extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-06-20 17:58:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

- add file based cert

Browse Source 
- print out the exposed address
- handle empty exposed address
This commit is contained in:
Zoltan Papp 2024-07-03 15:03:57 +02:00
parent 15a7b7629b
commit 1a5ee744a8
5 changed files with 56 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
encryption/cert.go Normal file
View File

@ -0,0 +1,19 @@
package encryption
import "crypto/tls"
func LoadTLSConfig(certFile, keyFile string) (*tls.Config, error) {
serverCert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
return nil, err
}
config := &tls.Config{
Certificates: []tls.Certificate{serverCert},
ClientAuth: tls.NoClientCert,
NextProtos: []string{
"h2", "http/1.1", // enable HTTP/2
},
}
return config, nil
}

32
relay/cmd/main.go
View File

@ -18,9 +18,12 @@ import (
var ( var (
listenAddress string listenAddress string
// in HA every peer connect to a common domain, the instance domain has been distributed during the p2p connection // in HA every peer connect to a common domain, the instance domain has been distributed during the p2p connection
// it is a domain:port or ip:port
exposedAddress string exposedAddress string
letsencryptDataDir string letsencryptDataDir string
letsencryptDomains []string letsencryptDomains []string
tlsCertFile string
tlsKeyFile string
rootCmd = &cobra.Command{ rootCmd = &cobra.Command{
Use: "relay", Use: "relay",
@ -32,10 +35,13 @@ var (
func init() { func init() {
_ = util.InitLog("trace", "console") _ = util.InitLog("trace", "console")
rootCmd.PersistentFlags().StringVarP(&listenAddress, "listen-address", "l", ":1235", "listen address") rootCmd.PersistentFlags().StringVarP(&listenAddress, "listen-address", "l", ":443", "listen address")
rootCmd.PersistentFlags().StringVarP(&exposedAddress, "exposed-address", "e", "", "instance domain address (or ip) and port, it will be distributes between peers") rootCmd.PersistentFlags().StringVarP(&exposedAddress, "exposed-address", "e", "", "instance domain address (or ip) and port, it will be distributes between peers")
rootCmd.PersistentFlags().StringVarP(&letsencryptDataDir, "letsencrypt-data-dir", "d", "", "a directory to store Let's Encrypt data. Required if Let's Encrypt is enabled.") rootCmd.PersistentFlags().StringVarP(&letsencryptDataDir, "letsencrypt-data-dir", "d", "", "a directory to store Let's Encrypt data. Required if Let's Encrypt is enabled.")
rootCmd.PersistentFlags().StringArrayVarP(&letsencryptDomains, "letsencrypt-domains", "a", nil, "list of domains to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS") rootCmd.PersistentFlags().StringArrayVarP(&letsencryptDomains, "letsencrypt-domains", "a", nil, "list of domains to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS")
rootCmd.PersistentFlags().StringVarP(&tlsCertFile, "tls-cert-file", "c", "", "")
rootCmd.PersistentFlags().StringVarP(&tlsKeyFile, "tls-key-file", "k", "", "")
} }
func waitForExitSignal() { func waitForExitSignal() {
@ -45,20 +51,33 @@ func waitForExitSignal() {
} }
func execute(cmd *cobra.Command, args []string) { func execute(cmd *cobra.Command, args []string) {
if exposedAddress == "" {
log.Errorf("exposed address is required")
os.Exit(1)
}
srvListenerCfg := server.ListenerConfig{ srvListenerCfg := server.ListenerConfig{
Address: listenAddress, Address: listenAddress,
} }
if hasLetsEncrypt() { if hasLetsEncrypt() {
tlscfg, err := setupTLS() tlsCfg, err := setupTLSCertManager()
if err != nil { if err != nil {
log.Errorf("%s", err) log.Errorf("%s", err)
os.Exit(1) os.Exit(1)
} }
srvListenerCfg.TLSConfig = tlscfg srvListenerCfg.TLSConfig = tlsCfg
} else if hasCertConfig() {
tlsCfg, err := encryption.LoadTLSConfig(tlsCertFile, tlsKeyFile)
if err != nil {
log.Errorf("%s", err)
os.Exit(1)
}
srvListenerCfg.TLSConfig = tlsCfg
} }
tlsSupport := srvListenerCfg.TLSConfig != nil tlsSupport := srvListenerCfg.TLSConfig != nil
srv := server.NewServer(exposedAddress, tlsSupport) srv := server.NewServer(exposedAddress, tlsSupport)
log.Infof("server will be available on: %s", srv.InstanceURL())
err := srv.Listen(srvListenerCfg) err := srv.Listen(srvListenerCfg)
if err != nil { if err != nil {
log.Errorf("failed to bind server: %s", err) log.Errorf("failed to bind server: %s", err)
@ -74,11 +93,16 @@ func execute(cmd *cobra.Command, args []string) {
} }
} }
func hasCertConfig() bool {
return tlsCertFile != "" && tlsKeyFile != ""
}
func hasLetsEncrypt() bool { func hasLetsEncrypt() bool {
return letsencryptDataDir != "" && letsencryptDomains != nil && len(letsencryptDomains) > 0 return letsencryptDataDir != "" && letsencryptDomains != nil && len(letsencryptDomains) > 0
} }
func setupTLS() (*tls.Config, error) { func setupTLSCertManager() (*tls.Config, error) {
certManager, err := encryption.CreateCertManager(letsencryptDataDir, letsencryptDomains...) certManager, err := encryption.CreateCertManager(letsencryptDataDir, letsencryptDomains...)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed creating LetsEncrypt cert manager: %v", err) return nil, fmt.Errorf("failed creating LetsEncrypt cert manager: %v", err)

4
relay/server/relay.go
View File

@ -107,3 +107,7 @@ func (r *Relay) handShake(conn net.Conn) ([]byte, error) {
} }
return peerID, nil return peerID, nil
} }
func (r *Relay) InstanceURL() string {
return r.instaceURL
}

4
relay/server/server.go
View File

@ -83,3 +83,7 @@ func (r *Server) Close() error {
err := errors.Join(wErr, uErr) err := errors.Join(wErr, uErr)
return err return err
} }
func (r *Server) InstanceURL() string {
return r.relay.instaceURL
}

2
signal/proto/signalexchange.proto
View File

@ -61,7 +61,7 @@ message Body {
// RosenpassConfig is a Rosenpass config of the remote peer our peer tries to connect to // RosenpassConfig is a Rosenpass config of the remote peer our peer tries to connect to
RosenpassConfig rosenpassConfig = 7; RosenpassConfig rosenpassConfig = 7;
// relayServerAddress is an IP:port of the relay server // relayServerAddress is url of the relay server
string relayServerAddress = 8; string relayServerAddress = 8;
} }