Merge pull request #2 from steigr/feature/proxy-protocol

Feature/proxy protocol
This commit is contained in:
Björn Busse 2018-03-06 23:50:57 +01:00 committed by GitHub
commit a3ce9988ff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 33 additions and 21 deletions

View File

@ -25,8 +25,6 @@ import (
"strings" "strings"
"sync" "sync"
"time" "time"
proxyproto "github.com/Freeaqingme/go-proxyproto"
) )
const ( const (
@ -39,7 +37,7 @@ var (
) )
type Client struct { type Client struct {
conn *proxyproto.Conn conn net.Conn
registered bool registered bool
nickname *string nickname *string
username *string username *string
@ -73,7 +71,7 @@ func (c *Client) Match(other string) bool {
return strings.ToLower(*c.nickname) == strings.ToLower(other) return strings.ToLower(*c.nickname) == strings.ToLower(other)
} }
func NewClient(conn *proxyproto.Conn) *Client { func NewClient(conn net.Conn) *Client {
nickname := "*" nickname := "*"
username := "" username := ""
realname := "" realname := ""

View File

@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
[[ -f examples/proxy-protocol/haproxy.pid ]] && rm examples/proxy-protocol/haproxy.pid [[ -f examples/proxy-protocol/haproxy.pid ]] && rm examples/proxy-protocol/haproxy.pid
fail() { echjo "$*"; exit 1; } fail() { echo "$*"; exit 1; }
set -x set -x
which haproxy || fail haproxy is missing which haproxy || fail haproxy is missing

View File

@ -32,6 +32,10 @@ import (
proxyproto "github.com/Freeaqingme/go-proxyproto" proxyproto "github.com/Freeaqingme/go-proxyproto"
) )
const (
PROXY_TIMEOUT = 5
)
var ( var (
version string version string
hostname = flag.String("hostname", "localhost", "Hostname") hostname = flag.String("hostname", "localhost", "Hostname")
@ -42,13 +46,10 @@ var (
passwords = flag.String("passwords", "", "Optional path to passwords file") passwords = flag.String("passwords", "", "Optional path to passwords file")
tlsBind = flag.String("tlsbind", "", "TLS address to bind to") tlsBind = flag.String("tlsbind", "", "TLS address to bind to")
tlsPEM = flag.String("tlspem", "", "Path to TLS certificat+key PEM file") tlsPEM = flag.String("tlspem", "", "Path to TLS certificat+key PEM file")
proxyTimeout = flag.Uint("proxytimeout", PROXY_TIMEOUT, "Timeout when using proxy protocol")
verbose = flag.Bool("v", false, "Enable verbose logging.") verbose = flag.Bool("v", false, "Enable verbose logging.")
) )
const (
PROXY_TIMEOUT = 5 * time.Second
)
func listenerLoop(sock net.Listener, events chan ClientEvent) { func listenerLoop(sock net.Listener, events chan ClientEvent) {
for { for {
conn, err := sock.Accept() conn, err := sock.Accept()
@ -56,8 +57,7 @@ func listenerLoop(sock net.Listener, events chan ClientEvent) {
log.Println("Error during accepting connection", err) log.Println("Error during accepting connection", err)
continue continue
} }
proxied_conn := proxyproto.NewConn(conn, PROXY_TIMEOUT) client := NewClient(conn)
client := NewClient(proxied_conn)
go client.Processor(events) go client.Processor(events)
} }
} }
@ -114,25 +114,39 @@ func Run() {
log.Println(*statedir, "statekeeper initialized") log.Println(*statedir, "statekeeper initialized")
} }
proxyTimeout := time.Duration(uint(*proxyTimeout)) * time.Second
if *bind != "" { if *bind != "" {
listener, err := net.Listen("tcp", *bind) listener, err := net.Listen("tcp", *bind)
if err != nil { if err != nil {
log.Fatalf("Can not listen on %s: %v", *bind, err) log.Fatalf("Can not listen on %s: %v", *bind, err)
} }
// Add PROXY-Protocol support
listener = &proxyproto.Listener{Listener: listener, ProxyHeaderTimeout: proxyTimeout}
log.Println("Raw listening on", *bind) log.Println("Raw listening on", *bind)
go listenerLoop(listener, events) go listenerLoop(listener, events)
} }
if *tlsBind != "" { if *tlsBind != "" {
cert, err := tls.LoadX509KeyPair(*tlsPEM, *tlsPEM) cert, err := tls.LoadX509KeyPair(*tlsPEM, *tlsPEM)
if err != nil { if err != nil {
log.Fatalf("Could not load TLS keys from %s: %s", *tlsPEM, err) log.Fatalf("Could not load TLS keys from %s: %s", *tlsPEM, err)
} }
config := tls.Config{Certificates: []tls.Certificate{cert}} config := tls.Config{Certificates: []tls.Certificate{cert}}
listenerTLS, err := tls.Listen("tcp", *tlsBind, &config)
listenerTLS, err := net.Listen("tcp", *tlsBind)
if err != nil { if err != nil {
log.Fatalf("Can not listen on %s: %v", *tlsBind, err) log.Fatalf("Can not listen on %s: %v", *tlsBind, err)
} }
log.Println("TLS listening on", *tlsBind) log.Println("TLS listening on", *tlsBind)
// Add PROXY-Protocol support
listenerTLS = &proxyproto.Listener{Listener: listenerTLS, ProxyHeaderTimeout: proxyTimeout}
listenerTLS = tls.NewListener(listenerTLS, &config)
go listenerLoop(listenerTLS, events) go listenerLoop(listenerTLS, events)
} }
Processor(events, make(chan struct{})) Processor(events, make(chan struct{}))