netbird/relay/cmd/main.go

package main

import (
	"crypto/tls"
	"fmt"
	"os"
	"os/signal"
	"syscall"
	"time"

	log "github.com/sirupsen/logrus"
	"github.com/spf13/cobra"

	"github.com/netbirdio/netbird/encryption"
	auth "github.com/netbirdio/netbird/relay/auth/hmac"
	"github.com/netbirdio/netbird/relay/server"
	"github.com/netbirdio/netbird/util"
)

var (
	listenAddress string
	// in HA every peer connect to a common domain, the instance domain has been distributed during the p2p connection
	// it is a domain:port or ip:port
	exposedAddress     string
	letsencryptDataDir string
	letsencryptDomains []string
	tlsCertFile        string
	tlsKeyFile         string
	authSecret         string

	rootCmd = &cobra.Command{
		Use:   "relay",
		Short: "Relay service",
		Long:  "Relay service for Netbird agents",
		Run:   execute,
	}
)

func init() {
	_ = util.InitLog("trace", "console")
	rootCmd.PersistentFlags().StringVarP(&listenAddress, "listen-address", "l", ":443", "listen address")
	rootCmd.PersistentFlags().StringVarP(&exposedAddress, "exposed-address", "e", "", "instance domain address (or ip) and port, it will be distributes between peers")
	rootCmd.PersistentFlags().StringVarP(&letsencryptDataDir, "letsencrypt-data-dir", "d", "", "a directory to store Let's Encrypt data. Required if Let's Encrypt is enabled.")
	rootCmd.PersistentFlags().StringArrayVarP(&letsencryptDomains, "letsencrypt-domains", "a", nil, "list of domains to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS")
	rootCmd.PersistentFlags().StringVarP(&tlsCertFile, "tls-cert-file", "c", "", "")
	rootCmd.PersistentFlags().StringVarP(&tlsKeyFile, "tls-key-file", "k", "", "")
	rootCmd.PersistentFlags().StringVarP(&authSecret, "auth-secret", "s", "", "log level")
}

func waitForExitSignal() {
	osSigs := make(chan os.Signal, 1)
	signal.Notify(osSigs, syscall.SIGINT, syscall.SIGTERM)
	<-osSigs
}

func execute(cmd *cobra.Command, args []string) {
	if exposedAddress == "" {
		log.Errorf("exposed address is required")
		os.Exit(1)
	}

	if authSecret == "" {
		log.Errorf("auth secret is required")
		os.Exit(1)
	}

	srvListenerCfg := server.ListenerConfig{
		Address: listenAddress,
	}
	if hasLetsEncrypt() {
		tlsCfg, err := setupTLSCertManager()
		if err != nil {
			log.Errorf("%s", err)
			os.Exit(1)
		}
		srvListenerCfg.TLSConfig = tlsCfg
	} else if hasCertConfig() {
		tlsCfg, err := encryption.LoadTLSConfig(tlsCertFile, tlsKeyFile)
		if err != nil {
			log.Errorf("%s", err)
			os.Exit(1)
		}
		srvListenerCfg.TLSConfig = tlsCfg
	}

	tlsSupport := srvListenerCfg.TLSConfig != nil

	authenticator := auth.NewTimedHMACValidator(authSecret, 24*time.Hour)
	srv := server.NewServer(exposedAddress, tlsSupport, authenticator)
	log.Infof("server will be available on: %s", srv.InstanceURL())
	err := srv.Listen(srvListenerCfg)
	if err != nil {
		log.Errorf("failed to bind server: %s", err)
		os.Exit(1)
	}

	waitForExitSignal()

	err = srv.Close()
	if err != nil {
		log.Errorf("failed to close server: %s", err)
		os.Exit(1)
	}
}

func hasCertConfig() bool {
	return tlsCertFile != "" && tlsKeyFile != ""

}

func hasLetsEncrypt() bool {
	return letsencryptDataDir != "" && letsencryptDomains != nil && len(letsencryptDomains) > 0
}

func setupTLSCertManager() (*tls.Config, error) {
	certManager, err := encryption.CreateCertManager(letsencryptDataDir, letsencryptDomains...)
	if err != nil {
		return nil, fmt.Errorf("failed creating LetsEncrypt cert manager: %v", err)
	}
	return certManager.TLSConfig(), nil
}

func main() {
	err := rootCmd.Execute()
	if err != nil {
		os.Exit(1)
	}
}
Add relay cmd 2024-05-17 20:24:06 +02:00			`package main`

			`import (`
Fix ssl configuration 2024-07-01 11:50:18 +02:00			`"crypto/tls"`
			`"fmt"`
Add relay cmd 2024-05-17 20:24:06 +02:00			`"os"`
Close sockets on server cmd 2024-05-27 09:42:27 +02:00			`"os/signal"`
			`"syscall"`
Fix parameters of tests 2024-07-08 17:01:11 +02:00			`"time"`
Remove channel binding logic 2024-05-23 13:24:02 +02:00
Add relay cmd 2024-05-17 20:24:06 +02:00			`log "github.com/sirupsen/logrus"`
Extend the cmd with argument handling - add cobra to relay server - add logger instance for handshaker 2024-06-19 17:40:16 +02:00			`"github.com/spf13/cobra"`
Add relay cmd 2024-05-17 20:24:06 +02:00
Fix ssl configuration 2024-07-01 11:50:18 +02:00			`"github.com/netbirdio/netbird/encryption"`
Fix parameters of tests 2024-07-08 17:01:11 +02:00			`auth "github.com/netbirdio/netbird/relay/auth/hmac"`
Add relay cmd 2024-05-17 20:24:06 +02:00			`"github.com/netbirdio/netbird/relay/server"`
Close sockets on server cmd 2024-05-27 09:42:27 +02:00			`"github.com/netbirdio/netbird/util"`
Add relay cmd 2024-05-17 20:24:06 +02:00			`)`

Extend the cmd with argument handling - add cobra to relay server - add logger instance for handshaker 2024-06-19 17:40:16 +02:00			`var (`
Add exposed address 2024-07-02 11:57:17 +02:00			`listenAddress string`
			`// in HA every peer connect to a common domain, the instance domain has been distributed during the p2p connection`
- add file based cert - print out the exposed address - handle empty exposed address 2024-07-03 15:03:57 +02:00			`// it is a domain:port or ip:port`
Add exposed address 2024-07-02 11:57:17 +02:00			`exposedAddress string`
Fix ssl configuration 2024-07-01 11:50:18 +02:00			`letsencryptDataDir string`
Add exposed address 2024-07-02 11:57:17 +02:00			`letsencryptDomains []string`
- add file based cert - print out the exposed address - handle empty exposed address 2024-07-03 15:03:57 +02:00			`tlsCertFile string`
			`tlsKeyFile string`
Integrate the relay authentication 2024-07-05 16:12:30 +02:00			`authSecret string`
Extend the cmd with argument handling - add cobra to relay server - add logger instance for handshaker 2024-06-19 17:40:16 +02:00
			`rootCmd = &cobra.Command{`
			`Use: "relay",`
			`Short: "Relay service",`
			`Long: "Relay service for Netbird agents",`
			`Run: execute,`
			`}`
			`)`

Add relay cmd 2024-05-17 20:24:06 +02:00			`func init() {`
Extend the cmd with argument handling - add cobra to relay server - add logger instance for handshaker 2024-06-19 17:40:16 +02:00			`_ = util.InitLog("trace", "console")`
- add file based cert - print out the exposed address - handle empty exposed address 2024-07-03 15:03:57 +02:00			`rootCmd.PersistentFlags().StringVarP(&listenAddress, "listen-address", "l", ":443", "listen address")`
Add exposed address 2024-07-02 11:57:17 +02:00			`rootCmd.PersistentFlags().StringVarP(&exposedAddress, "exposed-address", "e", "", "instance domain address (or ip) and port, it will be distributes between peers")`
Fix ssl configuration 2024-07-01 11:50:18 +02:00			`rootCmd.PersistentFlags().StringVarP(&letsencryptDataDir, "letsencrypt-data-dir", "d", "", "a directory to store Let's Encrypt data. Required if Let's Encrypt is enabled.")`
Add exposed address 2024-07-02 11:57:17 +02:00			`rootCmd.PersistentFlags().StringArrayVarP(&letsencryptDomains, "letsencrypt-domains", "a", nil, "list of domains to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS")`
- add file based cert - print out the exposed address - handle empty exposed address 2024-07-03 15:03:57 +02:00			`rootCmd.PersistentFlags().StringVarP(&tlsCertFile, "tls-cert-file", "c", "", "")`
			`rootCmd.PersistentFlags().StringVarP(&tlsKeyFile, "tls-key-file", "k", "", "")`
Integrate the relay authentication 2024-07-05 16:12:30 +02:00			`rootCmd.PersistentFlags().StringVarP(&authSecret, "auth-secret", "s", "", "log level")`
Add relay cmd 2024-05-17 20:24:06 +02:00			`}`

Close sockets on server cmd 2024-05-27 09:42:27 +02:00			`func waitForExitSignal() {`
			`osSigs := make(chan os.Signal, 1)`
			`signal.Notify(osSigs, syscall.SIGINT, syscall.SIGTERM)`
Fix logic 2024-06-25 15:13:08 +02:00			`<-osSigs`
Close sockets on server cmd 2024-05-27 09:42:27 +02:00			`}`
Add relay cmd 2024-05-17 20:24:06 +02:00
Extend the cmd with argument handling - add cobra to relay server - add logger instance for handshaker 2024-06-19 17:40:16 +02:00			`func execute(cmd *cobra.Command, args []string) {`
- add file based cert - print out the exposed address - handle empty exposed address 2024-07-03 15:03:57 +02:00			`if exposedAddress == "" {`
			`log.Errorf("exposed address is required")`
			`os.Exit(1)`
			`}`

Integrate the relay authentication 2024-07-05 16:12:30 +02:00			`if authSecret == "" {`
			`log.Errorf("auth secret is required")`
			`os.Exit(1)`
			`}`

Add exposed address 2024-07-02 11:57:17 +02:00			`srvListenerCfg := server.ListenerConfig{`
Fix ssl configuration 2024-07-01 11:50:18 +02:00			`Address: listenAddress,`
			`}`
			`if hasLetsEncrypt() {`
- add file based cert - print out the exposed address - handle empty exposed address 2024-07-03 15:03:57 +02:00			`tlsCfg, err := setupTLSCertManager()`
Fix ssl configuration 2024-07-01 11:50:18 +02:00			`if err != nil {`
			`log.Errorf("%s", err)`
			`os.Exit(1)`
			`}`
- add file based cert - print out the exposed address - handle empty exposed address 2024-07-03 15:03:57 +02:00			`srvListenerCfg.TLSConfig = tlsCfg`
			`} else if hasCertConfig() {`
			`tlsCfg, err := encryption.LoadTLSConfig(tlsCertFile, tlsKeyFile)`
			`if err != nil {`
			`log.Errorf("%s", err)`
			`os.Exit(1)`
			`}`
			`srvListenerCfg.TLSConfig = tlsCfg`
Fix ssl configuration 2024-07-01 11:50:18 +02:00			`}`

Add exposed address 2024-07-02 11:57:17 +02:00			`tlsSupport := srvListenerCfg.TLSConfig != nil`
Fix parameters of tests 2024-07-08 17:01:11 +02:00
			`authenticator := auth.NewTimedHMACValidator(authSecret, 24*time.Hour)`
			`srv := server.NewServer(exposedAddress, tlsSupport, authenticator)`
- add file based cert - print out the exposed address - handle empty exposed address 2024-07-03 15:03:57 +02:00			`log.Infof("server will be available on: %s", srv.InstanceURL())`
Add exposed address 2024-07-02 11:57:17 +02:00			`err := srv.Listen(srvListenerCfg)`
Add relay cmd 2024-05-17 20:24:06 +02:00			`if err != nil {`
			`log.Errorf("failed to bind server: %s", err)`
			`os.Exit(1)`
			`}`
Fix in client the close event 2024-05-26 22:14:33 +02:00
Close sockets on server cmd 2024-05-27 09:42:27 +02:00			`waitForExitSignal()`

			`err = srv.Close()`
			`if err != nil {`
			`log.Errorf("failed to close server: %s", err)`
			`os.Exit(1)`
			`}`
Add relay cmd 2024-05-17 20:24:06 +02:00			`}`
Extend the cmd with argument handling - add cobra to relay server - add logger instance for handshaker 2024-06-19 17:40:16 +02:00
- add file based cert - print out the exposed address - handle empty exposed address 2024-07-03 15:03:57 +02:00			`func hasCertConfig() bool {`
			`return tlsCertFile != "" && tlsKeyFile != ""`

			`}`

Fix ssl configuration 2024-07-01 11:50:18 +02:00			`func hasLetsEncrypt() bool {`
Add exposed address 2024-07-02 11:57:17 +02:00			`return letsencryptDataDir != "" && letsencryptDomains != nil && len(letsencryptDomains) > 0`
Fix ssl configuration 2024-07-01 11:50:18 +02:00			`}`

- add file based cert - print out the exposed address - handle empty exposed address 2024-07-03 15:03:57 +02:00			`func setupTLSCertManager() (*tls.Config, error) {`
Add exposed address 2024-07-02 11:57:17 +02:00			`certManager, err := encryption.CreateCertManager(letsencryptDataDir, letsencryptDomains...)`
Fix ssl configuration 2024-07-01 11:50:18 +02:00			`if err != nil {`
			`return nil, fmt.Errorf("failed creating LetsEncrypt cert manager: %v", err)`
			`}`
			`return certManager.TLSConfig(), nil`
			`}`

Extend the cmd with argument handling - add cobra to relay server - add logger instance for handshaker 2024-06-19 17:40:16 +02:00			`func main() {`
			`err := rootCmd.Execute()`
			`if err != nil {`
			`os.Exit(1)`
			`}`
			`}`