back to standard tls library

nghttp2
fangdingjun 6 years ago
parent aa9682d29c
commit 0a49b118b7

@ -1,8 +1,6 @@
package main package main
import ( import (
"bufio"
"bytes"
"fmt" "fmt"
"io" "io"
"log" "log"
@ -11,9 +9,7 @@ import (
"strings" "strings"
"time" "time"
"github.com/fangdingjun/gnutls"
auth "github.com/fangdingjun/go-http-auth" auth "github.com/fangdingjun/go-http-auth"
nghttp2 "github.com/fangdingjun/nghttp2-go"
) )
// handler process the proxy request first(if enabled) // handler process the proxy request first(if enabled)
@ -249,107 +245,3 @@ func pipeAndClose(r1, r2 io.ReadWriteCloser) {
<-ch <-ch
} }
func handleHTTPClient(c net.Conn, handler http.Handler) {
tlsconn := c.(*gnutls.Conn)
if err := tlsconn.Handshake(); err != nil {
log.Println(err)
return
}
state := tlsconn.ConnectionState()
if state.NegotiatedProtocol == "h2" {
h2conn, err := nghttp2.Server(tlsconn, handler)
if err != nil {
log.Println(err)
}
h2conn.Run()
h2conn = nil
return
}
defer c.Close()
r := bufio.NewReader(tlsconn)
buf := new(bytes.Buffer)
for {
req, err := http.ReadRequest(r)
if err != nil {
return
}
addr := tlsconn.RemoteAddr().String()
req.RemoteAddr = addr
rh := &responseHandler{
c: tlsconn,
header: http.Header{},
buf: buf,
}
handler.ServeHTTP(rh, req)
rh.Write(nil)
rh.buf.WriteTo(rh.c)
if req.Body != nil {
req.Body.Close()
}
}
}
type responseHandler struct {
c net.Conn
statusCode int
header http.Header
responseSend bool
w io.Writer
buf *bytes.Buffer
}
func (r *responseHandler) WriteHeader(statusCode int) {
if r.responseSend {
return
}
r.buf.Reset()
r.statusCode = statusCode
cl := r.header.Get("content-length")
te := r.header.Get("transfer-encoding")
if cl == "" || te != "" {
if te == "" {
r.header.Set("transfer-encoding", "chunked")
}
r.w = &chunkWriter{r.buf}
} else {
r.w = r.buf
}
fmt.Fprintf(r.buf, "HTTP/1.1 %d %s\r\n", statusCode,
http.StatusText(statusCode))
for k, v := range r.header {
fmt.Fprintf(r.buf, "%s: %s\r\n", strings.Title(k), strings.Join(v, ","))
}
fmt.Fprintf(r.buf, "\r\n")
r.responseSend = true
}
func (r *responseHandler) Header() http.Header {
return r.header
}
func (r *responseHandler) Write(buf []byte) (int, error) {
if !r.responseSend {
r.WriteHeader(http.StatusOK)
}
n, err := r.w.Write(buf)
if r.buf.Len() > 2048 {
r.buf.WriteTo(r.c)
}
return n, err
}
var _ http.ResponseWriter = &responseHandler{}
type chunkWriter struct {
w io.Writer
}
func (cw *chunkWriter) Write(buf []byte) (int, error) {
n := len(buf)
if n == 0 {
return fmt.Fprintf(cw.w, "0\r\n\r\n")
}
return fmt.Fprintf(cw.w, "%x\r\n%s\r\n", n, string(buf))
}

@ -7,15 +7,19 @@ import (
"net" "net"
"net/http" "net/http"
"net/http/httputil" "net/http/httputil"
//_ "net/http/pprof"
"net/url" "net/url"
"os" "os"
"regexp" "regexp"
"strings" "strings"
"sync" "sync"
"github.com/fangdingjun/gnutls" "crypto/tls"
//"github.com/fangdingjun/gnutls"
auth "github.com/fangdingjun/go-http-auth" auth "github.com/fangdingjun/go-http-auth"
"github.com/fangdingjun/gofast" "github.com/fangdingjun/gofast"
"github.com/fangdingjun/nghttp2-go"
loghandler "github.com/gorilla/handlers" loghandler "github.com/gorilla/handlers"
"github.com/gorilla/mux" "github.com/gorilla/mux"
) )
@ -48,7 +52,7 @@ func initRouters(cfg conf) {
for _, l := range cfg { for _, l := range cfg {
router := mux.NewRouter() router := mux.NewRouter()
domains := []string{} domains := []string{}
certs := []*gnutls.Certificate{} certs := []tls.Certificate{}
// initial virtual host // initial virtual host
for _, h := range l.Vhost { for _, h := range l.Vhost {
@ -58,7 +62,7 @@ func initRouters(cfg conf) {
} }
domains = append(domains, h2) domains = append(domains, h2)
if h.Cert != "" && h.Key != "" { if h.Cert != "" && h.Key != "" {
if cert, err := gnutls.LoadX509KeyPair(h.Cert, h.Key); err == nil { if cert, err := tls.LoadX509KeyPair(h.Cert, h.Key); err == nil {
certs = append(certs, cert) certs = append(certs, cert)
} else { } else {
log.Fatal(err) log.Fatal(err)
@ -101,7 +105,7 @@ func initRouters(cfg conf) {
fmt.Printf("invalid type: %s\n", rule.Type) fmt.Printf("invalid type: %s\n", rule.Type)
} }
} }
//router.PathPrefix("/debug/").Handler(http.DefaultServeMux)
router.PathPrefix("/").Handler(http.FileServer(http.Dir(l.Docroot))) router.PathPrefix("/").Handler(http.FileServer(http.Dir(l.Docroot)))
go func(l server) { go func(l server) {
@ -127,30 +131,24 @@ func initRouters(cfg conf) {
} }
if len(certs) > 0 { if len(certs) > 0 {
tlsconfig := &gnutls.Config{ tlsconfig := &tls.Config{
Certificates: certs, Certificates: certs,
NextProtos: []string{"h2", "http/1.1"}, NextProtos: []string{"h2", "http/1.1"},
} }
listener, err := gnutls.Listen("tcp", addr, tlsconfig)
if err != nil {
log.Fatal(err)
}
handler := loghandler.CombinedLoggingHandler(w, hdlr) handler := loghandler.CombinedLoggingHandler(w, hdlr)
//handler := hdlr //handler := hdlr
log.Printf("listen https on %s", addr) log.Printf("listen https on %s", addr)
go func() { srv := &http.Server{
defer listener.Close() Addr: addr,
for { Handler: handler,
conn, err := listener.Accept() TLSConfig: tlsconfig,
if err != nil { TLSNextProto: map[string]func(*http.Server, *tls.Conn, http.Handler){
log.Println(err) "h2": nghttp2.HTTP2Handler,
break },
} }
go handleHTTPClient(conn, handler) if err := srv.ListenAndServeTLS("", ""); err != nil {
log.Fatal(err)
} }
}()
} else { } else {
log.Printf("listen http on %s", addr) log.Printf("listen http on %s", addr)
handler := loghandler.CombinedLoggingHandler(w, hdlr) handler := loghandler.CombinedLoggingHandler(w, hdlr)

Loading…
Cancel
Save