SSL frontend fixes #66

This commit is contained in:
emile 2015-10-19 23:29:25 +02:00
parent 9a8d30a0b8
commit e8eec77df4
3 changed files with 94 additions and 18 deletions

21
tests/traefik.crt Normal file
View file

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAPPVb4fq4kkvMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTUxMDE5MTk0MTU4WhcNMTYxMDE4MTk0MTU4WjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAsPnpfnUPbQxSu3oq38OaX/Q6LKZ5gnS04F8kREF2RvCDMWiKOWru+hXb
udkwU7Fx+7BcDBGsnJGFpY23dDcRurxF1DVs1jIFukH/vbYyHE8JQEgvOGSpDEiv
rfbcxqK8E/VMrI10eXYGxWzaTFWQOND2PAJ1b5JvZrrzc8rfJ7h5Q24GKnw1999t
hwsZgpUOh9te7fz1M4XxxRRoliMg0oH9EV3P9Yqq635tjWOix8PcnpcqnRKXVDhk
TcNtE+45RsPoSgM6nkiXt8HP4afaVUAGAzF41kDm94SNexcyk7gyVsLs2cEI61Eu
mhvpP3z91md+eAa3If7kU1w70WiY1wIDAQABo1AwTjAdBgNVHQ4EFgQUue6v2TkZ
1oR0ZzEnnxfKdsGuBPMwHwYDVR0jBBgwFoAUue6v2TkZ1oR0ZzEnnxfKdsGuBPMw
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAk+xxO8gC40R7+5WVtWvA
+chNsOoxKyFBOPvGzrYGQbt4OBWKrwQmMXSY3VnjY4GzVaZpOCJOxnupKfZrK4AP
G+M+NI+J6fHJRCQdov7Xoje5M14FmgjRiLg+haDZhh//11C7P6MQPAzGNUTpUyqV
Hsi/wwCYvre5bApb/4uDkDlZkLrgN4e1q8+gh6XLj8NPEOEBEI4VpMVoieC1PwnK
pRfNlTsEhyjeMmOllw9fBKMEvEf1BKsJGaKmQ7zCr1nWznCxyI1Fuf66TfmL8/up
lK6sQysLEOIgn2gZEjQz4O/9Jj9v8+TvyP4GZIDsCiv33AaeKJVuSkoeCH0Ls2V8
aQ==
-----END CERTIFICATE-----

28
tests/traefik.key Normal file
View file

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCw+el+dQ9tDFK7
eirfw5pf9DospnmCdLTgXyREQXZG8IMxaIo5au76Fdu52TBTsXH7sFwMEayckYWl
jbd0NxG6vEXUNWzWMgW6Qf+9tjIcTwlASC84ZKkMSK+t9tzGorwT9UysjXR5dgbF
bNpMVZA40PY8AnVvkm9muvNzyt8nuHlDbgYqfDX3322HCxmClQ6H217t/PUzhfHF
FGiWIyDSgf0RXc/1iqrrfm2NY6LHw9yelyqdEpdUOGRNw20T7jlGw+hKAzqeSJe3
wc/hp9pVQAYDMXjWQOb3hI17FzKTuDJWwuzZwQjrUS6aG+k/fP3WZ354Brch/uRT
XDvRaJjXAgMBAAECggEAHvnvO5ojtBOXG4d7n6TuDWODFzOgSwxAaJFemK/Ykvwg
CnLg1sH3yEAxMGtqgQurBsHMqrQhQVpbSSnv9WB6MvQnSMh9H1SsGfjZWYxdYwUW
enDoCvfbevHyBgISjJYJU3j5Da7It0XIU6AE6Z2EW91/a+uGQJwh8ZpBaIAW5S2j
B3k+bASANtwEcDdhGE7iLYeHiAttZo89oSSFZP/mwh84pIU29zUVUtsUaHXrob0p
iyGXKPa8NqTvIsbX5Kh/lbbCO4KwsOqgs/eqL7cLSv2VfTmSQCJz+ikiVzcw/vJU
PaT9H4SCBLP73/Gyjf5P14esWvprPQ3ZnWNNDDGWsQKBgQDoWqxQUy6PKY9or7QH
M985y52Y0QlWdmRaLc8gxfWLU4/3Wn0NH1flkFXJ5X9uZFNoGMQpidJBajepzkNO
/54V+1NCLUWl7SE5gMeFG8QtEE7ISyjut71CUDSn5mOp7EBARmqRpMZhmXT42RZi
1zVDkG08ArKdH0Jnvkq5lWHGbwKBgQDC/IYJXkd27XZO+Ti8TdzaU+SSJV26aY++
0N4pzq0cC6IWadHugH/XrgkfH+ImPzkf6XHrCSqSipJJLZMd473/8IjdOsf54wDP
/yHKPXWhfC4W2L+6+l34Jo/ebnuDVvDme1nKLcdmxhwz4YZfg/TYbWaFzANrl3St
beGg9ENIGQKBgBr6/GtPXWauUsK7NFJpyY/yfthR3Z22nayDCTwrAHovN9ZnIYI2
k4RKoEuTZJqy96Rsy8pvAIUsCk6jbtlrgTXYOzDCBQZhZKxCsehY8wywihVj9NrT
ZxyeJ58fd48xqbxM8O78jTSkFxsWSi0sBDlWOfjv70GjcZiOVir6l6HtAoGBAJeA
MAENcQeV4AviltOwx/4Xmwx23gmeRaMklMn1HQoie9FgbU4cJ7kEL3AwjL3c99y0
vN+7Ion0A0+6iol5z8ISObVzG7gsShBSkwWZlVFgtErqJKb6K5NJGxXf0DYvkkPy
6cQup7VSDs282HRUiiSzdCpXZvztFCpAq0QtJi3ZAoGACjtJ7zEVs0hB7+sCq/SI
UHjjv/fjGSm1TVDP46Joqbm62FRdYkEhd+pGMjtGs80OhM+psTZIqe/fgKdKl5yX
nS9m6f4ny6XCcilfI3+bxXtsmWnpQnybSU2goe2n+Eoi3RcEB68Hp8U0aPjgDULM
9YDU/ZMupHh/eT79n67QIXw=
-----END PRIVATE KEY-----

View file

@ -1,8 +1,8 @@
package main package main
import ( import (
"crypto/tls"
fmtlog "log" fmtlog "log"
"net"
"net/http" "net/http"
"net/url" "net/url"
"os" "os"
@ -141,7 +141,10 @@ func main() {
currentConfigurations = newConfigurations currentConfigurations = newConfigurations
configurationRouter = newConfigurationRouter configurationRouter = newConfigurationRouter
oldServer := srv oldServer := srv
newsrv := prepareServer(configurationRouter, globalConfiguration, oldServer, loggerMiddleware, metrics) newsrv, err := prepareServer(configurationRouter, globalConfiguration, oldServer, loggerMiddleware, metrics)
if err != nil {
log.Fatal("Error preparing server: ", err)
}
go startServer(newsrv, globalConfiguration) go startServer(newsrv, globalConfiguration)
srv = newsrv srv = newsrv
time.Sleep(1 * time.Second) time.Sleep(1 * time.Second)
@ -208,36 +211,54 @@ func main() {
//negroni.Use(middlewares.NewCircuitBreaker(oxyLogger)) //negroni.Use(middlewares.NewCircuitBreaker(oxyLogger))
//negroni.Use(middlewares.NewRoutes(configurationRouter)) //negroni.Use(middlewares.NewRoutes(configurationRouter))
srv = prepareServer(configurationRouter, globalConfiguration, nil, loggerMiddleware, metrics)
var er error
srv, er = prepareServer(configurationRouter, globalConfiguration, nil, loggerMiddleware, metrics)
if er != nil {
log.Fatal("Error preparing server: ", er)
}
go startServer(srv, globalConfiguration) go startServer(srv, globalConfiguration)
<-stopChan <-stopChan
log.Info("Shutting down") log.Info("Shutting down")
} }
func createTLSConfig(certFile string, keyFile string) (*tls.Config, error) {
config := &tls.Config{}
if config.NextProtos == nil {
config.NextProtos = []string{"http/1.1"}
}
var err error
config.Certificates = make([]tls.Certificate, 1)
if len(certFile) > 0 && len(keyFile) > 0 {
config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
return nil, err
}
} else {
return nil, nil
}
return config, nil
}
func startServer(srv *manners.GracefulServer, globalConfiguration *GlobalConfiguration) { func startServer(srv *manners.GracefulServer, globalConfiguration *GlobalConfiguration) {
log.Info("Starting server") log.Info("Starting server")
if len(globalConfiguration.CertFile) > 0 && len(globalConfiguration.KeyFile) > 0 { if len(globalConfiguration.CertFile) > 0 && len(globalConfiguration.KeyFile) > 0 {
err := srv.ListenAndServeTLS(globalConfiguration.CertFile, globalConfiguration.KeyFile) err := srv.ListenAndServeTLS(globalConfiguration.CertFile, globalConfiguration.KeyFile)
if err != nil { if err != nil {
netOpError, ok := err.(*net.OpError)
if ok && netOpError.Err.Error() != "use of closed network connection" {
log.Fatal("Error creating server: ", err) log.Fatal("Error creating server: ", err)
} }
}
} else { } else {
err := srv.ListenAndServe() err := srv.ListenAndServe()
if err != nil { if err != nil {
netOpError, ok := err.(*net.OpError)
if ok && netOpError.Err.Error() != "use of closed network connection" {
log.Fatal("Error creating server: ", err) log.Fatal("Error creating server: ", err)
} }
} }
}
log.Info("Server stopped") log.Info("Server stopped")
} }
func prepareServer(router *mux.Router, globalConfiguration *GlobalConfiguration, oldServer *manners.GracefulServer, middlewares ...negroni.Handler) *manners.GracefulServer { func prepareServer(router *mux.Router, globalConfiguration *GlobalConfiguration, oldServer *manners.GracefulServer, middlewares ...negroni.Handler) (*manners.GracefulServer, error) {
log.Info("Preparing server") log.Info("Preparing server")
// middlewares // middlewares
var negroni = negroni.New() var negroni = negroni.New()
@ -245,23 +266,29 @@ func prepareServer(router *mux.Router, globalConfiguration *GlobalConfiguration,
negroni.Use(middleware) negroni.Use(middleware)
} }
negroni.UseHandler(router) negroni.UseHandler(router)
tlsConfig, err := createTLSConfig(globalConfiguration.CertFile, globalConfiguration.KeyFile)
if err != nil {
log.Fatalf("Error creating TLS config %s", err)
return nil, err
}
if oldServer == nil { if oldServer == nil {
return manners.NewWithServer( return manners.NewWithServer(
&http.Server{ &http.Server{
Addr: globalConfiguration.Port, Addr: globalConfiguration.Port,
Handler: negroni, Handler: negroni,
}) TLSConfig: tlsConfig,
}), nil
} else { } else {
server, err := oldServer.HijackListener(&http.Server{ server, err := oldServer.HijackListener(&http.Server{
Addr: globalConfiguration.Port, Addr: globalConfiguration.Port,
Handler: negroni, Handler: negroni,
}, nil) }, tlsConfig)
if err != nil { if err != nil {
log.Fatalf("Error hijacking server %s", err) log.Fatalf("Error hijacking server %s", err)
return nil return nil, err
} else { } else {
return server return server, nil
} }
} }
} }