netbird/relay/cmd/main.go

package main

import (
	"crypto/tls"
	"fmt"
	"os"
	"os/signal"
	"syscall"
	"time"

	log "github.com/sirupsen/logrus"
	"github.com/spf13/cobra"

	"github.com/netbirdio/netbird/encryption"
	auth "github.com/netbirdio/netbird/relay/auth/hmac"
	"github.com/netbirdio/netbird/relay/server"
	"github.com/netbirdio/netbird/util"
)

type Config struct {
	ListenAddress string
	// in HA every peer connect to a common domain, the instance domain has been distributed during the p2p connection
	// it is a domain:port or ip:port
	ExposedAddress     string
	LetsencryptDataDir string
	LetsencryptDomains []string
	TlsCertFile        string
	TlsKeyFile         string
	AuthSecret         string
}

func (c Config) Validate() error {
	if c.ExposedAddress == "" {
		return fmt.Errorf("exposed address is required")
	}
	if c.AuthSecret == "" {
		return fmt.Errorf("auth secret is required")
	}
	return nil
}

func (c Config) HasCertConfig() bool {
	return c.TlsCertFile != "" && c.TlsKeyFile != ""
}

func (c Config) HasLetsEncrypt() bool {
	return c.LetsencryptDataDir != "" && c.LetsencryptDomains != nil && len(c.LetsencryptDomains) > 0
}

var (
	cobraConfig *Config
	cfgFile     string
	rootCmd     = &cobra.Command{
		Use:   "relay",
		Short: "Relay service",
		Long:  "Relay service for Netbird agents",
		Run:   execute,
	}
)

func init() {
	_ = util.InitLog("trace", "console")
	cobraConfig = &Config{}
	rootCmd.PersistentFlags().StringVarP(&cfgFile, "config-file", "f", "/etc/netbird/relay.json", "Relay server config file location")
	rootCmd.PersistentFlags().StringVarP(&cobraConfig.ListenAddress, "listen-address", "l", ":443", "listen address")
	rootCmd.PersistentFlags().StringVarP(&cobraConfig.ExposedAddress, "exposed-address", "e", "", "instance domain address (or ip) and port, it will be distributes between peers")
	rootCmd.PersistentFlags().StringVarP(&cobraConfig.LetsencryptDataDir, "letsencrypt-data-dir", "d", "", "a directory to store Let's Encrypt data. Required if Let's Encrypt is enabled.")
	rootCmd.PersistentFlags().StringArrayVarP(&cobraConfig.LetsencryptDomains, "letsencrypt-domains", "a", nil, "list of domains to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS")
	rootCmd.PersistentFlags().StringVarP(&cobraConfig.TlsCertFile, "tls-cert-file", "c", "", "")
	rootCmd.PersistentFlags().StringVarP(&cobraConfig.TlsKeyFile, "tls-key-file", "k", "", "")
	rootCmd.PersistentFlags().StringVarP(&cobraConfig.AuthSecret, "auth-secret", "s", "", "log level")
}

func waitForExitSignal() {
	osSigs := make(chan os.Signal, 1)
	signal.Notify(osSigs, syscall.SIGINT, syscall.SIGTERM)
	<-osSigs
}

func loadConfig(configFile string) (*Config, error) {
	log.Infof("loading config from: %s", configFile)
	loadedConfig := &Config{}
	_, err := util.ReadJson(configFile, loadedConfig)
	if err != nil {
		return nil, err
	}
	if cobraConfig.ListenAddress != "" {
		loadedConfig.ListenAddress = cobraConfig.ListenAddress
	}

	if cobraConfig.ExposedAddress != "" {
		loadedConfig.ExposedAddress = cobraConfig.ExposedAddress
	}
	if cobraConfig.LetsencryptDataDir != "" {
		loadedConfig.LetsencryptDataDir = cobraConfig.LetsencryptDataDir
	}
	if len(cobraConfig.LetsencryptDomains) > 0 {
		loadedConfig.LetsencryptDomains = cobraConfig.LetsencryptDomains
	}
	if cobraConfig.TlsCertFile != "" {
		loadedConfig.TlsCertFile = cobraConfig.TlsCertFile
	}
	if cobraConfig.TlsKeyFile != "" {
		loadedConfig.TlsKeyFile = cobraConfig.TlsKeyFile
	}
	if cobraConfig.AuthSecret != "" {
		loadedConfig.AuthSecret = cobraConfig.AuthSecret
	}

	return loadedConfig, err
}

func execute(cmd *cobra.Command, args []string) {
	cfg, err := loadConfig(cfgFile)
	if err != nil {
		log.Errorf("failed to load config: %s", err)
		os.Exit(1)
	}

	err = cfg.Validate()
	if err != nil {
		log.Errorf("invalid config: %s", err)
		os.Exit(1)
	}

	srvListenerCfg := server.ListenerConfig{
		Address: cfg.ListenAddress,
	}
	if cfg.HasLetsEncrypt() {
		tlsCfg, err := setupTLSCertManager(cfg.LetsencryptDataDir, cfg.LetsencryptDomains...)
		if err != nil {
			log.Errorf("%s", err)
			os.Exit(1)
		}
		srvListenerCfg.TLSConfig = tlsCfg
	} else if cfg.HasCertConfig() {
		tlsCfg, err := encryption.LoadTLSConfig(cfg.TlsCertFile, cfg.TlsKeyFile)
		if err != nil {
			log.Errorf("%s", err)
			os.Exit(1)
		}
		srvListenerCfg.TLSConfig = tlsCfg
	}

	tlsSupport := srvListenerCfg.TLSConfig != nil

	authenticator := auth.NewTimedHMACValidator(cfg.AuthSecret, 24*time.Hour)
	srv := server.NewServer(cfg.ExposedAddress, tlsSupport, authenticator)
	log.Infof("server will be available on: %s", srv.InstanceURL())
	err = srv.Listen(srvListenerCfg)
	if err != nil {
		log.Errorf("failed to bind server: %s", err)
		os.Exit(1)
	}

	waitForExitSignal()

	err = srv.Close()
	if err != nil {
		log.Errorf("failed to close server: %s", err)
		os.Exit(1)
	}
}

func setupTLSCertManager(letsencryptDataDir string, letsencryptDomains ...string) (*tls.Config, error) {
	certManager, err := encryption.CreateCertManager(letsencryptDataDir, letsencryptDomains...)
	if err != nil {
		return nil, fmt.Errorf("failed creating LetsEncrypt cert manager: %v", err)
	}
	return certManager.TLSConfig(), nil
}

func main() {
	err := rootCmd.Execute()
	if err != nil {
		os.Exit(1)
	}
}
Add relay cmd 2024-05-17 20:24:06 +02:00			`package main`

			`import (`
Fix ssl configuration 2024-07-01 11:50:18 +02:00			`"crypto/tls"`
			`"fmt"`
Add relay cmd 2024-05-17 20:24:06 +02:00			`"os"`
Close sockets on server cmd 2024-05-27 09:42:27 +02:00			`"os/signal"`
			`"syscall"`
Fix parameters of tests 2024-07-08 17:01:11 +02:00			`"time"`
Remove channel binding logic 2024-05-23 13:24:02 +02:00
Add relay cmd 2024-05-17 20:24:06 +02:00			`log "github.com/sirupsen/logrus"`
Extend the cmd with argument handling - add cobra to relay server - add logger instance for handshaker 2024-06-19 17:40:16 +02:00			`"github.com/spf13/cobra"`
Add relay cmd 2024-05-17 20:24:06 +02:00
Fix ssl configuration 2024-07-01 11:50:18 +02:00			`"github.com/netbirdio/netbird/encryption"`
Fix parameters of tests 2024-07-08 17:01:11 +02:00			`auth "github.com/netbirdio/netbird/relay/auth/hmac"`
Add relay cmd 2024-05-17 20:24:06 +02:00			`"github.com/netbirdio/netbird/relay/server"`
Close sockets on server cmd 2024-05-27 09:42:27 +02:00			`"github.com/netbirdio/netbird/util"`
Add relay cmd 2024-05-17 20:24:06 +02:00			`)`

Add config file handling 2024-07-17 17:10:33 +02:00			`type Config struct {`
			`ListenAddress string`
Add exposed address 2024-07-02 11:57:17 +02:00			`// in HA every peer connect to a common domain, the instance domain has been distributed during the p2p connection`
- add file based cert - print out the exposed address - handle empty exposed address 2024-07-03 15:03:57 +02:00			`// it is a domain:port or ip:port`
Add config file handling 2024-07-17 17:10:33 +02:00			`ExposedAddress string`
			`LetsencryptDataDir string`
			`LetsencryptDomains []string`
			`TlsCertFile string`
			`TlsKeyFile string`
			`AuthSecret string`
			`}`

			`func (c Config) Validate() error {`
			`if c.ExposedAddress == "" {`
			`return fmt.Errorf("exposed address is required")`
			`}`
			`if c.AuthSecret == "" {`
			`return fmt.Errorf("auth secret is required")`
			`}`
			`return nil`
			`}`

			`func (c Config) HasCertConfig() bool {`
			`return c.TlsCertFile != "" && c.TlsKeyFile != ""`
			`}`

			`func (c Config) HasLetsEncrypt() bool {`
			`return c.LetsencryptDataDir != "" && c.LetsencryptDomains != nil && len(c.LetsencryptDomains) > 0`
			`}`

			`var (`
			`cobraConfig *Config`
			`cfgFile string`
			`rootCmd = &cobra.Command{`
Extend the cmd with argument handling - add cobra to relay server - add logger instance for handshaker 2024-06-19 17:40:16 +02:00			`Use: "relay",`
			`Short: "Relay service",`
			`Long: "Relay service for Netbird agents",`
			`Run: execute,`
			`}`
			`)`

Add relay cmd 2024-05-17 20:24:06 +02:00			`func init() {`
Extend the cmd with argument handling - add cobra to relay server - add logger instance for handshaker 2024-06-19 17:40:16 +02:00			`_ = util.InitLog("trace", "console")`
Add config file handling 2024-07-17 17:10:33 +02:00			`cobraConfig = &Config{}`
			`rootCmd.PersistentFlags().StringVarP(&cfgFile, "config-file", "f", "/etc/netbird/relay.json", "Relay server config file location")`
			`rootCmd.PersistentFlags().StringVarP(&cobraConfig.ListenAddress, "listen-address", "l", ":443", "listen address")`
			`rootCmd.PersistentFlags().StringVarP(&cobraConfig.ExposedAddress, "exposed-address", "e", "", "instance domain address (or ip) and port, it will be distributes between peers")`
			`rootCmd.PersistentFlags().StringVarP(&cobraConfig.LetsencryptDataDir, "letsencrypt-data-dir", "d", "", "a directory to store Let's Encrypt data. Required if Let's Encrypt is enabled.")`
			`rootCmd.PersistentFlags().StringArrayVarP(&cobraConfig.LetsencryptDomains, "letsencrypt-domains", "a", nil, "list of domains to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS")`
			`rootCmd.PersistentFlags().StringVarP(&cobraConfig.TlsCertFile, "tls-cert-file", "c", "", "")`
			`rootCmd.PersistentFlags().StringVarP(&cobraConfig.TlsKeyFile, "tls-key-file", "k", "", "")`
			`rootCmd.PersistentFlags().StringVarP(&cobraConfig.AuthSecret, "auth-secret", "s", "", "log level")`
Add relay cmd 2024-05-17 20:24:06 +02:00			`}`

Close sockets on server cmd 2024-05-27 09:42:27 +02:00			`func waitForExitSignal() {`
			`osSigs := make(chan os.Signal, 1)`
			`signal.Notify(osSigs, syscall.SIGINT, syscall.SIGTERM)`
Fix logic 2024-06-25 15:13:08 +02:00			`<-osSigs`
Close sockets on server cmd 2024-05-27 09:42:27 +02:00			`}`
Add relay cmd 2024-05-17 20:24:06 +02:00
Add config file handling 2024-07-17 17:10:33 +02:00			`func loadConfig(configFile string) (*Config, error) {`
			`log.Infof("loading config from: %s", configFile)`
			`loadedConfig := &Config{}`
			`_, err := util.ReadJson(configFile, loadedConfig)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if cobraConfig.ListenAddress != "" {`
			`loadedConfig.ListenAddress = cobraConfig.ListenAddress`
			`}`

			`if cobraConfig.ExposedAddress != "" {`
			`loadedConfig.ExposedAddress = cobraConfig.ExposedAddress`
			`}`
			`if cobraConfig.LetsencryptDataDir != "" {`
			`loadedConfig.LetsencryptDataDir = cobraConfig.LetsencryptDataDir`
			`}`
			`if len(cobraConfig.LetsencryptDomains) > 0 {`
			`loadedConfig.LetsencryptDomains = cobraConfig.LetsencryptDomains`
			`}`
			`if cobraConfig.TlsCertFile != "" {`
			`loadedConfig.TlsCertFile = cobraConfig.TlsCertFile`
			`}`
			`if cobraConfig.TlsKeyFile != "" {`
			`loadedConfig.TlsKeyFile = cobraConfig.TlsKeyFile`
			`}`
			`if cobraConfig.AuthSecret != "" {`
			`loadedConfig.AuthSecret = cobraConfig.AuthSecret`
			`}`

			`return loadedConfig, err`
			`}`

Extend the cmd with argument handling - add cobra to relay server - add logger instance for handshaker 2024-06-19 17:40:16 +02:00			`func execute(cmd *cobra.Command, args []string) {`
Add config file handling 2024-07-17 17:10:33 +02:00			`cfg, err := loadConfig(cfgFile)`
			`if err != nil {`
			`log.Errorf("failed to load config: %s", err)`
- add file based cert - print out the exposed address - handle empty exposed address 2024-07-03 15:03:57 +02:00			`os.Exit(1)`
			`}`

Add config file handling 2024-07-17 17:10:33 +02:00			`err = cfg.Validate()`
			`if err != nil {`
			`log.Errorf("invalid config: %s", err)`
Integrate the relay authentication 2024-07-05 16:12:30 +02:00			`os.Exit(1)`
			`}`

Add exposed address 2024-07-02 11:57:17 +02:00			`srvListenerCfg := server.ListenerConfig{`
Add config file handling 2024-07-17 17:10:33 +02:00			`Address: cfg.ListenAddress,`
Fix ssl configuration 2024-07-01 11:50:18 +02:00			`}`
Add config file handling 2024-07-17 17:10:33 +02:00			`if cfg.HasLetsEncrypt() {`
			`tlsCfg, err := setupTLSCertManager(cfg.LetsencryptDataDir, cfg.LetsencryptDomains...)`
Fix ssl configuration 2024-07-01 11:50:18 +02:00			`if err != nil {`
			`log.Errorf("%s", err)`
			`os.Exit(1)`
			`}`
- add file based cert - print out the exposed address - handle empty exposed address 2024-07-03 15:03:57 +02:00			`srvListenerCfg.TLSConfig = tlsCfg`
Add config file handling 2024-07-17 17:10:33 +02:00			`} else if cfg.HasCertConfig() {`
			`tlsCfg, err := encryption.LoadTLSConfig(cfg.TlsCertFile, cfg.TlsKeyFile)`
- add file based cert - print out the exposed address - handle empty exposed address 2024-07-03 15:03:57 +02:00			`if err != nil {`
			`log.Errorf("%s", err)`
			`os.Exit(1)`
			`}`
			`srvListenerCfg.TLSConfig = tlsCfg`
Fix ssl configuration 2024-07-01 11:50:18 +02:00			`}`

Add exposed address 2024-07-02 11:57:17 +02:00			`tlsSupport := srvListenerCfg.TLSConfig != nil`
Fix parameters of tests 2024-07-08 17:01:11 +02:00
Add config file handling 2024-07-17 17:10:33 +02:00			`authenticator := auth.NewTimedHMACValidator(cfg.AuthSecret, 24*time.Hour)`
			`srv := server.NewServer(cfg.ExposedAddress, tlsSupport, authenticator)`
- add file based cert - print out the exposed address - handle empty exposed address 2024-07-03 15:03:57 +02:00			`log.Infof("server will be available on: %s", srv.InstanceURL())`
Add config file handling 2024-07-17 17:10:33 +02:00			`err = srv.Listen(srvListenerCfg)`
Add relay cmd 2024-05-17 20:24:06 +02:00			`if err != nil {`
			`log.Errorf("failed to bind server: %s", err)`
			`os.Exit(1)`
			`}`
Fix in client the close event 2024-05-26 22:14:33 +02:00
Close sockets on server cmd 2024-05-27 09:42:27 +02:00			`waitForExitSignal()`

			`err = srv.Close()`
			`if err != nil {`
			`log.Errorf("failed to close server: %s", err)`
			`os.Exit(1)`
			`}`
Add relay cmd 2024-05-17 20:24:06 +02:00			`}`
Extend the cmd with argument handling - add cobra to relay server - add logger instance for handshaker 2024-06-19 17:40:16 +02:00
Add config file handling 2024-07-17 17:10:33 +02:00			`func setupTLSCertManager(letsencryptDataDir string, letsencryptDomains ...string) (*tls.Config, error) {`
Add exposed address 2024-07-02 11:57:17 +02:00			`certManager, err := encryption.CreateCertManager(letsencryptDataDir, letsencryptDomains...)`
Fix ssl configuration 2024-07-01 11:50:18 +02:00			`if err != nil {`
			`return nil, fmt.Errorf("failed creating LetsEncrypt cert manager: %v", err)`
			`}`
			`return certManager.TLSConfig(), nil`
			`}`

Extend the cmd with argument handling - add cobra to relay server - add logger instance for handshaker 2024-06-19 17:40:16 +02:00			`func main() {`
			`err := rootCmd.Execute()`
			`if err != nil {`
			`os.Exit(1)`
			`}`
			`}`