Skip to content
Projects
Groups
Snippets
Help
Loading...
Sign in
Toggle navigation
B
beego
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
go
beego
Commits
532eab8e
Unverified
Commit
532eab8e
authored
Nov 19, 2017
by
astaxie
Committed by
GitHub
Nov 19, 2017
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #2932 from lotus-wu/Branch_v1.9.0
1.Add Mutual HTTPS Option!
parents
3b829504
3872382a
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
106 additions
and
22 deletions
+106
-22
app.go
app.go
+31
-6
config.go
config.go
+18
-16
server.go
grace/server.go
+57
-0
No files found.
app.go
View file @
532eab8e
...
...
@@ -15,7 +15,10 @@
package
beego
import
(
"crypto/tls"
"crypto/x509"
"fmt"
"io/ioutil"
"net"
"net/http"
"net/http/fcgi"
...
...
@@ -110,7 +113,7 @@ func (app *App) Run(mws ...MiddleWare) {
if
BConfig
.
Listen
.
Graceful
{
httpsAddr
:=
BConfig
.
Listen
.
HTTPSAddr
app
.
Server
.
Addr
=
httpsAddr
if
BConfig
.
Listen
.
EnableHTTPS
{
if
BConfig
.
Listen
.
EnableHTTPS
||
BConfig
.
Listen
.
EnableMutualHTTPS
{
go
func
()
{
time
.
Sleep
(
20
*
time
.
Microsecond
)
if
BConfig
.
Listen
.
HTTPSPort
!=
0
{
...
...
@@ -120,10 +123,19 @@ func (app *App) Run(mws ...MiddleWare) {
server
:=
grace
.
NewServer
(
httpsAddr
,
app
.
Handlers
)
server
.
Server
.
ReadTimeout
=
app
.
Server
.
ReadTimeout
server
.
Server
.
WriteTimeout
=
app
.
Server
.
WriteTimeout
if
err
:=
server
.
ListenAndServeTLS
(
BConfig
.
Listen
.
HTTPSCertFile
,
BConfig
.
Listen
.
HTTPSKeyFile
);
err
!=
nil
{
logs
.
Critical
(
"ListenAndServeTLS: "
,
err
,
fmt
.
Sprintf
(
"%d"
,
os
.
Getpid
()))
time
.
Sleep
(
100
*
time
.
Microsecond
)
endRunning
<-
true
if
BConfig
.
Listen
.
EnableMutualHTTPS
{
if
err
:=
server
.
ListenAndServeMutualTLS
(
BConfig
.
Listen
.
HTTPSCertFile
,
BConfig
.
Listen
.
HTTPSKeyFile
,
BConfig
.
Listen
.
TrustCaFile
);
err
!=
nil
{
logs
.
Critical
(
"ListenAndServeTLS: "
,
err
,
fmt
.
Sprintf
(
"%d"
,
os
.
Getpid
()))
time
.
Sleep
(
100
*
time
.
Microsecond
)
endRunning
<-
true
}
}
else
{
if
err
:=
server
.
ListenAndServeTLS
(
BConfig
.
Listen
.
HTTPSCertFile
,
BConfig
.
Listen
.
HTTPSKeyFile
);
err
!=
nil
{
logs
.
Critical
(
"ListenAndServeTLS: "
,
err
,
fmt
.
Sprintf
(
"%d"
,
os
.
Getpid
()))
time
.
Sleep
(
100
*
time
.
Microsecond
)
endRunning
<-
true
}
}
}()
}
...
...
@@ -147,7 +159,7 @@ func (app *App) Run(mws ...MiddleWare) {
}
// run normal mode
if
BConfig
.
Listen
.
EnableHTTPS
{
if
BConfig
.
Listen
.
EnableHTTPS
||
BConfig
.
Listen
.
EnableMutualHTTPS
{
go
func
()
{
time
.
Sleep
(
20
*
time
.
Microsecond
)
if
BConfig
.
Listen
.
HTTPSPort
!=
0
{
...
...
@@ -157,6 +169,19 @@ func (app *App) Run(mws ...MiddleWare) {
return
}
logs
.
Info
(
"https server Running on https://%s"
,
app
.
Server
.
Addr
)
if
BConfig
.
Listen
.
EnableMutualHTTPS
{
pool
:=
x509
.
NewCertPool
()
data
,
err
:=
ioutil
.
ReadFile
(
BConfig
.
Listen
.
TrustCaFile
)
if
err
!=
nil
{
BeeLogger
.
Info
(
"MutualHTTPS should provide TrustCaFile"
)
return
}
pool
.
AppendCertsFromPEM
(
data
)
app
.
Server
.
TLSConfig
=
&
tls
.
Config
{
ClientCAs
:
pool
,
ClientAuth
:
tls
.
RequireAndVerifyClientCert
,
}
}
if
err
:=
app
.
Server
.
ListenAndServeTLS
(
BConfig
.
Listen
.
HTTPSCertFile
,
BConfig
.
Listen
.
HTTPSKeyFile
);
err
!=
nil
{
logs
.
Critical
(
"ListenAndServeTLS: "
,
err
)
time
.
Sleep
(
100
*
time
.
Microsecond
)
...
...
config.go
View file @
532eab8e
...
...
@@ -49,22 +49,24 @@ type Config struct {
// Listen holds for http and https related config
type
Listen
struct
{
Graceful
bool
// Graceful means use graceful module to start the server
ServerTimeOut
int64
ListenTCP4
bool
EnableHTTP
bool
HTTPAddr
string
HTTPPort
int
EnableHTTPS
bool
HTTPSAddr
string
HTTPSPort
int
HTTPSCertFile
string
HTTPSKeyFile
string
EnableAdmin
bool
AdminAddr
string
AdminPort
int
EnableFcgi
bool
EnableStdIo
bool
// EnableStdIo works with EnableFcgi Use FCGI via standard I/O
Graceful
bool
// Graceful means use graceful module to start the server
ServerTimeOut
int64
ListenTCP4
bool
EnableHTTP
bool
HTTPAddr
string
HTTPPort
int
EnableHTTPS
bool
EnableMutualHTTPS
bool
HTTPSAddr
string
HTTPSPort
int
HTTPSCertFile
string
HTTPSKeyFile
string
TrustCaFile
string
EnableAdmin
bool
AdminAddr
string
AdminPort
int
EnableFcgi
bool
EnableStdIo
bool
// EnableStdIo works with EnableFcgi Use FCGI via standard I/O
}
// WebConfig holds web related config
...
...
grace/server.go
View file @
532eab8e
...
...
@@ -2,7 +2,9 @@ package grace
import
(
"crypto/tls"
"crypto/x509"
"fmt"
"io/ioutil"
"log"
"net"
"net/http"
...
...
@@ -129,6 +131,61 @@ func (srv *Server) ListenAndServeTLS(certFile, keyFile string) (err error) {
return
srv
.
Serve
()
}
//ListenAndServeMutualTLS
func
(
srv
*
Server
)
ListenAndServeMutualTLS
(
certFile
,
keyFile
,
trustFile
string
)
(
err
error
)
{
addr
:=
srv
.
Addr
if
addr
==
""
{
addr
=
":https"
}
if
srv
.
TLSConfig
==
nil
{
srv
.
TLSConfig
=
&
tls
.
Config
{}
}
if
srv
.
TLSConfig
.
NextProtos
==
nil
{
srv
.
TLSConfig
.
NextProtos
=
[]
string
{
"http/1.1"
}
}
srv
.
TLSConfig
.
Certificates
=
make
([]
tls
.
Certificate
,
1
)
srv
.
TLSConfig
.
Certificates
[
0
],
err
=
tls
.
LoadX509KeyPair
(
certFile
,
keyFile
)
if
err
!=
nil
{
return
}
srv
.
TLSConfig
.
ClientAuth
=
tls
.
RequireAndVerifyClientCert
pool
:=
x509
.
NewCertPool
()
data
,
err
:=
ioutil
.
ReadFile
(
trustFile
)
if
err
!=
nil
{
log
.
Println
(
err
)
return
err
}
pool
.
AppendCertsFromPEM
(
data
)
srv
.
TLSConfig
.
ClientCAs
=
pool
log
.
Println
(
"Mutual HTTPS"
)
go
srv
.
handleSignals
()
l
,
err
:=
srv
.
getListener
(
addr
)
if
err
!=
nil
{
log
.
Println
(
err
)
return
err
}
srv
.
tlsInnerListener
=
newGraceListener
(
l
,
srv
)
srv
.
GraceListener
=
tls
.
NewListener
(
srv
.
tlsInnerListener
,
srv
.
TLSConfig
)
if
srv
.
isChild
{
process
,
err
:=
os
.
FindProcess
(
os
.
Getppid
())
if
err
!=
nil
{
log
.
Println
(
err
)
return
err
}
err
=
process
.
Kill
()
if
err
!=
nil
{
return
err
}
}
log
.
Println
(
os
.
Getpid
(),
srv
.
Addr
)
return
srv
.
Serve
()
}
// getListener either opens a new socket to listen on, or takes the acceptor socket
// it got passed when restarted.
func
(
srv
*
Server
)
getListener
(
laddr
string
)
(
l
net
.
Listener
,
err
error
)
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment