aboutsummaryrefslogtreecommitdiff
path: root/main.go
blob: 36dc55ccbc1f9f7382eebd7efbae5f7db498ce46 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
package main

import (
	"crypto/tls"
	"errors"
	"flag"
	"log"
	"net/http"
	"net/http/httputil"
	"net/url"
)

var (
	data   = flag.String("data", "data/goxy.gob", "persistent storage file")
	route  = make(Route)
	server = http.Server{
		Handler:   http.NewServeMux(),
		TLSConfig: &tls.Config{GetCertificate: route.SNI},
	}
)

type Route map[string]Entry

type Entry struct {
	ServerName string
	Upstream   string
	Cert       []byte
	Key        []byte
	cert       *tls.Certificate
}

func (r Route) SNI(h *tls.ClientHelloInfo) (*tls.Certificate, error) {
	if e, ok := r[h.ServerName]; ok && e.cert != nil {
		return e.cert, nil
	}
	return nil, errors.New("no cert for " + h.ServerName)
}

func (r Route) Restore() error {
	mux := http.NewServeMux()
	for k, v := range route {
		if v.Cert != nil && v.Key != nil {
			cert, err := tls.X509KeyPair(v.Cert, v.Key)
			if err != nil {
				return err
			}
			v.cert = &cert
			r[k] = v
		}
		up, err := url.Parse(v.Upstream)
		if err != nil {
			return err
		}
		mux.Handle(v.ServerName+"/", httputil.NewSingleHostReverseProxy(up))
	}
	server.Handler = mux
	return nil
}

func (e Entry) String() string {
	if e.cert != nil {
		return e.ServerName + " -> " + e.Upstream + " with TLS"
	} else {
		return e.ServerName + " -> " + e.Upstream
	}
}

func main() {
	flag.Parse()

	if err := route.Load(*data); err != nil {
		log.Println(err)
	}
	if err := route.Restore(); err != nil {
		log.Fatal(err)
	}

	errc := make(chan error)
	go func() { errc <- server.ListenAndServe() }()
	go func() { errc <- server.ListenAndServeTLS("", "") }()
	go func() { errc <- http.ListenAndServe(":http-alt", nil) }()
	log.Fatal(<-errc)
}