forked from antoniomika/sish
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhttp.go
123 lines (103 loc) · 2.59 KB
/
http.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
package main
import (
"crypto/tls"
"fmt"
"log"
"net"
"net/http"
"net/http/httputil"
"path/filepath"
"strings"
"github.com/gorilla/websocket"
"github.com/koding/websocketproxy"
"github.com/gin-gonic/gin"
)
// ProxyHolder holds proxy and connection info
type ProxyHolder struct {
ProxyHost string
ProxyTo string
Scheme string
}
func startHTTPHandler(state *State) {
releaseMode := gin.ReleaseMode
if *debug {
releaseMode = gin.DebugMode
}
gin.SetMode(releaseMode)
r := gin.New()
r.Use(func(c *gin.Context) {
clientIPAddr, _, err := net.SplitHostPort(c.Request.RemoteAddr)
if state.IPFilter.Blocked(c.ClientIP()) || state.IPFilter.Blocked(clientIPAddr) || err != nil {
c.AbortWithStatus(http.StatusForbidden)
return
}
c.Next()
}, gin.Logger(), gin.Recovery(), func(c *gin.Context) {
hostname := strings.Split(c.Request.Host, ":")[0]
if hostname == *rootDomain && *redirectRoot {
c.Redirect(http.StatusFound, *redirectRootLocation)
return
}
loc, ok := state.HTTPListeners.Load(hostname)
if !ok {
c.AbortWithError(http.StatusNotFound, fmt.Errorf("cannot find connection for host: %s", hostname))
return
}
requestedScheme := "http"
if c.Request.TLS != nil {
requestedScheme = "https"
}
c.Request.Header.Set("X-Forwarded-Proto", requestedScheme)
proxyHolder := loc.(*ProxyHolder)
url := *c.Request.URL
url.Host = "local"
url.Path = ""
url.RawQuery = ""
url.Fragment = ""
url.Scheme = proxyHolder.Scheme
dialer := func(network, addr string) (net.Conn, error) {
return net.Dial("unix", proxyHolder.ProxyTo)
}
tlsConfig := &tls.Config{
InsecureSkipVerify: !*verifySSL,
}
if c.IsWebsocket() {
scheme := "ws"
if url.Scheme == "https" {
scheme = "wss"
}
var checkOrigin func(r *http.Request) bool
if !*verifyOrigin {
checkOrigin = func(r *http.Request) bool {
return true
}
}
url.Scheme = scheme
wsProxy := websocketproxy.NewProxy(&url)
wsProxy.Upgrader = &websocket.Upgrader{
ReadBufferSize: 1024,
WriteBufferSize: 1024,
CheckOrigin: checkOrigin,
}
wsProxy.Dialer = &websocket.Dialer{
NetDial: dialer,
TLSClientConfig: tlsConfig,
}
gin.WrapH(wsProxy)(c)
return
}
proxy := httputil.NewSingleHostReverseProxy(&url)
proxy.Transport = &http.Transport{
Dial: dialer,
TLSClientConfig: tlsConfig,
}
gin.WrapH(proxy)(c)
return
})
if *httpsEnabled {
go func() {
log.Fatal(r.RunTLS(*httpsAddr, filepath.Join(*httpsPems, "fullchain.pem"), filepath.Join(*httpsPems, "privkey.pem")))
}()
}
log.Fatal(r.Run(*httpAddr))
}