diff options
author | Valery Piashchynski <[email protected]> | 2021-01-21 20:15:10 +0300 |
---|---|---|
committer | Valery Piashchynski <[email protected]> | 2021-01-21 20:15:10 +0300 |
commit | 4d60db85d1c0bfeddffe1de3e28d3464949c5f6d (patch) | |
tree | af1598be614ea234f063815e0f6e7ef84c66812e /plugins/http/plugin.go | |
parent | 788e7b8d01874208504a8b56159b4de378d4a0bc (diff) |
Allow https to listen on unix sockets
Diffstat (limited to 'plugins/http/plugin.go')
-rw-r--r-- | plugins/http/plugin.go | 61 |
1 files changed, 38 insertions, 23 deletions
diff --git a/plugins/http/plugin.go b/plugins/http/plugin.go index 35acd2b7..249d2e57 100644 --- a/plugins/http/plugin.go +++ b/plugins/http/plugin.go @@ -36,6 +36,9 @@ const ( // RR_HTTP env variable key (internal) if the HTTP presents RR_HTTP = "RR_HTTP" //nolint:golint,stylecheck + + // HTTPS_SCHEME + HTTPS_SCHEME = "https" //nolint:golint,stylecheck ) // Middleware interface @@ -154,9 +157,9 @@ func (s *Plugin) Serve() chan error { if s.cfg.EnableHTTP() { if s.cfg.EnableH2C() { - s.http = &http.Server{Addr: s.cfg.Address, Handler: h2c.NewHandler(s, &http2.Server{})} + s.http = &http.Server{Handler: h2c.NewHandler(s, &http2.Server{})} } else { - s.http = &http.Server{Addr: s.cfg.Address, Handler: s} + s.http = &http.Server{Handler: s} } } @@ -190,9 +193,15 @@ func (s *Plugin) Serve() chan error { if s.http != nil { go func() { - httpErr := s.http.ListenAndServe() - if httpErr != nil && httpErr != http.ErrServerClosed { - errCh <- errors.E(op, httpErr) + l, err := utils.CreateListener(s.cfg.Address) + if err != nil { + errCh <- errors.E(op, err) + return + } + + err = s.http.Serve(l) + if err != nil && err != http.ErrServerClosed { + errCh <- errors.E(op, err) return } }() @@ -200,13 +209,20 @@ func (s *Plugin) Serve() chan error { if s.https != nil { go func() { - httpErr := s.https.ListenAndServeTLS( + l, err := utils.CreateListener(s.cfg.SSLConfig.Address) + if err != nil { + errCh <- errors.E(op, err) + return + } + + err = s.https.ServeTLS( + l, s.cfg.SSLConfig.Cert, s.cfg.SSLConfig.Key, ) - if httpErr != nil && httpErr != http.ErrServerClosed { - errCh <- errors.E(op, httpErr) + if err != nil && err != http.ErrServerClosed { + errCh <- errors.E(op, err) return } }() @@ -270,7 +286,8 @@ func (s *Plugin) ServeHTTP(w http.ResponseWriter, r *http.Request) { return } - if s.redirect(w, r) { + if s.https != nil && r.TLS == nil && s.cfg.SSLConfig.Redirect { + s.redirect(w, r) return } @@ -362,21 +379,19 @@ func (s *Plugin) Status() checker.Status { } } -func (s *Plugin) redirect(w http.ResponseWriter, r *http.Request) bool { - if s.https != nil && r.TLS == nil && s.cfg.SSLConfig.Redirect { - target := &url.URL{ - Scheme: "https", - Host: s.tlsAddr(r.Host, false), - Path: r.URL.Path, - RawQuery: r.URL.RawQuery, - } - - http.Redirect(w, r, target.String(), http.StatusTemporaryRedirect) - return true +func (s *Plugin) redirect(w http.ResponseWriter, r *http.Request) { + target := &url.URL{ + Scheme: HTTPS_SCHEME, + // host or host:port + Host: s.tlsAddr(r.Host, false), + Path: r.URL.Path, + RawQuery: r.URL.RawQuery, } - return false + + http.Redirect(w, r, target.String(), http.StatusTemporaryRedirect) } +//go:inline func headerContainsUpgrade(r *http.Request, s *Plugin) bool { if _, ok := r.Header["Upgrade"]; ok { // https://golang.org/pkg/net/http/#Hijacker @@ -468,7 +483,7 @@ func (s *Plugin) initSSL() *http.Server { DefaultCipherSuites = append(DefaultCipherSuites, topCipherSuites...) DefaultCipherSuites = append(DefaultCipherSuites, defaultCipherSuitesTLS13...) - server := &http.Server{ + sslServer := &http.Server{ Addr: s.tlsAddr(s.cfg.Address, true), Handler: s, TLSConfig: &tls.Config{ @@ -484,7 +499,7 @@ func (s *Plugin) initSSL() *http.Server { }, } - return server + return sslServer } // init http/2 server |