/
default.go
195 lines (174 loc) · 6.07 KB
/
default.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
package util
import (
"crypto/tls"
"errors"
"github.com/curltech/go-colla-core/config"
"github.com/curltech/go-colla-core/logger"
"github.com/valyala/fasthttp"
"golang.org/x/crypto/acme"
"golang.org/x/crypto/acme/autocert"
"net"
"net/http"
"strings"
)
/**
对http和fasthttp进行tls的支持,支持cert和letsencrypt两种方式
cert模式传入的是cert和key文件的地址
letsencrypt模式传入的是domain
同时也同时支持传入地址和监听器两种方式
*/
func FastHttpServeTLS(listener net.Listener, handler fasthttp.RequestHandler, cert string, key string) error {
if cert == "" || key == "" {
return errors.New("NoTLSCertKey")
}
logger.Sugar.Infof("Proxying calls from https://%s to %s started!", listener.Addr().String())
err := fasthttp.ServeTLS(listener, cert, key, handler)
if err != nil {
logger.Sugar.Errorf("failed to fasthttp.ListenAndServeTLS: %v", err.Error())
}
return err
}
func HttpServeTLS(listener net.Listener, handler http.Handler, cert string, key string) error {
if cert == "" || key == "" {
return errors.New("NoTLSCertKey")
}
logger.Sugar.Infof("Proxying calls from https://%s to %s started!", listener.Addr().String())
err := http.ServeTLS(listener, handler, cert, key)
if err != nil {
logger.Sugar.Errorf("failed to http.ListenAndServeTLS: %v", err.Error())
}
return err
}
func FastHttpListenAndServeTLS(addr string, cert string, key string, handler fasthttp.RequestHandler) error {
if cert == "" || key == "" {
return errors.New("NoTLSCertKey")
}
logger.Sugar.Infof("Proxying calls from https://%s to %s started!", addr)
err := fasthttp.ListenAndServeTLS(addr, cert, key, handler)
if err != nil {
logger.Sugar.Errorf("failed to fasthttp.ListenAndServeTLS: %v", err.Error())
}
return err
}
func HttpListenAndServeTLS(addr string, cert string, key string, handler http.Handler) error {
if cert == "" || key == "" {
return errors.New("NoTLSCertKey")
}
logger.Sugar.Infof("Proxying calls from https://%s to %s started!", addr)
err := http.ListenAndServeTLS(addr, cert, key, handler)
if err != nil {
logger.Sugar.Errorf("failed to http.ListenAndServeTLS: %v", err.Error())
}
return err
}
func FastHttpLetsEncrypt(addr string, domain string, handler fasthttp.RequestHandler) error {
logger.Sugar.Infof("Domain specified, using LetsEncrypt to autogenerate and serve certs for %s\n", domain)
// 必须使用443
if !strings.HasSuffix(addr, ":443") {
logger.Sugar.Infof("WARN: Right now, you must serve on port :443 to use autogenerated LetsEncrypt certs using the -domain flag, this may NOT WORK")
}
m := &autocert.Manager{
Cache: autocert.DirCache("certs"),
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(config.TlsParams.Domain),
}
cfg := &tls.Config{
GetCertificate: m.GetCertificate,
NextProtos: []string{
"http/1.1", acme.ALPNProto,
},
}
// Let's Encrypt tls-alpn-01 only works on port 443.
ln, err := net.Listen("tcp4", addr) /* #nosec G102 */
if err != nil {
logger.Sugar.Errorf("failed to server.Listen: %v", err.Error())
return err
}
lnTls := tls.NewListener(ln, cfg)
if err := fasthttp.Serve(lnTls, handler); err != nil {
if err != nil {
logger.Sugar.Errorf("failed to fasthttp.Serve: %v", err.Error())
return err
}
}
return err
}
func HttpLetsEncrypt(addr string, domain string, handler http.Handler) error {
logger.Sugar.Infof("Domain specified, using LetsEncrypt to autogenerate and serve certs for %s\n", domain)
// 必须使用443
if !strings.HasSuffix(addr, ":443") {
logger.Sugar.Infof("WARN: Right now, you must serve on port :443 to use autogenerated LetsEncrypt certs using the -domain flag, this may NOT WORK")
}
m := &autocert.Manager{
Cache: autocert.DirCache("certs"),
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(config.TlsParams.Domain),
}
server := &http.Server{
Addr: addr,
TLSConfig: m.TLSConfig(),
}
server.Handler = handler
err := server.ListenAndServeTLS("", "")
if err != nil {
logger.Sugar.Errorf("failed to server.ListenAndServeTLS: %v", err.Error())
return err
}
return err
}
func FastHttpLetsEncryptServe(listener net.Listener, domain string, handler fasthttp.RequestHandler) error {
logger.Sugar.Infof("Domain specified, using LetsEncrypt to autogenerate and serve certs for %s\n", domain)
// 必须使用443
if !strings.HasSuffix(listener.Addr().String(), ":443") {
logger.Sugar.Infof("WARN: Right now, you must serve on port :443 to use autogenerated LetsEncrypt certs using the -domain flag, this may NOT WORK")
}
m := &autocert.Manager{
Cache: autocert.DirCache("certs"),
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(config.TlsParams.Domain),
}
cfg := &tls.Config{
GetCertificate: m.GetCertificate,
NextProtos: []string{
"http/1.1", acme.ALPNProto,
},
}
// Let's Encrypt tls-alpn-01 only works on port 443.
//ln, err := net.Listen("tcp4", addr) /* #nosec G102 */
//if err != nil {
// logger.Sugar.Errorf("failed to server.Listen: %v", err.Error())
// return err
//}
lnTls := tls.NewListener(listener, cfg)
err := fasthttp.Serve(lnTls, handler)
if err != nil {
if err != nil {
logger.Sugar.Errorf("failed to fasthttp.Serve: %v", err.Error())
return err
}
}
return err
}
func HttpLetsEncryptServe(listener net.Listener, domain string, handler http.Handler) error {
logger.Sugar.Infof("Domain specified, using LetsEncrypt to autogenerate and serve certs for %s\n", domain)
// 必须使用443
if !strings.HasSuffix(listener.Addr().String(), ":443") {
logger.Sugar.Infof("WARN: Right now, you must serve on port :443 to use autogenerated LetsEncrypt certs using the -domain flag, this may NOT WORK")
}
m := &autocert.Manager{
Cache: autocert.DirCache("certs"),
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist(config.TlsParams.Domain),
}
server := &http.Server{
Addr: listener.Addr().String(),
TLSConfig: m.TLSConfig(),
}
server.Handler = handler
err := server.ServeTLS(listener, "", "")
if err != nil {
logger.Sugar.Errorf("failed to server.ListenAndServeTLS: %v", err.Error())
return err
}
return err
}