Make a ROOT_CA path optional

Signed-off-by: Valery Piashchynski <[email protected]>
author: Valery Piashchynski <[email protected]> 2021-03-13 15:42:42 +0300
committer: Valery Piashchynski <[email protected]> 2021-03-13 15:42:42 +0300
commit: b7a1b49fe6b0b8dc162fbbc2f167bf83d74cf217 (patch)
tree: e84e7ee9e02d5932e8e5e44f635d647de4833b0a /plugins/http
parent: 223bcc0885a7e660a27956093e6efbad83542c81 (diff)
3 files changed, 74 insertions, 72 deletions
diff --git a/plugins/http/config/http.go b/plugins/http/config/http.go
index 022476e2..d48ed022 100644
--- a/plugins/http/config/http.go
+++ b/plugins/http/config/http.go
@@ -53,7 +53,7 @@ func (c *HTTP) EnableHTTP() bool {
 
 // EnableTLS returns true if pool must listen TLS connections.
 func (c *HTTP) EnableTLS() bool {
-	return c.SSLConfig.Key != "" || c.SSLConfig.Cert != "" || c.SSLConfig.RootCA != ""
+	return c.SSLConfig.Key != "" || c.SSLConfig.Cert != ""
 }
 
 // EnableH2C when HTTP/2 extension must be enabled on TCP.
diff --git a/plugins/http/config/ssl.go b/plugins/http/config/ssl.go
index eb2b72b5..d44703f9 100644
--- a/plugins/http/config/ssl.go
+++ b/plugins/http/config/ssl.go
@@ -40,7 +40,7 @@ func (s *SSL) Valid() error {
 	// use 0.0.0.0 as host and 443 as port
 	case 2:
 		if parts[0] == "" {
-			s.host = "0.0.0.0"
+			s.host = "127.0.0.1"
 		} else {
 			s.host = parts[0]
 		}
diff --git a/plugins/http/plugin.go b/plugins/http/plugin.go
index d9903d65..59f8a9d7 100644
--- a/plugins/http/plugin.go
+++ b/plugins/http/plugin.go
@@ -182,59 +182,86 @@ func (s *Plugin) Serve() chan error {
 		s.fcgi = &http.Server{Handler: s}
 	}
 
-	// apply middlewares before starting the server
-	if len(s.mdwr) > 0 {
-		s.addMiddlewares()
+	// start http, https and fcgi servers if requested in the config
+	go func() {
+		s.serveHTTP(errCh)
+	}()
+
+	go func() {
+		s.serveHTTPS(errCh)
+	}()
+
+	go func() {
+		s.serveFCGI(errCh)
+	}()
+
+	return errCh
+}
+
+func (s *Plugin) serveHTTP(errCh chan error) {
+	if s.http == nil {
+		return
 	}
 
-	if s.http != nil {
-		go func() {
-			l, err := utils.CreateListener(s.cfg.Address)
-			if err != nil {
-				errCh <- errors.E(op, err)
-				return
-			}
+	const op = errors.Op("http_plugin_serve_http")
+	applyMiddlewares(s.http, s.mdwr, s.cfg.Middleware, s.log)
+	l, err := utils.CreateListener(s.cfg.Address)
+	if err != nil {
+		errCh <- errors.E(op, err)
+		return
+	}
 
-			err = s.http.Serve(l)
-			if err != nil && err != http.ErrServerClosed {
-				errCh <- errors.E(op, err)
-				return
-			}
-		}()
+	err = s.http.Serve(l)
+	if err != nil && err != http.ErrServerClosed {
+		errCh <- errors.E(op, err)
+		return
 	}
+}
 
-	if s.https != nil {
-		go func() {
-			l, err := utils.CreateListener(s.cfg.SSLConfig.Address)
-			if err != nil {
-				errCh <- errors.E(op, err)
-				return
-			}
+func (s *Plugin) serveHTTPS(errCh chan error) {
+	if s.https == nil {
+		return
+	}
 
-			err = s.https.ServeTLS(
-				l,
-				s.cfg.SSLConfig.Cert,
-				s.cfg.SSLConfig.Key,
-			)
+	const op = errors.Op("http_plugin_serve_https")
+	applyMiddlewares(s.https, s.mdwr, s.cfg.Middleware, s.log)
+	l, err := utils.CreateListener(s.cfg.SSLConfig.Address)
+	if err != nil {
+		errCh <- errors.E(op, err)
+		return
+	}
 
-			if err != nil && err != http.ErrServerClosed {
-				errCh <- errors.E(op, err)
-				return
-			}
-		}()
+	err = s.https.ServeTLS(
+		l,
+		s.cfg.SSLConfig.Cert,
+		s.cfg.SSLConfig.Key,
+	)
+
+	if err != nil && err != http.ErrServerClosed {
+		errCh <- errors.E(op, err)
+		return
 	}
+}
 
-	if s.fcgi != nil {
-		go func() {
-			httpErr := s.serveFCGI()
-			if httpErr != nil && httpErr != http.ErrServerClosed {
-				errCh <- errors.E(op, httpErr)
-				return
-			}
-		}()
+// serveFCGI starts FastCGI server.
+func (s *Plugin) serveFCGI(errCh chan error) {
+	if s.fcgi == nil {
+		return
 	}
 
-	return errCh
+	const op = errors.Op("http_plugin_serve_fcgi")
+	applyMiddlewares(s.fcgi, s.mdwr, s.cfg.Middleware, s.log)
+	l, err := utils.CreateListener(s.cfg.FCGIConfig.Address)
+	if err != nil {
+		errCh <- errors.E(op, err)
+		return
+	}
+
+	err = fcgi.Serve(l, s.fcgi.Handler)
+	if err != nil && err != http.ErrServerClosed {
+		errCh <- errors.E(op, err)
+		return
+	}
 }
 
 // Stop stops the http.
@@ -505,21 +532,6 @@ func (s *Plugin) initHTTP2() error {
 	})
 }
 
-// serveFCGI starts FastCGI server.
-func (s *Plugin) serveFCGI() error {
-	l, err := utils.CreateListener(s.cfg.FCGIConfig.Address)
-	if err != nil {
-		return err
-	}
-
-	err = fcgi.Serve(l, s.fcgi.Handler)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
 // tlsAddr replaces listen or host port with port configured by SSLConfig config.
 func (s *Plugin) tlsAddr(host string, forcePort bool) string {
 	// remove current forcePort first
@@ -532,20 +544,10 @@ func (s *Plugin) tlsAddr(host string, forcePort bool) string {
 	return host
 }
 
-func (s *Plugin) addMiddlewares() {
-	if s.http != nil {
-		applyMiddlewares(s.http, s.mdwr, s.cfg.Middleware, s.log)
-	}
-	if s.https != nil {
-		applyMiddlewares(s.https, s.mdwr, s.cfg.Middleware, s.log)
-	}
-
-	if s.fcgi != nil {
-		applyMiddlewares(s.fcgi, s.mdwr, s.cfg.Middleware, s.log)
-	}
-}
-
 func applyMiddlewares(server *http.Server, middlewares map[string]Middleware, order []string, log logger.Logger) {
+	if len(middlewares) == 0 {
+		return
+	}
 	for i := 0; i < len(order); i++ {
 		if mdwr, ok := middlewares[order[i]]; ok {
 			server.Handler = mdwr.Middleware(server.Handler)
author	Valery Piashchynski <[email protected]>	2021-03-13 15:42:42 +0300
committer	Valery Piashchynski <[email protected]>	2021-03-13 15:42:42 +0300
commit	b7a1b49fe6b0b8dc162fbbc2f167bf83d74cf217 (patch)
tree	e84e7ee9e02d5932e8e5e44f635d647de4833b0a /plugins/http
parent	223bcc0885a7e660a27956093e6efbad83542c81 (diff)