Etusivu Tutki Apua
Kirjaudu sisään
universai
/
masyunis
1
0
Haarauta 0
Tiedostot Esitykset 0 Vetopyynnöt 0 Wiki
Puu: 37107940ef
Haarat Tunnisteet
masyunis
/
test
/
cmd
/
relayd
/
main.go

main.go 2.7 KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124 
  1. package main
    2. 

  2. 

  3. import (
    4. 

  4. 	"context"
    5. 

  5. 	"flag"
    6. 

  6. 	"log"
    7. 

  7. 	"log/slog"
    8. 

  8. 	"net"
    9. 

  9. 	"net/http"
    10. 

  10. 	"net/http/httputil"
    11. 

  11. 	"net/url"
    12. 

  12. 	"os"
    13. 

  13. 	"path/filepath"
    14. 

  14. 	"strings"
    15. 

  15. 	"time"
    16. 

  16. 

  17. 	"github.com/TecharoHQ/anubis/internal"
    18. 

  18. 	"github.com/facebookgo/flagenv"
    19. 

  19. 	"github.com/google/uuid"
    20. 

  20. )
    21. 

  21. 

  22. var (
    23. 

  23. 	bind      = flag.String("bind", ":3004", "port to listen on")
    24. 

  24. 	certDir   = flag.String("cert-dir", "/xe/pki", "where to read mounted certificates from")
    25. 

  25. 	certFname = flag.String("cert-fname", "cert.pem", "certificate filename")
    26. 

  26. 	keyFname  = flag.String("key-fname", "key.pem", "key filename")
    27. 

  27. 	proxyTo   = flag.String("proxy-to", "http://localhost:5000", "where to reverse proxy to")
    28. 

  28. 	slogLevel = flag.String("slog-level", "info", "logging level")
    29. 

  29. )
    30. 

  30. 

  31. func main() {
    32. 

  32. 	flagenv.Parse()
    33. 

  33. 	flag.Parse()
    34. 

  34. 

  35. 	internal.InitSlog(*slogLevel)
    36. 

  36. 

  37. 	slog.Info("starting",
    38. 

  38. 		"bind", *bind,
    39. 

  39. 		"cert-dir", *certDir,
    40. 

  40. 		"cert-fname", *certFname,
    41. 

  41. 		"key-fname", *keyFname,
    42. 

  42. 		"proxy-to", *proxyTo,
    43. 

  43. 	)
    44. 

  44. 

  45. 	cert := filepath.Join(*certDir, *certFname)
    46. 

  46. 	key := filepath.Join(*certDir, *keyFname)
    47. 

  47. 

  48. 	st, err := os.Stat(cert)
    49. 

  49. 

  50. 	if err != nil {
    51. 

  51. 		slog.Error("can't stat cert file", "certFname", cert)
    52. 

  52. 		os.Exit(1)
    53. 

  53. 	}
    54. 

  54. 

  55. 	lastModified := st.ModTime()
    56. 

  56. 

  57. 	go func(lm time.Time) {
    58. 

  58. 		t := time.NewTicker(time.Hour)
    59. 

  59. 		defer t.Stop()
    60. 

  60. 

  61. 		for range t.C {
    62. 

  62. 			st, err := os.Stat(cert)
    63. 

  63. 			if err != nil {
    64. 

  64. 				slog.Error("can't stat file", "fname", cert, "err", err)
    65. 

  65. 				continue
    66. 

  66. 			}
    67. 

  67. 

  68. 			if st.ModTime().After(lm) {
    69. 

  69. 				slog.Info("new cert detected", "oldTime", lm.Format(time.RFC3339), "newTime", st.ModTime().Format(time.RFC3339))
    70. 

  70. 				os.Exit(0)
    71. 

  71. 			}
    72. 

  72. 		}
    73. 

  73. 	}(lastModified)
    74. 

  74. 

  75. 	u, err := url.Parse(*proxyTo)
    76. 

  76. 	if err != nil {
    77. 

  77. 		log.Fatal(err)
    78. 

  78. 	}
    79. 

  79. 

  80. 	h := httputil.NewSingleHostReverseProxy(u)
    81. 

  81. 

  82. 	if u.Scheme == "unix" {
    83. 

  83. 		slog.Info("using unix socket proxy")
    84. 

  84. 

  85. 		h = &httputil.ReverseProxy{
    86. 

  86. 			Director: func(r *http.Request) {
    87. 

  87. 				r.URL.Scheme = "http"
    88. 

  88. 				r.URL.Host = r.Host
    89. 

  89. 

  90. 				r.Header.Set("X-Forwarded-Proto", "https")
    91. 

  91. 				r.Header.Set("X-Forwarded-Scheme", "https")
    92. 

  92. 				r.Header.Set("X-Request-Id", uuid.NewString())
    93. 

  93. 				r.Header.Set("X-Scheme", "https")
    94. 

  94. 

  95. 				remoteHost, remotePort, err := net.SplitHostPort(r.Host)
    96. 

  96. 				if err == nil {
    97. 

  97. 					r.Header.Set("X-Forwarded-Host", remoteHost)
    98. 

  98. 					r.Header.Set("X-Forwarded-Port", remotePort)
    99. 

  99. 				} else {
    100. 

  100. 					r.Header.Set("X-Forwarded-Host", r.Host)
    101. 

  101. 				}
    102. 

  102. 

  103. 				host, _, err := net.SplitHostPort(r.RemoteAddr)
    104. 

  104. 				if err == nil {
    105. 

  105. 					r.Header.Set("X-Real-Ip", host)
    106. 

  106. 				}
    107. 

  107. 			},
    108. 

  108. 			Transport: &http.Transport{
    109. 

  109. 				DialContext: func(_ context.Context, _, _ string) (net.Conn, error) {
    110. 

  110. 					return net.Dial("unix", strings.TrimPrefix(*proxyTo, "unix://"))
    111. 

  111. 				},
    112. 

  112. 			},
    113. 

  113. 		}
    114. 

  114. 	}
    115. 

  115. 

  116. 	log.Fatal(
    117. 

  117. 		http.ListenAndServeTLS(
    118. 

  118. 			*bind,
    119. 

  119. 			cert,
    120. 

  120. 			key,
    121. 

  121. 			h,
    122. 

  122. 		),
    123. 

  123. 	)
    124. 

  124. }
    125.