Add TLS certificates for machine drivers (#73)
This commit is contained in:
Marcos Nils
81
api.go
81
api.go
@@ -1,9 +1,12 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"flag"
|
||||
"strconv"
|
||||
@@ -17,8 +20,12 @@ import (
|
||||
)
|
||||
|
||||
func main() {
|
||||
var portNumber int
|
||||
var sslPortNumber, portNumber int
|
||||
var key, cert string
|
||||
flag.IntVar(&portNumber, "port", 3000, "Give a TCP port to run the application")
|
||||
flag.IntVar(&sslPortNumber, "sslPort", 3001, "Give a SSL TCP port")
|
||||
flag.StringVar(&key, "key", "./pwd/server-key.pem", "Server key for SSL")
|
||||
flag.StringVar(&cert, "cert", "./pwd/server.pem", "Give a SSL cert")
|
||||
flag.Parse()
|
||||
|
||||
bypassCaptcha := len(os.Getenv("GOOGLE_RECAPTCHA_DISABLED")) > 0
|
||||
@@ -36,14 +43,31 @@ func main() {
|
||||
|
||||
// Reverse proxy (needs to be the first route, to make sure it is the first thing we check)
|
||||
proxyHandler := handlers.NewMultipleHostReverseProxy()
|
||||
|
||||
// Specific routes
|
||||
r.Host(`{node:ip[0-9]{1,3}_[0-9]{1,3}_[0-9]{1,3}_[0-9]{1,3}}-{port:[0-9]*}.{tld:.*}`).Handler(proxyHandler)
|
||||
r.Host(`{node:ip[0-9]{1,3}_[0-9]{1,3}_[0-9]{1,3}_[0-9]{1,3}}.{tld:.*}`).Handler(proxyHandler)
|
||||
r.HandleFunc("/ping", handlers.Ping).Methods("GET")
|
||||
r.HandleFunc("/sessions/{sessionId}", handlers.GetSession).Methods("GET")
|
||||
r.HandleFunc("/sessions/{sessionId}/instances", handlers.NewInstance).Methods("POST")
|
||||
r.HandleFunc("/sessions/{sessionId}/instances/{instanceName}", handlers.DeleteInstance).Methods("DELETE")
|
||||
r.HandleFunc("/sessions/{sessionId}/instances/{instanceName}/keys", handlers.SetKeys).Methods("POST")
|
||||
|
||||
r.StrictSlash(false)
|
||||
h := func(w http.ResponseWriter, r *http.Request) {
|
||||
http.ServeFile(w, r, "./www/index.html")
|
||||
}
|
||||
|
||||
r.HandleFunc("/ping", http.HandlerFunc(handlers.Ping)).Methods("GET")
|
||||
r.HandleFunc("/p/{sessionId}", h).Methods("GET")
|
||||
r.PathPrefix("/assets").Handler(http.FileServer(http.Dir("./www")))
|
||||
r.HandleFunc("/robots.txt", func(rw http.ResponseWriter, r *http.Request) {
|
||||
http.ServeFile(rw, r, "www/robots.txt")
|
||||
})
|
||||
|
||||
r.HandleFunc("/", http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
||||
r.Handle("/sessions/{sessionId}/ws/", server)
|
||||
r.Handle("/metrics", promhttp.Handler())
|
||||
|
||||
// Generic routes
|
||||
r.HandleFunc("/", func(rw http.ResponseWriter, r *http.Request) {
|
||||
if bypassCaptcha {
|
||||
http.ServeFile(rw, r, "./www/bypass.html")
|
||||
} else {
|
||||
@@ -53,31 +77,38 @@ func main() {
|
||||
}
|
||||
rw.Write(welcome)
|
||||
}
|
||||
})).Methods("GET")
|
||||
}).Methods("GET")
|
||||
|
||||
r.HandleFunc("/", http.HandlerFunc(handlers.NewSession)).Methods("POST")
|
||||
|
||||
r.HandleFunc("/sessions/{sessionId}", http.HandlerFunc(handlers.GetSession)).Methods("GET")
|
||||
r.HandleFunc("/sessions/{sessionId}/instances", http.HandlerFunc(handlers.NewInstance)).Methods("POST")
|
||||
r.HandleFunc("/sessions/{sessionId}/instances/{instanceName}", http.HandlerFunc(handlers.DeleteInstance)).Methods("DELETE")
|
||||
|
||||
h := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
http.ServeFile(w, r, "./www/index.html")
|
||||
})
|
||||
|
||||
r.HandleFunc("/p/{sessionId}", h).Methods("GET")
|
||||
r.PathPrefix("/assets").Handler(http.FileServer(http.Dir("./www")))
|
||||
r.HandleFunc("/robots.txt", http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
|
||||
http.ServeFile(rw, r, "www/robots.txt")
|
||||
}))
|
||||
|
||||
r.Handle("/sessions/{sessionId}/ws/", server)
|
||||
r.Handle("/metrics", promhttp.Handler())
|
||||
r.HandleFunc("/", handlers.NewSession).Methods("POST")
|
||||
|
||||
n := negroni.Classic()
|
||||
n.UseHandler(r)
|
||||
|
||||
log.Println("Listening on port " + strconv.Itoa(portNumber))
|
||||
log.Fatal(http.ListenAndServe("0.0.0.0:"+strconv.Itoa(portNumber), n))
|
||||
go func() {
|
||||
log.Println("Listening on port " + strconv.Itoa(portNumber))
|
||||
log.Fatal(http.ListenAndServe("0.0.0.0:"+strconv.Itoa(portNumber), n))
|
||||
}()
|
||||
|
||||
ssl := mux.NewRouter()
|
||||
sslProxyHandler := handlers.NewSSLDaemonHandler()
|
||||
ssl.Host(`{node:ip[0-9]{1,3}_[0-9]{1,3}_[0-9]{1,3}_[0-9]{1,3}}-2375.{tld:.*}`).Handler(sslProxyHandler)
|
||||
log.Println("Listening TLS on port " + strconv.Itoa(sslPortNumber))
|
||||
|
||||
s := &http.Server{Addr: "0.0.0.0:" + strconv.Itoa(sslPortNumber), Handler: ssl}
|
||||
s.TLSConfig = &tls.Config{}
|
||||
s.TLSConfig.GetCertificate = func(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||
|
||||
chunks := strings.Split(clientHello.ServerName, ".")
|
||||
chunks = strings.Split(chunks[0], "-")
|
||||
ip := strings.Replace(strings.TrimPrefix(chunks[0], "ip"), "_", ".", -1)
|
||||
i := services.FindInstanceByIP(ip)
|
||||
if i == nil {
|
||||
return nil, fmt.Errorf("Instance %s doesn't exist", clientHello.ServerName)
|
||||
}
|
||||
if i.GetCertificate() == nil {
|
||||
return nil, fmt.Errorf("Instance %s doesn't have a certificate", clientHello.ServerName)
|
||||
}
|
||||
return i.GetCertificate(), nil
|
||||
}
|
||||
log.Fatal(s.ListenAndServeTLS("", ""))
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user