mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-27 14:13:48 +03:00
Rough implementation of auto HTTP->HTTPS redirects
Also added GracePeriod for server shutdowns
This commit is contained in:
parent
8eba582efe
commit
e40bbecb16
5 changed files with 195 additions and 33 deletions
|
@ -9,7 +9,6 @@ import (
|
||||||
_ "bitbucket.org/lightcodelabs/caddy2/modules/caddyhttp/caddylog"
|
_ "bitbucket.org/lightcodelabs/caddy2/modules/caddyhttp/caddylog"
|
||||||
_ "bitbucket.org/lightcodelabs/caddy2/modules/caddyhttp/reverseproxy"
|
_ "bitbucket.org/lightcodelabs/caddy2/modules/caddyhttp/reverseproxy"
|
||||||
_ "bitbucket.org/lightcodelabs/caddy2/modules/caddyhttp/staticfiles"
|
_ "bitbucket.org/lightcodelabs/caddy2/modules/caddyhttp/staticfiles"
|
||||||
_ "bitbucket.org/lightcodelabs/caddy2/modules/caddyhttp/staticresp"
|
|
||||||
_ "bitbucket.org/lightcodelabs/caddy2/modules/caddytls"
|
_ "bitbucket.org/lightcodelabs/caddy2/modules/caddytls"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -30,13 +30,15 @@ func init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
type httpModuleConfig struct {
|
type httpModuleConfig struct {
|
||||||
|
HTTPPort int `json:"http_port"`
|
||||||
|
HTTPSPort int `json:"https_port"`
|
||||||
|
GracePeriod caddy2.Duration `json:"grace_period"`
|
||||||
Servers map[string]*httpServerConfig `json:"servers"`
|
Servers map[string]*httpServerConfig `json:"servers"`
|
||||||
|
|
||||||
servers []*http.Server
|
servers []*http.Server
|
||||||
}
|
}
|
||||||
|
|
||||||
func (hc *httpModuleConfig) Provision() error {
|
func (hc *httpModuleConfig) Provision() error {
|
||||||
// TODO: Either prevent overlapping listeners on different servers, or combine them into one
|
|
||||||
for _, srv := range hc.Servers {
|
for _, srv := range hc.Servers {
|
||||||
err := srv.Routes.setup()
|
err := srv.Routes.setup()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -51,6 +53,27 @@ func (hc *httpModuleConfig) Provision() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (hc *httpModuleConfig) Validate() error {
|
||||||
|
// each server must use distinct listener addresses
|
||||||
|
lnAddrs := make(map[string]string)
|
||||||
|
for srvName, srv := range hc.Servers {
|
||||||
|
for _, addr := range srv.Listen {
|
||||||
|
netw, expanded, err := parseListenAddr(addr)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("invalid listener address '%s': %v", addr, err)
|
||||||
|
}
|
||||||
|
for _, a := range expanded {
|
||||||
|
if sn, ok := lnAddrs[netw+a]; ok {
|
||||||
|
return fmt.Errorf("listener address repeated: %s (already claimed by server '%s')", a, sn)
|
||||||
|
}
|
||||||
|
lnAddrs[netw+a] = srvName
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func (hc *httpModuleConfig) Start(handle caddy2.Handle) error {
|
func (hc *httpModuleConfig) Start(handle caddy2.Handle) error {
|
||||||
err := hc.automaticHTTPS(handle)
|
err := hc.automaticHTTPS(handle)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -83,7 +106,12 @@ func (hc *httpModuleConfig) Start(handle caddy2.Handle) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// enable TLS
|
// enable TLS
|
||||||
if len(srv.TLSConnPolicies) > 0 {
|
httpPort := hc.HTTPPort
|
||||||
|
if httpPort == 0 {
|
||||||
|
httpPort = DefaultHTTPPort
|
||||||
|
}
|
||||||
|
_, port, _ := net.SplitHostPort(addr)
|
||||||
|
if len(srv.TLSConnPolicies) > 0 && port != strconv.Itoa(httpPort) {
|
||||||
tlsCfg, err := srv.TLSConnPolicies.TLSConfig(handle)
|
tlsCfg, err := srv.TLSConnPolicies.TLSConfig(handle)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("%s/%s: making TLS configuration: %v", network, addr, err)
|
return fmt.Errorf("%s/%s: making TLS configuration: %v", network, addr, err)
|
||||||
|
@ -100,9 +128,16 @@ func (hc *httpModuleConfig) Start(handle caddy2.Handle) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Stop gracefully shuts down the HTTP server.
|
||||||
func (hc *httpModuleConfig) Stop() error {
|
func (hc *httpModuleConfig) Stop() error {
|
||||||
|
ctx := context.Background()
|
||||||
|
if hc.GracePeriod > 0 {
|
||||||
|
var cancel context.CancelFunc
|
||||||
|
ctx, cancel = context.WithTimeout(ctx, time.Duration(hc.GracePeriod))
|
||||||
|
defer cancel()
|
||||||
|
}
|
||||||
for _, s := range hc.servers {
|
for _, s := range hc.servers {
|
||||||
err := s.Shutdown(context.Background()) // TODO
|
err := s.Shutdown(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -117,6 +152,9 @@ func (hc *httpModuleConfig) automaticHTTPS(handle caddy2.Handle) error {
|
||||||
}
|
}
|
||||||
tlsApp := tlsAppIface.(*caddytls.TLS)
|
tlsApp := tlsAppIface.(*caddytls.TLS)
|
||||||
|
|
||||||
|
lnAddrMap := make(map[string]struct{})
|
||||||
|
var redirRoutes routeList
|
||||||
|
|
||||||
for srvName, srv := range hc.Servers {
|
for srvName, srv := range hc.Servers {
|
||||||
srv.tlsApp = tlsApp
|
srv.tlsApp = tlsApp
|
||||||
|
|
||||||
|
@ -157,13 +195,93 @@ func (hc *httpModuleConfig) automaticHTTPS(handle caddy2.Handle) error {
|
||||||
{ALPN: defaultALPN},
|
{ALPN: defaultALPN},
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: create HTTP->HTTPS redirects
|
if srv.DisableAutoHTTPSRedir {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
// create HTTP->HTTPS redirects
|
||||||
|
for _, addr := range srv.Listen {
|
||||||
|
netw, host, port, err := splitListenAddr(addr)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("%s: invalid listener address: %v", srvName, addr)
|
||||||
|
}
|
||||||
|
httpRedirLnAddr := joinListenAddr(netw, host, strconv.Itoa(hc.HTTPPort))
|
||||||
|
lnAddrMap[httpRedirLnAddr] = struct{}{}
|
||||||
|
|
||||||
|
if parts := strings.SplitN(port, "-", 2); len(parts) == 2 {
|
||||||
|
port = parts[0]
|
||||||
|
}
|
||||||
|
redirTo := "https://{request.host}"
|
||||||
|
|
||||||
|
httpsPort := hc.HTTPSPort
|
||||||
|
if httpsPort == 0 {
|
||||||
|
httpsPort = DefaultHTTPSPort
|
||||||
|
}
|
||||||
|
if port != strconv.Itoa(httpsPort) {
|
||||||
|
redirTo += ":" + port
|
||||||
|
}
|
||||||
|
redirTo += "{request.uri}"
|
||||||
|
|
||||||
|
redirRoutes = append(redirRoutes, serverRoute{
|
||||||
|
matchers: []RouteMatcher{
|
||||||
|
matchProtocol("http"),
|
||||||
|
matchHost(domains),
|
||||||
|
},
|
||||||
|
responder: Static{
|
||||||
|
StatusCode: http.StatusTemporaryRedirect, // TODO: use permanent redirect instead
|
||||||
|
Headers: http.Header{
|
||||||
|
"Location": []string{redirTo},
|
||||||
|
"Connection": []string{"close"},
|
||||||
|
},
|
||||||
|
Close: true,
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(lnAddrMap) > 0 {
|
||||||
|
var lnAddrs []string
|
||||||
|
mapLoop:
|
||||||
|
for addr := range lnAddrMap {
|
||||||
|
netw, addrs, err := parseListenAddr(addr)
|
||||||
|
if err != nil {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
for _, a := range addrs {
|
||||||
|
if hc.listenerTaken(netw, a) {
|
||||||
|
continue mapLoop
|
||||||
|
}
|
||||||
|
}
|
||||||
|
lnAddrs = append(lnAddrs, addr)
|
||||||
|
}
|
||||||
|
hc.Servers["auto_https_redirects"] = &httpServerConfig{
|
||||||
|
Listen: lnAddrs,
|
||||||
|
Routes: redirRoutes,
|
||||||
|
DisableAutoHTTPS: true,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (hc *httpModuleConfig) listenerTaken(network, address string) bool {
|
||||||
|
for _, srv := range hc.Servers {
|
||||||
|
for _, addr := range srv.Listen {
|
||||||
|
netw, addrs, err := parseListenAddr(addr)
|
||||||
|
if err != nil || netw != network {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
for _, a := range addrs {
|
||||||
|
if a == address {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
var defaultALPN = []string{"h2", "http/1.1"}
|
var defaultALPN = []string{"h2", "http/1.1"}
|
||||||
|
|
||||||
type httpServerConfig struct {
|
type httpServerConfig struct {
|
||||||
|
@ -204,6 +322,7 @@ func (s httpServerConfig) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
// it can be accessed by error handlers
|
// it can be accessed by error handlers
|
||||||
c := context.WithValue(r.Context(), ErrorCtxKey, err)
|
c := context.WithValue(r.Context(), ErrorCtxKey, err)
|
||||||
r = r.WithContext(c)
|
r = r.WithContext(c)
|
||||||
|
// TODO: add error values to Replacer
|
||||||
|
|
||||||
if len(s.Errors.Routes) == 0 {
|
if len(s.Errors.Routes) == 0 {
|
||||||
// TODO: implement a default error handler?
|
// TODO: implement a default error handler?
|
||||||
|
@ -284,13 +403,11 @@ func (f HandlerFunc) ServeHTTP(w http.ResponseWriter, r *http.Request) error {
|
||||||
var emptyHandler HandlerFunc = func(w http.ResponseWriter, r *http.Request) error { return nil }
|
var emptyHandler HandlerFunc = func(w http.ResponseWriter, r *http.Request) error { return nil }
|
||||||
|
|
||||||
func parseListenAddr(a string) (network string, addrs []string, err error) {
|
func parseListenAddr(a string) (network string, addrs []string, err error) {
|
||||||
network = "tcp"
|
|
||||||
if idx := strings.Index(a, "/"); idx >= 0 {
|
|
||||||
network = strings.ToLower(strings.TrimSpace(a[:idx]))
|
|
||||||
a = a[idx+1:]
|
|
||||||
}
|
|
||||||
var host, port string
|
var host, port string
|
||||||
host, port, err = net.SplitHostPort(a)
|
network, host, port, err = splitListenAddr(a)
|
||||||
|
if network == "" {
|
||||||
|
network = "tcp"
|
||||||
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -317,6 +434,27 @@ func parseListenAddr(a string) (network string, addrs []string, err error) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func splitListenAddr(a string) (network, host, port string, err error) {
|
||||||
|
if idx := strings.Index(a, "/"); idx >= 0 {
|
||||||
|
network = strings.ToLower(strings.TrimSpace(a[:idx]))
|
||||||
|
a = a[idx+1:]
|
||||||
|
}
|
||||||
|
host, port, err = net.SplitHostPort(a)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
func joinListenAddr(network, host, port string) string {
|
||||||
|
var a string
|
||||||
|
if network != "" {
|
||||||
|
a = network + "/"
|
||||||
|
}
|
||||||
|
a += host
|
||||||
|
if port != "" {
|
||||||
|
a += ":" + port
|
||||||
|
}
|
||||||
|
return a
|
||||||
|
}
|
||||||
|
|
||||||
type middlewareResponseWriter struct {
|
type middlewareResponseWriter struct {
|
||||||
*ResponseWriterWrapper
|
*ResponseWriterWrapper
|
||||||
allowWrites bool
|
allowWrites bool
|
||||||
|
@ -336,7 +474,16 @@ func (mrw middlewareResponseWriter) Write(b []byte) (int, error) {
|
||||||
return mrw.ResponseWriterWrapper.Write(b)
|
return mrw.ResponseWriterWrapper.Write(b)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ReplacerCtxKey is the context key for the request's replacer.
|
||||||
const ReplacerCtxKey caddy2.CtxKey = "replacer"
|
const ReplacerCtxKey caddy2.CtxKey = "replacer"
|
||||||
|
|
||||||
|
const (
|
||||||
|
// DefaultHTTPPort is the default port for HTTP.
|
||||||
|
DefaultHTTPPort = 80
|
||||||
|
|
||||||
|
// DefaultHTTPSPort is the default port for HTTPS.
|
||||||
|
DefaultHTTPSPort = 443
|
||||||
|
)
|
||||||
|
|
||||||
// Interface guards
|
// Interface guards
|
||||||
var _ HTTPInterfaces = middlewareResponseWriter{}
|
var _ HTTPInterfaces = middlewareResponseWriter{}
|
||||||
|
|
|
@ -68,17 +68,11 @@ func (m matchScript) Match(r *http.Request) bool {
|
||||||
func (m matchProtocol) Match(r *http.Request) bool {
|
func (m matchProtocol) Match(r *http.Request) bool {
|
||||||
switch string(m) {
|
switch string(m) {
|
||||||
case "grpc":
|
case "grpc":
|
||||||
if r.Header.Get("content-type") == "application/grpc" {
|
return r.Header.Get("content-type") == "application/grpc"
|
||||||
return true
|
|
||||||
}
|
|
||||||
case "https":
|
case "https":
|
||||||
if r.TLS != nil {
|
return r.TLS != nil
|
||||||
return true
|
|
||||||
}
|
|
||||||
case "http":
|
case "http":
|
||||||
if r.TLS == nil {
|
return r.TLS == nil
|
||||||
return true
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return false
|
return false
|
||||||
|
|
|
@ -1,10 +1,14 @@
|
||||||
package caddyhttp
|
package caddyhttp
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// Replacer can replace values in strings based
|
||||||
|
// on a request and/or response writer.
|
||||||
type Replacer struct {
|
type Replacer struct {
|
||||||
req *http.Request
|
req *http.Request
|
||||||
resp http.ResponseWriter
|
resp http.ResponseWriter
|
||||||
|
@ -42,15 +46,33 @@ func (r *Replacer) replaceAll(input, empty string, mapping map[string]string) st
|
||||||
|
|
||||||
func (r *Replacer) defaults() map[string]string {
|
func (r *Replacer) defaults() map[string]string {
|
||||||
m := map[string]string{
|
m := map[string]string{
|
||||||
"host": r.req.Host,
|
"request.host": func() string {
|
||||||
"method": r.req.Method,
|
host, _, err := net.SplitHostPort(r.req.Host)
|
||||||
"scheme": func() string {
|
if err != nil {
|
||||||
|
return r.req.Host // OK; there probably was no port
|
||||||
|
}
|
||||||
|
return host
|
||||||
|
}(),
|
||||||
|
"request.hostport": r.req.Host, // may include both host and port
|
||||||
|
"request.method": r.req.Method,
|
||||||
|
"request.port": func() string {
|
||||||
|
// if there is no port, there will be an error; in
|
||||||
|
// that case, port is the empty string anyway
|
||||||
|
_, port, _ := net.SplitHostPort(r.req.Host)
|
||||||
|
return port
|
||||||
|
}(),
|
||||||
|
"request.scheme": func() string {
|
||||||
if r.req.TLS != nil {
|
if r.req.TLS != nil {
|
||||||
return "https"
|
return "https"
|
||||||
}
|
}
|
||||||
return "http"
|
return "http"
|
||||||
}(),
|
}(),
|
||||||
"uri": r.req.URL.RequestURI(),
|
"request.uri": r.req.URL.RequestURI(),
|
||||||
|
"system.hostname": func() string {
|
||||||
|
// OK if there is an error; just return empty string
|
||||||
|
name, _ := os.Hostname()
|
||||||
|
return name
|
||||||
|
}(),
|
||||||
}
|
}
|
||||||
|
|
||||||
for field, vals := range r.req.Header {
|
for field, vals := range r.req.Header {
|
||||||
|
|
|
@ -1,11 +1,10 @@
|
||||||
package staticresp
|
package caddyhttp
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
"bitbucket.org/lightcodelabs/caddy2"
|
"bitbucket.org/lightcodelabs/caddy2"
|
||||||
"bitbucket.org/lightcodelabs/caddy2/modules/caddyhttp"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
@ -16,15 +15,16 @@ func init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Static implements a simple responder for static responses.
|
// Static implements a simple responder for static responses.
|
||||||
|
// It is Caddy's default responder. TODO: Or is it?
|
||||||
type Static struct {
|
type Static struct {
|
||||||
StatusCode int `json:"status_code"`
|
StatusCode int `json:"status_code"`
|
||||||
Headers map[string][]string `json:"headers"`
|
Headers http.Header `json:"headers"`
|
||||||
Body string `json:"body"`
|
Body string `json:"body"`
|
||||||
Close bool `json:"close"`
|
Close bool `json:"close"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s Static) ServeHTTP(w http.ResponseWriter, r *http.Request) error {
|
func (s Static) ServeHTTP(w http.ResponseWriter, r *http.Request) error {
|
||||||
repl := r.Context().Value(caddyhttp.ReplacerCtxKey).(*caddyhttp.Replacer)
|
repl := r.Context().Value(ReplacerCtxKey).(*Replacer)
|
||||||
|
|
||||||
// close the connection
|
// close the connection
|
||||||
r.Close = s.Close
|
r.Close = s.Close
|
||||||
|
@ -54,4 +54,4 @@ func (s Static) ServeHTTP(w http.ResponseWriter, r *http.Request) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Interface guard
|
// Interface guard
|
||||||
var _ caddyhttp.Handler = (*Static)(nil)
|
var _ Handler = (*Static)(nil)
|
Loading…
Reference in a new issue