back to standard tls library

nghttp2
fangdingjun 6 years ago
parent aa9682d29c
commit 0a49b118b7

@ -1,8 +1,6 @@
package main
import (
"bufio"
"bytes"
"fmt"
"io"
"log"
@ -11,9 +9,7 @@ import (
"strings"
"time"
"github.com/fangdingjun/gnutls"
auth "github.com/fangdingjun/go-http-auth"
nghttp2 "github.com/fangdingjun/nghttp2-go"
)
// handler process the proxy request first(if enabled)
@ -249,107 +245,3 @@ func pipeAndClose(r1, r2 io.ReadWriteCloser) {
<-ch
}
func handleHTTPClient(c net.Conn, handler http.Handler) {
tlsconn := c.(*gnutls.Conn)
if err := tlsconn.Handshake(); err != nil {
log.Println(err)
return
}
state := tlsconn.ConnectionState()
if state.NegotiatedProtocol == "h2" {
h2conn, err := nghttp2.Server(tlsconn, handler)
if err != nil {
log.Println(err)
}
h2conn.Run()
h2conn = nil
return
}
defer c.Close()
r := bufio.NewReader(tlsconn)
buf := new(bytes.Buffer)
for {
req, err := http.ReadRequest(r)
if err != nil {
return
}
addr := tlsconn.RemoteAddr().String()
req.RemoteAddr = addr
rh := &responseHandler{
c: tlsconn,
header: http.Header{},
buf: buf,
}
handler.ServeHTTP(rh, req)
rh.Write(nil)
rh.buf.WriteTo(rh.c)
if req.Body != nil {
req.Body.Close()
}
}
}
type responseHandler struct {
c net.Conn
statusCode int
header http.Header
responseSend bool
w io.Writer
buf *bytes.Buffer
}
func (r *responseHandler) WriteHeader(statusCode int) {
if r.responseSend {
return
}
r.buf.Reset()
r.statusCode = statusCode
cl := r.header.Get("content-length")
te := r.header.Get("transfer-encoding")
if cl == "" || te != "" {
if te == "" {
r.header.Set("transfer-encoding", "chunked")
}
r.w = &chunkWriter{r.buf}
} else {
r.w = r.buf
}
fmt.Fprintf(r.buf, "HTTP/1.1 %d %s\r\n", statusCode,
http.StatusText(statusCode))
for k, v := range r.header {
fmt.Fprintf(r.buf, "%s: %s\r\n", strings.Title(k), strings.Join(v, ","))
}
fmt.Fprintf(r.buf, "\r\n")
r.responseSend = true
}
func (r *responseHandler) Header() http.Header {
return r.header
}
func (r *responseHandler) Write(buf []byte) (int, error) {
if !r.responseSend {
r.WriteHeader(http.StatusOK)
}
n, err := r.w.Write(buf)
if r.buf.Len() > 2048 {
r.buf.WriteTo(r.c)
}
return n, err
}
var _ http.ResponseWriter = &responseHandler{}
type chunkWriter struct {
w io.Writer
}
func (cw *chunkWriter) Write(buf []byte) (int, error) {
n := len(buf)
if n == 0 {
return fmt.Fprintf(cw.w, "0\r\n\r\n")
}
return fmt.Fprintf(cw.w, "%x\r\n%s\r\n", n, string(buf))
}

@ -7,15 +7,19 @@ import (
"net"
"net/http"
"net/http/httputil"
//_ "net/http/pprof"
"net/url"
"os"
"regexp"
"strings"
"sync"
"github.com/fangdingjun/gnutls"
"crypto/tls"
//"github.com/fangdingjun/gnutls"
auth "github.com/fangdingjun/go-http-auth"
"github.com/fangdingjun/gofast"
"github.com/fangdingjun/nghttp2-go"
loghandler "github.com/gorilla/handlers"
"github.com/gorilla/mux"
)
@ -48,7 +52,7 @@ func initRouters(cfg conf) {
for _, l := range cfg {
router := mux.NewRouter()
domains := []string{}
certs := []*gnutls.Certificate{}
certs := []tls.Certificate{}
// initial virtual host
for _, h := range l.Vhost {
@ -58,7 +62,7 @@ func initRouters(cfg conf) {
}
domains = append(domains, h2)
if h.Cert != "" && h.Key != "" {
if cert, err := gnutls.LoadX509KeyPair(h.Cert, h.Key); err == nil {
if cert, err := tls.LoadX509KeyPair(h.Cert, h.Key); err == nil {
certs = append(certs, cert)
} else {
log.Fatal(err)
@ -101,7 +105,7 @@ func initRouters(cfg conf) {
fmt.Printf("invalid type: %s\n", rule.Type)
}
}
//router.PathPrefix("/debug/").Handler(http.DefaultServeMux)
router.PathPrefix("/").Handler(http.FileServer(http.Dir(l.Docroot)))
go func(l server) {
@ -127,30 +131,24 @@ func initRouters(cfg conf) {
}
if len(certs) > 0 {
tlsconfig := &gnutls.Config{
tlsconfig := &tls.Config{
Certificates: certs,
NextProtos: []string{"h2", "http/1.1"},
}
listener, err := gnutls.Listen("tcp", addr, tlsconfig)
if err != nil {
log.Fatal(err)
}
handler := loghandler.CombinedLoggingHandler(w, hdlr)
//handler := hdlr
log.Printf("listen https on %s", addr)
go func() {
defer listener.Close()
for {
conn, err := listener.Accept()
if err != nil {
log.Println(err)
break
srv := &http.Server{
Addr: addr,
Handler: handler,
TLSConfig: tlsconfig,
TLSNextProto: map[string]func(*http.Server, *tls.Conn, http.Handler){
"h2": nghttp2.HTTP2Handler,
},
}
go handleHTTPClient(conn, handler)
if err := srv.ListenAndServeTLS("", ""); err != nil {
log.Fatal(err)
}
}()
} else {
log.Printf("listen http on %s", addr)
handler := loghandler.CombinedLoggingHandler(w, hdlr)

Loading…
Cancel
Save