1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
package main
import (
"context"
"crypto/tls"
"fmt"
"net"
"net/http"
"net/http/httputil"
"net/url"
)
type multipleReverseProxyServer struct {
rules []rewriteRule
}
type rewriteRule struct {
fromHost string
toUrl *url.URL
proxy *httputil.ReverseProxy
}
func newMultipleReverseProxyServer(ps []ProxyConfig) *multipleReverseProxyServer {
var rules []rewriteRule
for _, p := range ps {
targetUrl, err := url.Parse(fmt.Sprintf("http://%s:%d", p.To.Host, p.To.Port))
if err != nil {
// This setting should be validated when loading config.
panic(err)
}
rules = append(rules, rewriteRule{
fromHost: p.From.Host,
toUrl: targetUrl,
proxy: &httputil.ReverseProxy{
Rewrite: func(r *httputil.ProxyRequest) {
r.SetURL(targetUrl)
r.SetXForwarded()
},
},
})
}
return &multipleReverseProxyServer{
rules: rules,
}
}
func (s *multipleReverseProxyServer) tryServeHTTP(w http.ResponseWriter, r *http.Request) bool {
for _, rule := range s.rules {
if r.Host == rule.fromHost {
rule.proxy.ServeHTTP(w, r)
return true
}
}
return false
}
type Server struct {
s http.Server
tlsEnabled bool
}
func NewServer(cfg *ServerConfig) *Server {
h := http.NewServeMux()
if cfg.ACMEChallenge != nil {
h.Handle(
"/.well-known/acme-challenge/",
http.FileServer(http.Dir(cfg.ACMEChallenge.Root)),
)
}
if cfg.RedirectToHTTPS {
h.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
target := r.URL
target.Scheme = "https"
target.Host = r.Host
http.Redirect(w, r, target.String(), http.StatusMovedPermanently)
})
} else {
reverseProxyServer := newMultipleReverseProxyServer(cfg.Proxies)
h.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
found := reverseProxyServer.tryServeHTTP(w, r)
if !found {
http.NotFound(w, r)
}
})
}
var tlsConfig *tls.Config
if cfg.TLSCertFile != "" && cfg.TLSKeyFile != "" {
cert, err := tls.LoadX509KeyPair(cfg.TLSCertFile, cfg.TLSKeyFile)
if err != nil {
panic(err)
}
tlsConfig = &tls.Config{
Certificates: []tls.Certificate{cert},
}
}
return &Server{
tlsEnabled: cfg.Protocol == "https",
s: http.Server{
Addr: fmt.Sprintf("%s:%d", cfg.Host, cfg.Port),
Handler: h,
TLSConfig: tlsConfig,
},
}
}
func (s *Server) Label() string {
return s.s.Addr
}
func (s *Server) Serve(listener net.Listener) error {
if s.tlsEnabled {
return s.s.ServeTLS(listener, "", "")
} else {
return s.s.Serve(listener)
}
}
func (s *Server) Shutdown(ctx context.Context) {
s.s.Shutdown(ctx)
}
func NewListener(cfg *ServerConfig) (net.Listener, error) {
return net.Listen("tcp", fmt.Sprintf("%s:%d", cfg.Host, cfg.Port))
}
|
