-
Notifications
You must be signed in to change notification settings - Fork 55
/
caddy_gateway_config.go
126 lines (107 loc) · 3.44 KB
/
caddy_gateway_config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
package web
import (
"encoding/json"
crccaddy "github.com/RedHatInsights/crc-caddy-plugin"
caddy "github.com/caddyserver/caddy/v2"
caddyconfig "github.com/caddyserver/caddy/v2/caddyconfig"
caddyhttp "github.com/caddyserver/caddy/v2/modules/caddyhttp"
caddyreverseproxy "github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy"
caddytls "github.com/caddyserver/caddy/v2/modules/caddytls"
)
type ProxyRoute struct {
Upstream string `json:"upstream"`
Path string `json:"path"`
}
func GenerateRoute(upstream ProxyRoute, warnings *[]caddyconfig.Warning) *caddyhttp.Route {
reverseProxy := caddyreverseproxy.Handler{
Upstreams: []*caddyreverseproxy.Upstream{{
Dial: upstream.Upstream,
}},
}
routings := caddyhttp.Subroute{
Routes: caddyhttp.RouteList{{
HandlersRaw: []json.RawMessage{
caddyconfig.JSONModuleObject(reverseProxy, "handler", "reverse_proxy", warnings),
},
}},
}
path := caddyhttp.MatchPath{upstream.Path}
route := caddyhttp.Route{
Group: "group2",
HandlersRaw: []json.RawMessage{
caddyconfig.JSONModuleObject(routings, "handler", "subroute", warnings),
},
MatcherSetsRaw: caddyhttp.RawMatcherSets{
caddy.ModuleMap{"path": caddyconfig.JSON(path, warnings)},
},
}
return &route
}
func GenerateConfig(hostname string, bopAddress string, whitelist []string, appRoutes []ProxyRoute) (string, error) {
var warnings []caddyconfig.Warning
host := caddyhttp.MatchHost{hostname}
crcauth := crccaddy.Middleware{
Output: "stdout",
BOP: bopAddress,
Whitelist: whitelist,
}
subRoute := caddyhttp.Subroute{
Routes: caddyhttp.RouteList{
{
HandlersRaw: []json.RawMessage{
caddyconfig.JSONModuleObject(crcauth, "handler", "crcauth", &warnings),
},
},
},
}
for _, appRoute := range appRoutes {
subRoute.Routes = append(subRoute.Routes, *GenerateRoute(appRoute, &warnings))
}
sni := []string{hostname}
appConfig := caddyhttp.App{
HTTPPort: 8888,
HTTPSPort: 9090,
Servers: map[string]*caddyhttp.Server{"srv0": {
Listen: []string{":9090"},
Routes: []caddyhttp.Route{{
Terminal: true,
MatcherSetsRaw: caddyhttp.RawMatcherSets{
caddy.ModuleMap{"host": caddyconfig.JSON(host, &warnings)},
},
Handlers: []caddyhttp.MiddlewareHandler{},
//HandlersRaw: []json.RawMessage{caddyconfig.JSON(reverseProxy, &warnings)},nbu?
HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject(subRoute, "handler", "subroute", &warnings)},
}},
TLSConnPolicies: []*caddytls.ConnectionPolicy{{
MatchersRaw: caddy.ModuleMap{"sni": caddyconfig.JSON(sni, &warnings)},
CertSelection: &caddytls.CustomCertSelectionPolicy{
AnyTag: []string{"cert0"},
},
ClientAuthentication: &caddytls.ClientAuthentication{
Mode: "verify_if_given",
TrustedCACertPEMFiles: []string{"/cas/ca.pem"},
},
}, {}},
Logs: &caddyhttp.ServerLogConfig{
LoggerNames: map[string]string{"localhost.localdomain:9090": ""},
},
}},
}
fl := caddytls.FileLoader{{
Certificate: "/certs/tls.crt",
Key: "/certs/tls.key",
Tags: []string{"cert0"},
}}
tlsConfig := caddytls.TLS{
CertificatesRaw: caddy.ModuleMap{"load_files": caddyconfig.JSON(fl, &warnings)},
}
v := caddy.Config{
StorageRaw: []byte{},
AppsRaw: map[string]json.RawMessage{
"http": caddyconfig.JSON(appConfig, &warnings),
"tls": caddyconfig.JSON(tlsConfig, &warnings),
},
}
pretty, _ := json.MarshalIndent(v, "", " ")
return string(pretty), nil
}