aboutsummaryrefslogtreecommitdiff
path: root/server.go
diff options
context:
space:
mode:
Diffstat (limited to 'server.go')
-rw-r--r--server.go46
1 files changed, 7 insertions, 39 deletions
diff --git a/server.go b/server.go
index a11da91..223078c 100644
--- a/server.go
+++ b/server.go
@@ -2,8 +2,7 @@ package goxy
import (
"crypto/tls"
- "crypto/x509"
- "fmt"
+ "errors"
"net/http"
"net/http/httputil"
"net/url"
@@ -12,44 +11,12 @@ import (
type Server struct {
DataFile string
Routes
- SNI
+ Certs
wwwServer http.Server
tlsServer http.Server
rpcServer http.Server
}
-// SNI holds certificates
-type SNI map[string]*tls.Certificate
-
-// GetCertificate returns certificate for SNI negotiation
-func (s SNI) getCertificate(h *tls.ClientHelloInfo) (*tls.Certificate, error) {
- if v, ok := s[h.ServerName]; ok {
- return v, nil
- }
- return nil, fmt.Errorf("no cert for %q", h.ServerName)
-}
-
-func (s SNI) addCertificate(cert, key []byte) error {
- c, err := tls.X509KeyPair(cert, key)
- if err != nil {
- return err
- }
- c.Leaf, err = x509.ParseCertificate(c.Certificate[0])
- if err != nil {
- return err
- }
- if cn := c.Leaf.Subject.CommonName; cn != "" {
- s[cn] = &c
- }
- for _, name := range c.Leaf.DNSNames {
- s[name] = &c
- }
- for _, ip := range c.Leaf.IPAddresses {
- s[ip.String()] = &c
- }
- return nil
-}
-
func NewServer(dataFile, listenWWW, listenTLS, listenRPC string) (*Server, error) {
if listenRPC == "" {
listenRPC = RPCPort
@@ -57,7 +24,7 @@ func NewServer(dataFile, listenWWW, listenTLS, listenRPC string) (*Server, error
server := &Server{
DataFile: dataFile,
Routes: make(Routes),
- SNI: make(SNI),
+ Certs: make(Certs),
wwwServer: http.Server{Addr: listenWWW},
tlsServer: http.Server{Addr: listenTLS},
rpcServer: http.Server{Addr: listenRPC},
@@ -69,7 +36,8 @@ func NewServer(dataFile, listenWWW, listenTLS, listenRPC string) (*Server, error
server.Load(dataFile)
}
registerRPC(server)
- http.Handle("/debug/route", server)
+ http.Handle("/debug/routes", server.Routes)
+ http.Handle("/debug/certs", server.Certs)
return server, server.UpdateMux()
}
@@ -98,7 +66,7 @@ func (s *Server) UpdateMux() error {
case "http", "":
wwwMux.Handle(host, NewReverseProxy(upstream))
case "https":
- err := s.SNI.addCertificate(route.Cert, route.Key)
+ err := s.Certs.addCertificate(route.Cert, route.Key)
if err != nil {
return err
}
@@ -107,7 +75,7 @@ func (s *Server) UpdateMux() error {
case "ws":
wwwMux.Handle(host, NewWebSocketProxy(upstream))
case "wss":
- return fmt.Errorf("wss won't work with http/2.0")
+ return errors.New("wss won't work with http/2.0")
}
}
s.wwwServer.Handler = wwwMux