aboutsummaryrefslogtreecommitdiff
path: root/server.go
blob: e1618db874eb95b4793672d45c9c809b2115a6e5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
package goxy

import (
	"crypto/tls"
	"fmt"
	"net"
	"net/http"
	"net/http/httputil"
	"net/url"
)

type Server struct {
	DataFile string
	Routes
	SNI
	wwwServer http.Server
	tlsServer http.Server
	rpcServer http.Server
}

// SNI holds certificates
type SNI map[string]*tls.Certificate

// GetCertificate returns certificate for SNI negotiation
func (s SNI) getCertificate(h *tls.ClientHelloInfo) (*tls.Certificate, error) {
	if v, ok := s[h.ServerName]; ok {
		return v, nil
	}
	return nil, fmt.Errorf("no cert for %q", h.ServerName)
}

func (s SNI) addCertificate(host string, cert, key []byte) error {
	c, err := tls.X509KeyPair(cert, key)
	if err != nil {
		return err
	}
	slug, _, err := net.SplitHostPort(host)
	if err != nil {
		slug = host
	}
	s[slug] = &c
	return nil
}

func NewServer(dataFile, listenWWW, listenTLS, listenRPC string) (*Server, error) {
	if listenRPC == "" {
		listenRPC = RPCPort
	}
	server := &Server{
		DataFile:  dataFile,
		Routes:    make(Routes),
		SNI:       make(SNI),
		wwwServer: http.Server{Addr: listenWWW},
		tlsServer: http.Server{Addr: listenTLS},
		rpcServer: http.Server{Addr: listenRPC},
	}
	server.tlsServer.TLSConfig = &tls.Config{
		GetCertificate: server.getCertificate,
	}
	if dataFile != "" {
		server.Load(dataFile)
	}
	registerRPC(server)
	http.Handle("/debug/route", server)
	return server, server.UpdateMux()
}

func NewRedirect(host string) http.Handler {
	return http.RedirectHandler(host, http.StatusMovedPermanently)
}

func NewReverseProxy(target *url.URL) *httputil.ReverseProxy {
	return httputil.NewSingleHostReverseProxy(target)
}

// Update routes from in-memory state
func (s *Server) UpdateMux() error {
	wwwMux := http.NewServeMux()
	tlsMux := http.NewServeMux()
	for host, route := range s.Routes {
		serverName, err := url.Parse(route.Host)
		if err != nil {
			return err
		}
		upstream, err := url.Parse(route.Upstream)
		if err != nil {
			return err
		}
		switch serverName.Scheme {
		case "http", "":
			wwwMux.Handle(host, NewReverseProxy(upstream))
		case "https":
			err := s.SNI.addCertificate(host, route.Cert, route.Key)
			if err != nil {
				return err
			}
			tlsMux.Handle(host, NewReverseProxy(upstream))
			wwwMux.Handle(host, NewRedirect("https://"+host))
		case "ws":
			wwwMux.Handle(host, NewWebSocketProxy(upstream))
		case "wss":
			err := s.SNI.addCertificate(host, route.Cert, route.Key)
			if err != nil {
				return err
			}
			tlsMux.Handle(host, NewWebSocketProxy(upstream))
			wwwMux.Handle(host, NewRedirect("wss://"+host))
		}
	}
	s.wwwServer.Handler = wwwMux
	s.tlsServer.Handler = tlsMux
	return nil
}

func (s *Server) Start() error {
	errc := make(chan error)
	go func() { errc <- s.wwwServer.ListenAndServe() }()
	go func() { errc <- s.tlsServer.ListenAndServeTLS("", "") }()
	go func() { errc <- s.rpcServer.ListenAndServe() }()
	return <-errc
}