SSL frontend fixes #66
This commit is contained in:
parent
9a8d30a0b8
commit
e8eec77df4
3 changed files with 94 additions and 18 deletions
21
tests/traefik.crt
Normal file
21
tests/traefik.crt
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDXTCCAkWgAwIBAgIJAPPVb4fq4kkvMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
|
||||||
|
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
|
||||||
|
aWRnaXRzIFB0eSBMdGQwHhcNMTUxMDE5MTk0MTU4WhcNMTYxMDE4MTk0MTU4WjBF
|
||||||
|
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
|
||||||
|
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
|
||||||
|
CgKCAQEAsPnpfnUPbQxSu3oq38OaX/Q6LKZ5gnS04F8kREF2RvCDMWiKOWru+hXb
|
||||||
|
udkwU7Fx+7BcDBGsnJGFpY23dDcRurxF1DVs1jIFukH/vbYyHE8JQEgvOGSpDEiv
|
||||||
|
rfbcxqK8E/VMrI10eXYGxWzaTFWQOND2PAJ1b5JvZrrzc8rfJ7h5Q24GKnw1999t
|
||||||
|
hwsZgpUOh9te7fz1M4XxxRRoliMg0oH9EV3P9Yqq635tjWOix8PcnpcqnRKXVDhk
|
||||||
|
TcNtE+45RsPoSgM6nkiXt8HP4afaVUAGAzF41kDm94SNexcyk7gyVsLs2cEI61Eu
|
||||||
|
mhvpP3z91md+eAa3If7kU1w70WiY1wIDAQABo1AwTjAdBgNVHQ4EFgQUue6v2TkZ
|
||||||
|
1oR0ZzEnnxfKdsGuBPMwHwYDVR0jBBgwFoAUue6v2TkZ1oR0ZzEnnxfKdsGuBPMw
|
||||||
|
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAk+xxO8gC40R7+5WVtWvA
|
||||||
|
+chNsOoxKyFBOPvGzrYGQbt4OBWKrwQmMXSY3VnjY4GzVaZpOCJOxnupKfZrK4AP
|
||||||
|
G+M+NI+J6fHJRCQdov7Xoje5M14FmgjRiLg+haDZhh//11C7P6MQPAzGNUTpUyqV
|
||||||
|
Hsi/wwCYvre5bApb/4uDkDlZkLrgN4e1q8+gh6XLj8NPEOEBEI4VpMVoieC1PwnK
|
||||||
|
pRfNlTsEhyjeMmOllw9fBKMEvEf1BKsJGaKmQ7zCr1nWznCxyI1Fuf66TfmL8/up
|
||||||
|
lK6sQysLEOIgn2gZEjQz4O/9Jj9v8+TvyP4GZIDsCiv33AaeKJVuSkoeCH0Ls2V8
|
||||||
|
aQ==
|
||||||
|
-----END CERTIFICATE-----
|
28
tests/traefik.key
Normal file
28
tests/traefik.key
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCw+el+dQ9tDFK7
|
||||||
|
eirfw5pf9DospnmCdLTgXyREQXZG8IMxaIo5au76Fdu52TBTsXH7sFwMEayckYWl
|
||||||
|
jbd0NxG6vEXUNWzWMgW6Qf+9tjIcTwlASC84ZKkMSK+t9tzGorwT9UysjXR5dgbF
|
||||||
|
bNpMVZA40PY8AnVvkm9muvNzyt8nuHlDbgYqfDX3322HCxmClQ6H217t/PUzhfHF
|
||||||
|
FGiWIyDSgf0RXc/1iqrrfm2NY6LHw9yelyqdEpdUOGRNw20T7jlGw+hKAzqeSJe3
|
||||||
|
wc/hp9pVQAYDMXjWQOb3hI17FzKTuDJWwuzZwQjrUS6aG+k/fP3WZ354Brch/uRT
|
||||||
|
XDvRaJjXAgMBAAECggEAHvnvO5ojtBOXG4d7n6TuDWODFzOgSwxAaJFemK/Ykvwg
|
||||||
|
CnLg1sH3yEAxMGtqgQurBsHMqrQhQVpbSSnv9WB6MvQnSMh9H1SsGfjZWYxdYwUW
|
||||||
|
enDoCvfbevHyBgISjJYJU3j5Da7It0XIU6AE6Z2EW91/a+uGQJwh8ZpBaIAW5S2j
|
||||||
|
B3k+bASANtwEcDdhGE7iLYeHiAttZo89oSSFZP/mwh84pIU29zUVUtsUaHXrob0p
|
||||||
|
iyGXKPa8NqTvIsbX5Kh/lbbCO4KwsOqgs/eqL7cLSv2VfTmSQCJz+ikiVzcw/vJU
|
||||||
|
PaT9H4SCBLP73/Gyjf5P14esWvprPQ3ZnWNNDDGWsQKBgQDoWqxQUy6PKY9or7QH
|
||||||
|
M985y52Y0QlWdmRaLc8gxfWLU4/3Wn0NH1flkFXJ5X9uZFNoGMQpidJBajepzkNO
|
||||||
|
/54V+1NCLUWl7SE5gMeFG8QtEE7ISyjut71CUDSn5mOp7EBARmqRpMZhmXT42RZi
|
||||||
|
1zVDkG08ArKdH0Jnvkq5lWHGbwKBgQDC/IYJXkd27XZO+Ti8TdzaU+SSJV26aY++
|
||||||
|
0N4pzq0cC6IWadHugH/XrgkfH+ImPzkf6XHrCSqSipJJLZMd473/8IjdOsf54wDP
|
||||||
|
/yHKPXWhfC4W2L+6+l34Jo/ebnuDVvDme1nKLcdmxhwz4YZfg/TYbWaFzANrl3St
|
||||||
|
beGg9ENIGQKBgBr6/GtPXWauUsK7NFJpyY/yfthR3Z22nayDCTwrAHovN9ZnIYI2
|
||||||
|
k4RKoEuTZJqy96Rsy8pvAIUsCk6jbtlrgTXYOzDCBQZhZKxCsehY8wywihVj9NrT
|
||||||
|
ZxyeJ58fd48xqbxM8O78jTSkFxsWSi0sBDlWOfjv70GjcZiOVir6l6HtAoGBAJeA
|
||||||
|
MAENcQeV4AviltOwx/4Xmwx23gmeRaMklMn1HQoie9FgbU4cJ7kEL3AwjL3c99y0
|
||||||
|
vN+7Ion0A0+6iol5z8ISObVzG7gsShBSkwWZlVFgtErqJKb6K5NJGxXf0DYvkkPy
|
||||||
|
6cQup7VSDs282HRUiiSzdCpXZvztFCpAq0QtJi3ZAoGACjtJ7zEVs0hB7+sCq/SI
|
||||||
|
UHjjv/fjGSm1TVDP46Joqbm62FRdYkEhd+pGMjtGs80OhM+psTZIqe/fgKdKl5yX
|
||||||
|
nS9m6f4ny6XCcilfI3+bxXtsmWnpQnybSU2goe2n+Eoi3RcEB68Hp8U0aPjgDULM
|
||||||
|
9YDU/ZMupHh/eT79n67QIXw=
|
||||||
|
-----END PRIVATE KEY-----
|
55
traefik.go
55
traefik.go
|
@ -1,8 +1,8 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
fmtlog "log"
|
fmtlog "log"
|
||||||
"net"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
|
@ -141,7 +141,10 @@ func main() {
|
||||||
currentConfigurations = newConfigurations
|
currentConfigurations = newConfigurations
|
||||||
configurationRouter = newConfigurationRouter
|
configurationRouter = newConfigurationRouter
|
||||||
oldServer := srv
|
oldServer := srv
|
||||||
newsrv := prepareServer(configurationRouter, globalConfiguration, oldServer, loggerMiddleware, metrics)
|
newsrv, err := prepareServer(configurationRouter, globalConfiguration, oldServer, loggerMiddleware, metrics)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal("Error preparing server: ", err)
|
||||||
|
}
|
||||||
go startServer(newsrv, globalConfiguration)
|
go startServer(newsrv, globalConfiguration)
|
||||||
srv = newsrv
|
srv = newsrv
|
||||||
time.Sleep(1 * time.Second)
|
time.Sleep(1 * time.Second)
|
||||||
|
@ -208,36 +211,54 @@ func main() {
|
||||||
|
|
||||||
//negroni.Use(middlewares.NewCircuitBreaker(oxyLogger))
|
//negroni.Use(middlewares.NewCircuitBreaker(oxyLogger))
|
||||||
//negroni.Use(middlewares.NewRoutes(configurationRouter))
|
//negroni.Use(middlewares.NewRoutes(configurationRouter))
|
||||||
srv = prepareServer(configurationRouter, globalConfiguration, nil, loggerMiddleware, metrics)
|
|
||||||
|
var er error
|
||||||
|
srv, er = prepareServer(configurationRouter, globalConfiguration, nil, loggerMiddleware, metrics)
|
||||||
|
if er != nil {
|
||||||
|
log.Fatal("Error preparing server: ", er)
|
||||||
|
}
|
||||||
go startServer(srv, globalConfiguration)
|
go startServer(srv, globalConfiguration)
|
||||||
|
|
||||||
<-stopChan
|
<-stopChan
|
||||||
log.Info("Shutting down")
|
log.Info("Shutting down")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func createTLSConfig(certFile string, keyFile string) (*tls.Config, error) {
|
||||||
|
config := &tls.Config{}
|
||||||
|
if config.NextProtos == nil {
|
||||||
|
config.NextProtos = []string{"http/1.1"}
|
||||||
|
}
|
||||||
|
|
||||||
|
var err error
|
||||||
|
config.Certificates = make([]tls.Certificate, 1)
|
||||||
|
if len(certFile) > 0 && len(keyFile) > 0 {
|
||||||
|
config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
return config, nil
|
||||||
|
}
|
||||||
|
|
||||||
func startServer(srv *manners.GracefulServer, globalConfiguration *GlobalConfiguration) {
|
func startServer(srv *manners.GracefulServer, globalConfiguration *GlobalConfiguration) {
|
||||||
log.Info("Starting server")
|
log.Info("Starting server")
|
||||||
if len(globalConfiguration.CertFile) > 0 && len(globalConfiguration.KeyFile) > 0 {
|
if len(globalConfiguration.CertFile) > 0 && len(globalConfiguration.KeyFile) > 0 {
|
||||||
err := srv.ListenAndServeTLS(globalConfiguration.CertFile, globalConfiguration.KeyFile)
|
err := srv.ListenAndServeTLS(globalConfiguration.CertFile, globalConfiguration.KeyFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
netOpError, ok := err.(*net.OpError)
|
|
||||||
if ok && netOpError.Err.Error() != "use of closed network connection" {
|
|
||||||
log.Fatal("Error creating server: ", err)
|
log.Fatal("Error creating server: ", err)
|
||||||
}
|
}
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
err := srv.ListenAndServe()
|
err := srv.ListenAndServe()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
netOpError, ok := err.(*net.OpError)
|
|
||||||
if ok && netOpError.Err.Error() != "use of closed network connection" {
|
|
||||||
log.Fatal("Error creating server: ", err)
|
log.Fatal("Error creating server: ", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
log.Info("Server stopped")
|
log.Info("Server stopped")
|
||||||
}
|
}
|
||||||
|
|
||||||
func prepareServer(router *mux.Router, globalConfiguration *GlobalConfiguration, oldServer *manners.GracefulServer, middlewares ...negroni.Handler) *manners.GracefulServer {
|
func prepareServer(router *mux.Router, globalConfiguration *GlobalConfiguration, oldServer *manners.GracefulServer, middlewares ...negroni.Handler) (*manners.GracefulServer, error) {
|
||||||
log.Info("Preparing server")
|
log.Info("Preparing server")
|
||||||
// middlewares
|
// middlewares
|
||||||
var negroni = negroni.New()
|
var negroni = negroni.New()
|
||||||
|
@ -245,23 +266,29 @@ func prepareServer(router *mux.Router, globalConfiguration *GlobalConfiguration,
|
||||||
negroni.Use(middleware)
|
negroni.Use(middleware)
|
||||||
}
|
}
|
||||||
negroni.UseHandler(router)
|
negroni.UseHandler(router)
|
||||||
|
tlsConfig, err := createTLSConfig(globalConfiguration.CertFile, globalConfiguration.KeyFile)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("Error creating TLS config %s", err)
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
if oldServer == nil {
|
if oldServer == nil {
|
||||||
return manners.NewWithServer(
|
return manners.NewWithServer(
|
||||||
&http.Server{
|
&http.Server{
|
||||||
Addr: globalConfiguration.Port,
|
Addr: globalConfiguration.Port,
|
||||||
Handler: negroni,
|
Handler: negroni,
|
||||||
})
|
TLSConfig: tlsConfig,
|
||||||
|
}), nil
|
||||||
} else {
|
} else {
|
||||||
server, err := oldServer.HijackListener(&http.Server{
|
server, err := oldServer.HijackListener(&http.Server{
|
||||||
Addr: globalConfiguration.Port,
|
Addr: globalConfiguration.Port,
|
||||||
Handler: negroni,
|
Handler: negroni,
|
||||||
}, nil)
|
}, tlsConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("Error hijacking server %s", err)
|
log.Fatalf("Error hijacking server %s", err)
|
||||||
return nil
|
return nil, err
|
||||||
} else {
|
} else {
|
||||||
return server
|
return server, nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue