ticker := time . NewTicker ( 500 * time . Millisecond )
defer ticker . Stop ( )
for {
h . lock . RLock ( )
if len ( h . conns ) == 0 {
return nil
}
h . lock . RUnlock ( )
select {
case <- ctx . Done ( ) :
return ctx . Err ( )
case <- ticker . C :
}
}
}
// Close close all the connections in the tracked connections list
func ( h * hijackConnectionTracker ) Close ( ) {
for conn := range h . conns {
if err := conn . Close ( ) ; err != nil {
log . Errorf ( "Error while closing Hijacked conn: %v" , err )
}
delete ( h . conns , conn )
}
}
2016-01-13 22:45:49 +01:00
// Server is the reverse-proxy/load-balancer engine
type Server struct {
2017-08-18 15:34:04 +02:00
serverEntryPoints serverEntryPoints
configurationChan chan types . ConfigMessage
configurationValidatedChan chan types . ConfigMessage
signals chan os . Signal
stopChan chan bool
currentConfigurations safe . Safe
2018-01-23 12:44:03 +01:00
providerConfigUpdateMap map [ string ] chan types . ConfigMessage
2017-08-25 16:10:03 +02:00
globalConfiguration configuration . GlobalConfiguration
2017-08-18 15:34:04 +02:00
accessLoggerMiddleware * accesslog . LogHandler
2018-01-10 17:48:04 +01:00
tracingMiddleware * tracing . Tracing
2017-08-18 15:34:04 +02:00
routinesPool * safe . Pool
leadership * cluster . Leadership
defaultForwardingRoundTripper http . RoundTripper
2017-08-23 20:46:03 +02:00
metricsRegistry metrics . Registry
2018-01-29 14:58:03 +01:00
provider provider . Provider
2018-03-05 20:54:04 +01:00
configurationListeners [ ] func ( types . Configuration )
2018-04-23 15:30:03 +02:00
entryPoints map [ string ] EntryPoint
2018-06-07 09:46:03 +02:00
bufferPool httputil . BufferPool
2018-04-23 15:30:03 +02:00
}
// EntryPoint entryPoint information (configuration + internalRouter)
type EntryPoint struct {
2018-04-24 22:40:04 +02:00
InternalRouter types . InternalRouter
Configuration * configuration . EntryPoint
OnDemandListener func ( string ) ( * tls . Certificate , error )
2018-07-03 12:44:04 +02:00
TLSALPNGetter func ( string ) ( * tls . Certificate , error )
2018-04-24 22:40:04 +02:00
CertificateStore * traefiktls . CertificateStore
2016-01-13 22:45:49 +01:00
}
2016-02-25 18:30:13 +01:00
type serverEntryPoints map [ string ] * serverEntryPoint
2016-01-29 20:34:17 +01:00
type serverEntryPoint struct {
2018-07-19 17:30:06 +02:00
httpServer * h2c . Server
listener net . Listener
httpRouter * middlewares . HandlerSwitcher
certs * traefiktls . CertificateStore
onDemandListener func ( string ) ( * tls . Certificate , error )
tlsALPNGetter func ( string ) ( * tls . Certificate , error )
hijackConnectionTracker * hijackConnectionTracker
}
func ( s serverEntryPoint ) Shutdown ( ctx context . Context ) {
var wg sync . WaitGroup
wg . Add ( 1 )
go func ( ) {
defer wg . Done ( )
if err := s . httpServer . Shutdown ( ctx ) ; err != nil {
if ctx . Err ( ) == context . DeadlineExceeded {
log . Debugf ( "Wait server shutdown is over due to: %s" , err )
err = s . httpServer . Close ( )
if err != nil {
log . Error ( err )
}
}
}
} ( )
wg . Add ( 1 )
go func ( ) {
defer wg . Done ( )
if err := s . hijackConnectionTracker . Shutdown ( ctx ) ; err != nil {
if ctx . Err ( ) == context . DeadlineExceeded {
log . Debugf ( "Wait hijack connection is over due to: %s" , err )
s . hijackConnectionTracker . Close ( )
}
}
} ( )
wg . Wait ( )
2016-01-29 20:34:17 +01:00
}
2018-08-08 19:12:03 +02:00
// tcpKeepAliveListener sets TCP keep-alive timeouts on accepted
// connections.
type tcpKeepAliveListener struct {
* net . TCPListener
}
func ( ln tcpKeepAliveListener ) Accept ( ) ( net . Conn , error ) {
tc , err := ln . AcceptTCP ( )
if err != nil {
return nil , err
}
tc . SetKeepAlive ( true )
tc . SetKeepAlivePeriod ( 3 * time . Minute )
return tc , nil
}
2016-01-13 22:45:49 +01:00
// NewServer returns an initialized Server.
2018-04-23 15:30:03 +02:00
func NewServer ( globalConfiguration configuration . GlobalConfiguration , provider provider . Provider , entrypoints map [ string ] EntryPoint ) * Server {
2018-06-11 11:36:03 +02:00
server := & Server { }
2016-01-13 22:45:49 +01:00
2018-04-23 15:30:03 +02:00
server . entryPoints = entrypoints
2018-01-29 14:58:03 +01:00
server . provider = provider
2018-06-11 11:36:03 +02:00
server . globalConfiguration = globalConfiguration
2016-02-25 18:30:13 +01:00
server . serverEntryPoints = make ( map [ string ] * serverEntryPoint )
2016-05-19 20:09:01 +02:00
server . configurationChan = make ( chan types . ConfigMessage , 100 )
server . configurationValidatedChan = make ( chan types . ConfigMessage , 100 )
2016-01-29 20:34:17 +01:00
server . signals = make ( chan os . Signal , 1 )
2016-04-13 20:36:23 +02:00
server . stopChan = make ( chan bool , 1 )
2017-08-11 11:04:58 +01:00
server . configureSignals ( )
2017-08-25 16:10:03 +02:00
currentConfigurations := make ( types . Configurations )
2016-04-13 20:36:23 +02:00
server . currentConfigurations . Set ( currentConfigurations )
2018-01-23 12:44:03 +01:00
server . providerConfigUpdateMap = make ( map [ string ] chan types . ConfigMessage )
2018-06-11 11:36:03 +02:00
2017-11-09 16:12:04 +01:00
if server . globalConfiguration . API != nil {
server . globalConfiguration . API . CurrentConfigurations = & server . currentConfigurations
}
2018-06-07 09:46:03 +02:00
server . bufferPool = newBufferPool ( )
2016-08-18 13:03:10 +02:00
server . routinesPool = safe . NewPool ( context . Background ( ) )
2018-06-11 11:36:03 +02:00
transport , err := createHTTPTransport ( globalConfiguration )
if err != nil {
log . Errorf ( "failed to create HTTP transport: %v" , err )
}
server . defaultForwardingRoundTripper = transport
2017-08-18 15:34:04 +02:00
2018-01-10 17:48:04 +01:00
server . tracingMiddleware = globalConfiguration . Tracing
2018-06-11 11:36:03 +02:00
if server . tracingMiddleware != nil && server . tracingMiddleware . Backend != "" {
2018-01-10 17:48:04 +01:00
server . tracingMiddleware . Setup ( )
}
2018-01-26 11:58:03 +01:00
server . metricsRegistry = registerMetricClients ( globalConfiguration . Metrics )
2017-08-23 20:46:03 +02:00
2016-08-18 13:03:10 +02:00
if globalConfiguration . Cluster != nil {
// leadership creation if cluster mode
server . leadership = cluster . NewLeadership ( server . routinesPool . Ctx ( ) , globalConfiguration . Cluster )
}
2016-01-13 22:45:49 +01:00
2017-05-25 12:25:53 +01:00
if globalConfiguration . AccessLogsFile != "" {
globalConfiguration . AccessLog = & types . AccessLog { FilePath : globalConfiguration . AccessLogsFile , Format : accesslog . CommonFormat }
}
if globalConfiguration . AccessLog != nil {
var err error
server . accessLoggerMiddleware , err = accesslog . NewLogHandler ( globalConfiguration . AccessLog )
if err != nil {
log . Warnf ( "Unable to create log handler: %s" , err )
}
2017-05-22 20:39:29 +01:00
}
2016-01-13 22:45:49 +01:00
return server
}
2016-10-25 17:59:39 +02:00
// Start starts the server.
2017-11-24 19:18:03 +01:00
func ( s * Server ) Start ( ) {
s . startHTTPServers ( )
s . startLeadership ( )
s . routinesPool . Go ( func ( stop chan bool ) {
s . listenProviders ( stop )
2016-03-31 18:57:08 +02:00
} )
2017-11-24 19:18:03 +01:00
s . routinesPool . Go ( func ( stop chan bool ) {
s . listenConfigurations ( stop )
2016-03-31 18:57:08 +02:00
} )
2018-01-29 14:58:03 +01:00
s . startProvider ( )
2017-11-24 19:18:03 +01:00
go s . listenSignals ( )
2016-10-25 17:59:39 +02:00
}
2018-03-14 13:14:03 +01:00
// StartWithContext starts the server and Stop/Close it when context is Done
func ( s * Server ) StartWithContext ( ctx context . Context ) {
go func ( ) {
defer s . Close ( )
<- ctx . Done ( )
log . Info ( "I have to go..." )
reqAcceptGraceTimeOut := time . Duration ( s . globalConfiguration . LifeCycle . RequestAcceptGraceTimeout )
if reqAcceptGraceTimeOut > 0 {
log . Infof ( "Waiting %s for incoming requests to cease" , reqAcceptGraceTimeOut )
time . Sleep ( reqAcceptGraceTimeOut )
}
log . Info ( "Stopping server gracefully" )
s . Stop ( )
} ( )
s . Start ( )
}
2016-10-25 17:59:39 +02:00
// Wait blocks until server is shutted down.
2017-11-24 19:18:03 +01:00
func ( s * Server ) Wait ( ) {
<- s . stopChan
2016-01-13 22:45:49 +01:00
}
// Stop stops the server
2017-11-24 19:18:03 +01:00
func ( s * Server ) Stop ( ) {
2017-03-09 23:27:09 +01:00
defer log . Info ( "Server stopped" )
var wg sync . WaitGroup
2017-11-24 19:18:03 +01:00
for sepn , sep := range s . serverEntryPoints {
2017-03-09 23:27:09 +01:00
wg . Add ( 1 )
go func ( serverEntryPointName string , serverEntryPoint * serverEntryPoint ) {
defer wg . Done ( )
2017-11-24 19:18:03 +01:00
graceTimeOut := time . Duration ( s . globalConfiguration . LifeCycle . GraceTimeOut )
2017-03-27 11:51:53 +02:00
ctx , cancel := context . WithTimeout ( context . Background ( ) , graceTimeOut )
log . Debugf ( "Waiting %s seconds before killing connections on entrypoint %s..." , graceTimeOut , serverEntryPointName )
2018-07-19 17:30:06 +02:00
serverEntryPoint . Shutdown ( ctx )
2016-07-13 17:50:57 +02:00
cancel ( )
2017-03-09 23:27:09 +01:00
log . Debugf ( "Entrypoint %s closed" , serverEntryPointName )
} ( sepn , sep )
2016-01-29 20:34:17 +01:00
}
2017-03-09 23:27:09 +01:00
wg . Wait ( )
2017-11-24 19:18:03 +01:00
s . stopChan <- true
2016-01-13 22:45:49 +01:00
}
// Close destroys the server
2017-11-24 19:18:03 +01:00
func ( s * Server ) Close ( ) {
2018-03-14 13:14:03 +01:00
ctx , cancel := context . WithTimeout ( context . Background ( ) , 10 * time . Second )
2016-07-13 17:50:57 +02:00
go func ( ctx context . Context ) {
<- ctx . Done ( )
if ctx . Err ( ) == context . Canceled {
return
} else if ctx . Err ( ) == context . DeadlineExceeded {
2018-03-14 13:14:03 +01:00
panic ( "Timeout while stopping traefik, killing instance ✝" )
2016-07-13 17:50:57 +02:00
}
} ( ctx )
2017-08-23 20:46:03 +02:00
stopMetricsClients ( )
2017-11-24 19:18:03 +01:00
s . stopLeadership ( )
s . routinesPool . Cleanup ( )
close ( s . configurationChan )
close ( s . configurationValidatedChan )
signal . Stop ( s . signals )
close ( s . signals )
close ( s . stopChan )
if s . accessLoggerMiddleware != nil {
if err := s . accessLoggerMiddleware . Close ( ) ; err != nil {
2017-05-22 20:39:29 +01:00
log . Errorf ( "Error closing access log file: %s" , err )
}
}
2016-07-13 17:50:57 +02:00
cancel ( )
2016-01-13 22:45:49 +01:00
}
2017-11-24 19:18:03 +01:00
func ( s * Server ) startLeadership ( ) {
if s . leadership != nil {
s . leadership . Participate ( s . routinesPool )
2016-08-18 13:03:10 +02:00
}
}
2017-11-24 19:18:03 +01:00
func ( s * Server ) stopLeadership ( ) {
if s . leadership != nil {
s . leadership . Stop ( )
2016-08-18 13:03:10 +02:00
}
}
2017-11-24 19:18:03 +01:00
func ( s * Server ) startHTTPServers ( ) {
2018-06-11 11:36:03 +02:00
s . serverEntryPoints = s . buildServerEntryPoints ( )
2017-01-12 14:34:54 +01:00
2017-11-24 19:18:03 +01:00
for newServerEntryPointName , newServerEntryPoint := range s . serverEntryPoints {
serverEntryPoint := s . setupServerEntryPoint ( newServerEntryPointName , newServerEntryPoint )
2018-04-23 15:30:03 +02:00
go s . startServer ( serverEntryPoint )
2017-07-08 19:21:14 +09:00
}
}
2017-11-24 19:18:03 +01:00
func ( s * Server ) listenProviders ( stop chan bool ) {
2016-01-13 22:45:49 +01:00
for {
2016-04-13 20:36:23 +02:00
select {
case <- stop :
return
2017-11-24 19:18:03 +01:00
case configMsg , ok := <- s . configurationChan :
2017-11-09 12:16:03 +01:00
if ! ok || configMsg . Configuration == nil {
2016-04-13 20:36:23 +02:00
return
}
2017-11-24 19:18:03 +01:00
s . preLoadConfiguration ( configMsg )
2017-11-09 12:16:03 +01:00
}
}
}
2018-03-05 20:54:04 +01:00
// AddListener adds a new listener function used when new configuration is provided
func ( s * Server ) AddListener ( listener func ( types . Configuration ) ) {
if s . configurationListeners == nil {
s . configurationListeners = make ( [ ] func ( types . Configuration ) , 0 )
}
s . configurationListeners = append ( s . configurationListeners , listener )
}
2018-03-27 10:18:03 -04:00
// getCertificate allows to customize tlsConfig.GetCertificate behaviour to get the certificates inserted dynamically
2017-11-09 12:16:03 +01:00
func ( s * serverEntryPoint ) getCertificate ( clientHello * tls . ClientHelloInfo ) ( * tls . Certificate , error ) {
2018-07-06 02:30:03 -06:00
domainToCheck := types . CanonicalDomain ( clientHello . ServerName )
2018-07-03 12:44:04 +02:00
if s . tlsALPNGetter != nil {
cert , err := s . tlsALPNGetter ( domainToCheck )
if err != nil {
return nil , err
}
if cert != nil {
return cert , nil
}
}
2018-07-12 19:10:03 +02:00
bestCertificate := s . certs . GetBestCertificate ( clientHello )
if bestCertificate != nil {
return bestCertificate , nil
}
2018-07-06 02:30:03 -06:00
if s . onDemandListener != nil && len ( domainToCheck ) > 0 {
// Only check for an onDemandCert if there is a domain name
2018-03-05 20:54:04 +01:00
return s . onDemandListener ( domainToCheck )
}
2018-07-03 12:44:04 +02:00
2018-07-06 02:30:03 -06:00
if s . certs . SniStrict {
return nil , fmt . Errorf ( "strict SNI enabled - No certificate found for domain: %q, closing connection" , domainToCheck )
}
log . Debugf ( "Serving default cert for request: %q" , domainToCheck )
return s . certs . DefaultCertificate , nil
2016-01-13 22:45:49 +01:00
}
2018-01-29 14:58:03 +01:00
func ( s * Server ) startProvider ( ) {
2016-01-13 22:45:49 +01:00
// start providers
2018-01-29 14:58:03 +01:00
jsonConf , err := json . Marshal ( s . provider )
if err != nil {
2018-07-11 09:08:03 +02:00
log . Debugf ( "Unable to marshal provider conf %T with error: %v" , s . provider , err )
2016-01-13 22:45:49 +01:00
}
2018-07-11 09:08:03 +02:00
log . Infof ( "Starting provider %T %s" , s . provider , jsonConf )
2018-01-29 14:58:03 +01:00
currentProvider := s . provider
safe . Go ( func ( ) {
2018-07-11 09:08:03 +02:00
err := currentProvider . Provide ( s . configurationChan , s . routinesPool )
2018-01-29 14:58:03 +01:00
if err != nil {
2018-07-11 09:08:03 +02:00
log . Errorf ( "Error starting provider %T: %s" , s . provider , err )
2018-01-29 14:58:03 +01:00
}
} )
2016-01-13 22:45:49 +01:00
}
// creates a TLS config that allows terminating HTTPS for multiple domains using SNI
2018-03-06 10:12:04 +01:00
func ( s * Server ) createTLSConfig ( entryPointName string , tlsOption * traefiktls . TLS , router * middlewares . HandlerSwitcher ) ( * tls . Config , error ) {
2016-01-29 20:34:17 +01:00
if tlsOption == nil {
return nil , nil
}
2016-01-13 22:45:49 +01:00
2018-03-05 20:54:04 +01:00
config , err := tlsOption . Certificates . CreateTLSConfig ( entryPointName )
2016-06-27 12:19:14 +02:00
if err != nil {
return nil , err
2016-03-21 11:10:18 +01:00
}
2018-03-06 10:12:04 +01:00
2018-07-06 02:30:03 -06:00
s . serverEntryPoints [ entryPointName ] . certs . DynamicCerts . Set ( make ( map [ string ] * tls . Certificate ) )
2018-07-03 12:44:04 +02:00
2016-11-09 17:56:41 +01:00
// ensure http2 enabled
2018-07-03 12:44:04 +02:00
config . NextProtos = [ ] string { "h2" , "http/1.1" , acme . ACMETLS1Protocol }
2016-11-09 17:56:41 +01:00
2016-06-15 22:38:40 +02:00
if len ( tlsOption . ClientCAFiles ) > 0 {
2017-11-10 10:30:04 +01:00
log . Warnf ( "Deprecated configuration found during TLS configuration creation: %s. Please use %s (which allows to make the CA Files optional)." , "tls.ClientCAFiles" , "tls.ClientCA.files" )
tlsOption . ClientCA . Files = tlsOption . ClientCAFiles
tlsOption . ClientCA . Optional = false
}
2018-07-06 02:30:03 -06:00
2017-11-10 10:30:04 +01:00
if len ( tlsOption . ClientCA . Files ) > 0 {
2016-06-15 22:38:40 +02:00
pool := x509 . NewCertPool ( )
2017-11-10 10:30:04 +01:00
for _ , caFile := range tlsOption . ClientCA . Files {
2016-06-15 22:38:40 +02:00
data , err := ioutil . ReadFile ( caFile )
if err != nil {
return nil , err
}
ok := pool . AppendCertsFromPEM ( data )
if ! ok {
2018-06-11 11:36:03 +02:00
return nil , fmt . Errorf ( "invalid certificate(s) in %s" , caFile )
2016-06-15 22:38:40 +02:00
}
}
config . ClientCAs = pool
2017-11-10 10:30:04 +01:00
if tlsOption . ClientCA . Optional {
config . ClientAuth = tls . VerifyClientCertIfGiven
} else {
config . ClientAuth = tls . RequireAndVerifyClientCert
}
2016-06-15 22:38:40 +02:00
}
2017-11-24 19:18:03 +01:00
if s . globalConfiguration . ACME != nil {
2018-01-25 12:02:04 +01:00
if entryPointName == s . globalConfiguration . ACME . EntryPoint {
checkOnDemandDomain := func ( domain string ) bool {
routeMatch := & mux . RouteMatch { }
2018-04-23 15:30:03 +02:00
match := router . GetHandler ( ) . Match ( & http . Request { URL : & url . URL { } , Host : domain } , routeMatch )
2018-01-25 12:02:04 +01:00
if match && routeMatch . Route != nil {
return true
2016-03-21 11:10:18 +01:00
}
2018-01-25 12:02:04 +01:00
return false
}
2018-03-05 20:54:04 +01:00
2018-07-06 02:30:03 -06:00
err := s . globalConfiguration . ACME . CreateClusterConfig ( s . leadership , config , s . serverEntryPoints [ entryPointName ] . certs . DynamicCerts , checkOnDemandDomain )
2018-03-05 20:54:04 +01:00
if err != nil {
return nil , err
2016-03-21 11:10:18 +01:00
}
}
2017-11-09 12:16:03 +01:00
} else {
2017-11-24 19:18:03 +01:00
config . GetCertificate = s . serverEntryPoints [ entryPointName ] . getCertificate
2016-03-21 11:10:18 +01:00
}
2018-06-11 11:36:03 +02:00
2018-07-06 02:30:03 -06:00
if len ( config . Certificates ) != 0 {
certMap := s . buildNameOrIPToCertificate ( config . Certificates )
2018-03-05 20:54:04 +01:00
2018-07-06 02:30:03 -06:00
if s . entryPoints [ entryPointName ] . CertificateStore != nil {
s . entryPoints [ entryPointName ] . CertificateStore . StaticCerts . Set ( certMap )
}
2018-03-05 20:54:04 +01:00
}
2018-07-06 02:30:03 -06:00
// Remove certs from the TLS config object
config . Certificates = [ ] tls . Certificate { }
2018-03-05 20:54:04 +01:00
// Set the minimum TLS version if set in the config TOML
2018-04-23 15:30:03 +02:00
if minConst , exists := traefiktls . MinVersion [ s . entryPoints [ entryPointName ] . Configuration . TLS . MinVersion ] ; exists {
2016-09-20 00:06:06 -06:00
config . PreferServerCipherSuites = true
config . MinVersion = minConst
}
2018-04-23 15:30:03 +02:00
2018-03-05 20:54:04 +01:00
// Set the list of CipherSuites if set in the config TOML
2018-04-23 15:30:03 +02:00
if s . entryPoints [ entryPointName ] . Configuration . TLS . CipherSuites != nil {
2018-03-05 20:54:04 +01:00
// if our list of CipherSuites is defined in the entrypoint config, we can re-initilize the suites list as empty
2016-09-20 00:06:06 -06:00
config . CipherSuites = make ( [ ] uint16 , 0 )
2018-04-23 15:30:03 +02:00
for _ , cipher := range s . entryPoints [ entryPointName ] . Configuration . TLS . CipherSuites {
2018-03-06 10:12:04 +01:00
if cipherConst , exists := traefiktls . CipherSuites [ cipher ] ; exists {
2016-09-20 00:06:06 -06:00
config . CipherSuites = append ( config . CipherSuites , cipherConst )
} else {
2018-03-05 20:54:04 +01:00
// CipherSuite listed in the toml does not exist in our listed
2018-06-11 11:36:03 +02:00
return nil , fmt . Errorf ( "invalid CipherSuite: %s" , cipher )
2016-09-20 00:06:06 -06:00
}
}
}
2018-06-11 11:36:03 +02:00
2016-01-13 22:45:49 +01:00
return config , nil
}
2018-04-23 15:30:03 +02:00
func ( s * Server ) startServer ( serverEntryPoint * serverEntryPoint ) {
2017-08-25 21:32:03 +02:00
log . Infof ( "Starting server on %s" , serverEntryPoint . httpServer . Addr )
2018-06-11 11:36:03 +02:00
2017-03-09 23:27:09 +01:00
var err error
2017-08-25 21:32:03 +02:00
if serverEntryPoint . httpServer . TLSConfig != nil {
err = serverEntryPoint . httpServer . ServeTLS ( serverEntryPoint . listener , "" , "" )
2016-01-13 22:45:49 +01:00
} else {
2017-08-25 21:32:03 +02:00
err = serverEntryPoint . httpServer . Serve ( serverEntryPoint . listener )
2017-03-09 23:27:09 +01:00
}
2018-06-11 11:36:03 +02:00
2017-10-11 10:38:03 +02:00
if err != http . ErrServerClosed {
2017-03-09 23:27:09 +01:00
log . Error ( "Error creating server: " , err )
2016-01-13 22:45:49 +01:00
}
}
2018-06-11 11:36:03 +02:00
func ( s * Server ) setupServerEntryPoint ( newServerEntryPointName string , newServerEntryPoint * serverEntryPoint ) * serverEntryPoint {
serverMiddlewares , err := s . buildServerEntryPointMiddlewares ( newServerEntryPointName , newServerEntryPoint )
if err != nil {
log . Fatal ( "Error preparing server: " , err )
}
newSrv , listener , err := s . prepareServer ( newServerEntryPointName , s . entryPoints [ newServerEntryPointName ] . Configuration , newServerEntryPoint . httpRouter , serverMiddlewares )
if err != nil {
log . Fatal ( "Error preparing server: " , err )
}
serverEntryPoint := s . serverEntryPoints [ newServerEntryPointName ]
serverEntryPoint . httpServer = newSrv
serverEntryPoint . listener = listener
2018-07-19 17:30:06 +02:00
serverEntryPoint . hijackConnectionTracker = newHijackConnectionTracker ( )
serverEntryPoint . httpServer . ConnState = func ( conn net . Conn , state http . ConnState ) {
switch state {
case http . StateHijacked :
serverEntryPoint . hijackConnectionTracker . AddHijackedConnection ( conn )
case http . StateClosed :
serverEntryPoint . hijackConnectionTracker . RemoveHijackedConnection ( conn )
}
}
2018-06-11 11:36:03 +02:00
return serverEntryPoint
}
2018-05-28 11:46:03 +02:00
func ( s * Server ) prepareServer ( entryPointName string , entryPoint * configuration . EntryPoint , router * middlewares . HandlerSwitcher , middlewares [ ] negroni . Handler ) ( * h2c . Server , net . Listener , error ) {
2017-11-24 19:18:03 +01:00
readTimeout , writeTimeout , idleTimeout := buildServerTimeouts ( s . globalConfiguration )
2017-08-18 15:34:04 +02:00
log . Infof ( "Preparing server %s %+v with readTimeout=%s writeTimeout=%s idleTimeout=%s" , entryPointName , entryPoint , readTimeout , writeTimeout , idleTimeout )
2016-01-13 22:45:49 +01:00
// middlewares
2017-08-18 15:34:04 +02:00
n := negroni . New ( )
2016-01-13 22:45:49 +01:00
for _ , middleware := range middlewares {
2017-08-18 15:34:04 +02:00
n . Use ( middleware )
2016-01-13 22:45:49 +01:00
}
2017-08-18 15:34:04 +02:00
n . UseHandler ( router )
2018-04-23 15:30:03 +02:00
internalMuxRouter := s . buildInternalRouter ( entryPointName )
2017-11-09 16:12:04 +01:00
internalMuxRouter . NotFoundHandler = n
2017-11-24 19:18:03 +01:00
tlsConfig , err := s . createTLSConfig ( entryPointName , entryPoint . TLS , router )
2016-01-13 22:45:49 +01:00
if err != nil {
2018-06-11 11:36:03 +02:00
return nil , nil , fmt . Errorf ( "error creating TLS config: %v" , err )
2017-08-25 21:32:03 +02:00
}
listener , err := net . Listen ( "tcp" , entryPoint . Address )
if err != nil {
2018-06-11 11:36:03 +02:00
return nil , nil , fmt . Errorf ( "error opening listener: %v" , err )
2017-08-25 21:32:03 +02:00
}
2018-08-08 19:12:03 +02:00
listener = tcpKeepAliveListener { listener . ( * net . TCPListener ) }
2017-10-10 14:50:03 +02:00
if entryPoint . ProxyProtocol != nil {
2018-06-11 11:36:03 +02:00
listener , err = buildProxyProtocolListener ( entryPoint , listener )
2017-10-10 14:50:03 +02:00
if err != nil {
2018-06-11 11:36:03 +02:00
return nil , nil , err
2017-10-10 14:50:03 +02:00
}
2016-01-13 22:45:49 +01:00
}
2018-05-28 11:46:03 +02:00
return & h2c . Server {
Server : & http . Server {
Addr : entryPoint . Address ,
Handler : internalMuxRouter ,
TLSConfig : tlsConfig ,
ReadTimeout : readTimeout ,
WriteTimeout : writeTimeout ,
IdleTimeout : idleTimeout ,
ErrorLog : httpServerLogger ,
} ,
2017-08-25 21:32:03 +02:00
} ,
listener ,
nil
2016-01-13 22:45:49 +01:00
}
2018-06-11 11:36:03 +02:00
func buildProxyProtocolListener ( entryPoint * configuration . EntryPoint , listener net . Listener ) ( net . Listener , error ) {
IPs , err := whitelist . NewIP ( entryPoint . ProxyProtocol . TrustedIPs , entryPoint . ProxyProtocol . Insecure , false )
if err != nil {
return nil , fmt . Errorf ( "error creating whitelist: %s" , err )
}
log . Infof ( "Enabling ProxyProtocol for trusted IPs %v" , entryPoint . ProxyProtocol . TrustedIPs )
return & proxyproto . Listener {
Listener : listener ,
SourceCheck : func ( addr net . Addr ) ( bool , error ) {
ip , ok := addr . ( * net . TCPAddr )
if ! ok {
return false , fmt . Errorf ( "type error %v" , addr )
}
return IPs . ContainsIP ( ip . IP ) , nil
} ,
} , nil
}
2018-04-23 15:30:03 +02:00
func ( s * Server ) buildInternalRouter ( entryPointName string ) * mux . Router {
2017-11-09 16:12:04 +01:00
internalMuxRouter := mux . NewRouter ( )
internalMuxRouter . StrictSlash ( true )
internalMuxRouter . SkipClean ( true )
2018-04-23 15:30:03 +02:00
if entryPoint , ok := s . entryPoints [ entryPointName ] ; ok && entryPoint . InternalRouter != nil {
entryPoint . InternalRouter . AddRoutes ( internalMuxRouter )
2017-11-09 16:12:04 +01:00
2018-04-23 15:30:03 +02:00
if s . globalConfiguration . API != nil && s . globalConfiguration . API . EntryPoint == entryPointName && s . leadership != nil {
if s . globalConfiguration . Web != nil && s . globalConfiguration . Web . Path != "" {
rt := router . WithPrefix { Router : s . leadership , PathPrefix : s . globalConfiguration . Web . Path }
rt . AddRoutes ( internalMuxRouter )
} else {
s . leadership . AddRoutes ( internalMuxRouter )
}
}
}
2018-01-17 18:46:03 +01:00
2017-11-09 16:12:04 +01:00
return internalMuxRouter
}
2017-08-25 16:10:03 +02:00
func buildServerTimeouts ( globalConfig configuration . GlobalConfiguration ) ( readTimeout , writeTimeout , idleTimeout time . Duration ) {
2017-08-18 15:34:04 +02:00
readTimeout = time . Duration ( 0 )
writeTimeout = time . Duration ( 0 )
if globalConfig . RespondingTimeouts != nil {
readTimeout = time . Duration ( globalConfig . RespondingTimeouts . ReadTimeout )
writeTimeout = time . Duration ( globalConfig . RespondingTimeouts . WriteTimeout )
}
2017-09-20 18:14:03 +02:00
// Prefer legacy idle timeout parameter for backwards compatibility reasons
if globalConfig . IdleTimeout > 0 {
2017-08-18 15:34:04 +02:00
idleTimeout = time . Duration ( globalConfig . IdleTimeout )
2017-09-20 18:14:03 +02:00
log . Warn ( "top-level idle timeout configuration has been deprecated -- please use responding timeouts" )
} else if globalConfig . RespondingTimeouts != nil {
idleTimeout = time . Duration ( globalConfig . RespondingTimeouts . IdleTimeout )
2017-08-18 15:34:04 +02:00
} else {
2017-12-18 09:14:03 +01:00
idleTimeout = configuration . DefaultIdleTimeout
2017-08-18 15:34:04 +02:00
}
return readTimeout , writeTimeout , idleTimeout
}
2018-01-26 11:58:03 +01:00
func registerMetricClients ( metricsConfig * types . Metrics ) metrics . Registry {
if metricsConfig == nil {
return metrics . NewVoidRegistry ( )
}
2017-07-20 17:26:43 -05:00
2018-01-31 19:10:04 +01:00
var registries [ ] metrics . Registry
2017-08-23 20:46:03 +02:00
if metricsConfig . Prometheus != nil {
2018-08-03 14:02:02 +02:00
prometheusRegister := metrics . RegisterPrometheus ( metricsConfig . Prometheus )
if prometheusRegister != nil {
registries = append ( registries , prometheusRegister )
log . Debug ( "Configured Prometheus metrics" )
}
2017-08-23 20:46:03 +02:00
}
if metricsConfig . Datadog != nil {
registries = append ( registries , metrics . RegisterDatadog ( metricsConfig . Datadog ) )
log . Debugf ( "Configured DataDog metrics pushing to %s once every %s" , metricsConfig . Datadog . Address , metricsConfig . Datadog . PushInterval )
}
if metricsConfig . StatsD != nil {
registries = append ( registries , metrics . RegisterStatsd ( metricsConfig . StatsD ) )
log . Debugf ( "Configured StatsD metrics pushing to %s once every %s" , metricsConfig . StatsD . Address , metricsConfig . StatsD . PushInterval )
2017-04-18 08:22:06 +02:00
}
2017-11-08 19:44:03 +05:30
if metricsConfig . InfluxDB != nil {
registries = append ( registries , metrics . RegisterInfluxDB ( metricsConfig . InfluxDB ) )
log . Debugf ( "Configured InfluxDB metrics pushing to %s once every %s" , metricsConfig . InfluxDB . Address , metricsConfig . InfluxDB . PushInterval )
}
2017-04-18 08:22:06 +02:00
2018-01-26 11:58:03 +01:00
return metrics . NewMultiRegistry ( registries )
2017-07-20 17:26:43 -05:00
}
2017-08-23 20:46:03 +02:00
func stopMetricsClients ( ) {
metrics . StopDatadog ( )
metrics . StopStatsd ( )
2017-11-08 19:44:03 +05:30
metrics . StopInfluxDB ( )
2017-07-20 17:26:43 -05:00
}
2018-07-06 02:30:03 -06:00
func ( s * Server ) buildNameOrIPToCertificate ( certs [ ] tls . Certificate ) map [ string ] * tls . Certificate {
certMap := make ( map [ string ] * tls . Certificate )
for i := range certs {
cert := & certs [ i ]
x509Cert , err := x509 . ParseCertificate ( cert . Certificate [ 0 ] )
if err != nil {
continue
}
if len ( x509Cert . Subject . CommonName ) > 0 {
certMap [ x509Cert . Subject . CommonName ] = cert
}
for _ , san := range x509Cert . DNSNames {
certMap [ san ] = cert
}
for _ , ipSan := range x509Cert . IPAddresses {
certMap [ ipSan . String ( ) ] = cert
}
}
return certMap
}