2023-04-18 19:36:43 +02:00
|
|
|
package proxy
|
2022-07-20 19:18:40 +02:00
|
|
|
|
2022-07-20 19:41:23 +02:00
|
|
|
import (
|
2023-01-30 23:38:58 +01:00
|
|
|
"crypto/tls"
|
2023-01-09 23:24:35 +01:00
|
|
|
"fmt"
|
2022-07-20 19:41:23 +02:00
|
|
|
"github.com/openziti/sdk-golang/ziti"
|
2022-08-09 19:57:45 +02:00
|
|
|
"github.com/openziti/sdk-golang/ziti/edge"
|
2023-01-13 21:01:34 +01:00
|
|
|
"github.com/openziti/zrok/endpoints"
|
|
|
|
|
"github.com/openziti/zrok/util"
|
2022-07-20 19:41:23 +02:00
|
|
|
"github.com/pkg/errors"
|
2022-08-10 21:16:36 +02:00
|
|
|
"github.com/sirupsen/logrus"
|
2023-05-25 20:59:39 +02:00
|
|
|
"net/http"
|
|
|
|
|
"net/http/httputil"
|
|
|
|
|
"net/url"
|
|
|
|
|
"time"
|
2022-07-20 19:41:23 +02:00
|
|
|
)
|
|
|
|
|
|
2023-04-18 19:36:43 +02:00
|
|
|
type BackendConfig struct {
|
2022-08-10 21:16:36 +02:00
|
|
|
IdentityPath string
|
|
|
|
|
EndpointAddress string
|
2023-01-04 20:42:58 +01:00
|
|
|
ShrToken string
|
2023-01-30 23:38:58 +01:00
|
|
|
Insecure bool
|
2023-08-30 19:46:51 +02:00
|
|
|
Requests chan *endpoints.Request
|
2022-08-10 21:16:36 +02:00
|
|
|
}
|
|
|
|
|
|
2023-04-14 19:09:54 +02:00
|
|
|
type Backend struct {
|
2023-04-18 19:36:43 +02:00
|
|
|
cfg *BackendConfig
|
2022-08-09 19:57:45 +02:00
|
|
|
listener edge.Listener
|
|
|
|
|
handler http.Handler
|
|
|
|
|
}
|
|
|
|
|
|
2023-04-18 19:36:43 +02:00
|
|
|
func NewBackend(cfg *BackendConfig) (*Backend, error) {
|
2022-07-20 19:41:23 +02:00
|
|
|
options := ziti.ListenOptions{
|
2023-12-13 17:22:20 +01:00
|
|
|
ConnectTimeout: 5 * time.Minute,
|
|
|
|
|
MaxConnections: 64,
|
|
|
|
|
WaitForNEstablishedListeners: 1,
|
2022-07-20 19:41:23 +02:00
|
|
|
}
|
2023-05-25 17:50:38 +02:00
|
|
|
zcfg, err := ziti.NewConfigFromFile(cfg.IdentityPath)
|
2022-07-20 19:41:23 +02:00
|
|
|
if err != nil {
|
2022-08-09 19:57:45 +02:00
|
|
|
return nil, errors.Wrap(err, "error loading config")
|
2022-07-20 19:41:23 +02:00
|
|
|
}
|
2023-05-25 17:50:38 +02:00
|
|
|
zctx, err := ziti.NewContext(zcfg)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "error loading ziti context")
|
|
|
|
|
}
|
|
|
|
|
listener, err := zctx.ListenWithOptions(cfg.ShrToken, &options)
|
2022-07-20 19:41:23 +02:00
|
|
|
if err != nil {
|
2022-08-09 19:57:45 +02:00
|
|
|
return nil, errors.Wrap(err, "error listening")
|
2022-07-20 19:41:23 +02:00
|
|
|
}
|
|
|
|
|
|
2023-01-30 23:38:58 +01:00
|
|
|
proxy, err := newReverseProxy(cfg)
|
2022-07-21 21:46:14 +02:00
|
|
|
if err != nil {
|
2022-08-09 19:57:45 +02:00
|
|
|
return nil, err
|
2022-07-20 19:41:23 +02:00
|
|
|
}
|
2022-08-09 19:57:45 +02:00
|
|
|
|
|
|
|
|
handler := util.NewProxyHandler(proxy)
|
2023-04-14 19:09:54 +02:00
|
|
|
return &Backend{
|
2022-08-18 22:57:38 +02:00
|
|
|
cfg: cfg,
|
2022-08-09 19:57:45 +02:00
|
|
|
listener: listener,
|
|
|
|
|
handler: handler,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-04-14 19:09:54 +02:00
|
|
|
func (b *Backend) Run() error {
|
|
|
|
|
if err := http.Serve(b.listener, b.handler); err != nil {
|
2022-07-21 21:46:14 +02:00
|
|
|
return err
|
2022-07-20 19:41:23 +02:00
|
|
|
}
|
2022-07-21 21:46:14 +02:00
|
|
|
return nil
|
|
|
|
|
}
|
2022-08-10 21:16:36 +02:00
|
|
|
|
2023-04-18 19:36:43 +02:00
|
|
|
func newReverseProxy(cfg *BackendConfig) (*httputil.ReverseProxy, error) {
|
2023-01-30 23:38:58 +01:00
|
|
|
targetURL, err := url.Parse(cfg.EndpointAddress)
|
2022-08-10 21:16:36 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-10 22:25:35 +02:00
|
|
|
tpt := http.DefaultTransport.(*http.Transport).Clone()
|
2023-01-30 23:38:58 +01:00
|
|
|
if cfg.Insecure {
|
|
|
|
|
tpt.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
|
|
|
|
|
}
|
2022-10-10 22:25:35 +02:00
|
|
|
|
2022-08-10 21:16:36 +02:00
|
|
|
proxy := httputil.NewSingleHostReverseProxy(targetURL)
|
2022-10-10 22:25:35 +02:00
|
|
|
proxy.Transport = tpt
|
2022-08-10 21:16:36 +02:00
|
|
|
director := proxy.Director
|
|
|
|
|
proxy.Director = func(req *http.Request) {
|
2023-08-30 19:46:51 +02:00
|
|
|
if cfg.Requests != nil {
|
|
|
|
|
cfg.Requests <- &endpoints.Request{
|
2023-01-10 20:52:28 +01:00
|
|
|
Stamp: time.Now(),
|
|
|
|
|
RemoteAddr: fmt.Sprintf("%v", req.Header["X-Real-Ip"]),
|
|
|
|
|
Method: req.Method,
|
|
|
|
|
Path: req.URL.String(),
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-08-10 21:16:36 +02:00
|
|
|
director(req)
|
|
|
|
|
req.Header.Set("X-Proxy", "zrok")
|
|
|
|
|
}
|
|
|
|
|
proxy.ErrorHandler = func(w http.ResponseWriter, r *http.Request, err error) {
|
|
|
|
|
logrus.Errorf("error proxying: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return proxy, nil
|
|
|
|
|
}
|
