aboutsummaryrefslogtreecommitdiff
path: root/main.go
blob: 946603f059ac48e933f10d357ca682c09283bf8b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
package main

import (
	"crypto/tls"
	"errors"
	"flag"
	"io/ioutil"
	"log"
	"net/http"
	"net/http/httputil"
	"net/url"
	"sync"

	"gopkg.in/yaml.v2"
)

var (
	config    = flag.String("conf", "certs/goxy.yml", "configuration file")
	listen    = flag.String("listen", ":http", "HTTP")
	listenTLS = flag.String("listentls", ":https", "TLS")
)

type Config map[string]Route

type Route struct {
	CertFile string
	KeyFile  string
	Upstream string
	cert     *tls.Certificate
}

func (c Config) SNI(h *tls.ClientHelloInfo) (*tls.Certificate, error) {
	if r, ok := c[h.ServerName]; ok && r.cert != nil {
		return r.cert, nil
	}
	return nil, errors.New("no cert for " + h.ServerName)
}

func (r *Route) LoadCert() error {
	if r.CertFile == "" && r.KeyFile == "" {
		return nil
	}
	cert, err := tls.LoadX509KeyPair(r.CertFile, r.KeyFile)
	if err != nil {
		return err
	}
	r.cert = &cert
	return nil
}

func (r Route) String() string {
	if r.cert != nil {
		return r.Upstream + " with TLS"
	} else {
		return r.Upstream
	}
}

func LoadConfig(fname string) (Config, error) {
	conf, err := ioutil.ReadFile(fname)
	if err != nil {
		return Config{}, err
	}
	var c Config
	return c, yaml.Unmarshal(conf, &c)
}

func main() {
	flag.Parse()
	c, err := LoadConfig(*config)
	if err != nil {
		log.Fatal(err)
	}

	for k, v := range c {
		if err := v.LoadCert(); err != nil {
			log.Println("load", err)
			continue
		}
		c[k] = v
		up, err := url.Parse(v.Upstream)
		if err != nil {
			log.Println("upstream", err)
			continue
		}
		log.Println("map", k, "to", v)
		http.Handle(k+"/", httputil.NewSingleHostReverseProxy(up))
	}

	var wg sync.WaitGroup
	wg.Add(2)
	go func() {
		defer wg.Done()
		log.Println("listen", *listenTLS)
		s := http.Server{
			Addr:      *listenTLS,
			TLSConfig: &tls.Config{GetCertificate: c.SNI},
		}
		log.Fatal(s.ListenAndServeTLS("", ""))
	}()
	go func() {
		defer wg.Done()
		log.Println("listen", *listen)
		s := http.Server{
			Addr: *listen,
		}
		log.Fatal(s.ListenAndServe())
	}()
	wg.Wait()
}