Support unix sockets.
This commit is contained in:
parent
f22202b31b
commit
07a409ffef
|
@ -63,7 +63,17 @@ func FindDefaultConfigPath() string {
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ValidateUnixSocket ensures --unix-socket param is used exclusively
|
||||||
|
// i.e. it fails if a user specifies both --url and --unix-socket
|
||||||
|
func ValidateUnixSocket(c *cli.Context) (string, error) {
|
||||||
|
if c.IsSet("unix-socket") && (c.IsSet("url") || c.NArg() > 0) {
|
||||||
|
return "", errors.New("--unix-socket must be used exclusivly.")
|
||||||
|
}
|
||||||
|
return c.String("unix-socket"), nil
|
||||||
|
}
|
||||||
|
|
||||||
// ValidateUrl will validate url flag correctness. It can be either from --url or argument
|
// ValidateUrl will validate url flag correctness. It can be either from --url or argument
|
||||||
|
// Notice ValidateUnixSocket, it will enforce --unix-socket is not used with --url or argument
|
||||||
func ValidateUrl(c *cli.Context) (string, error) {
|
func ValidateUrl(c *cli.Context) (string, error) {
|
||||||
var url = c.String("url")
|
var url = c.String("url")
|
||||||
if c.NArg() > 0 {
|
if c.NArg() > 0 {
|
||||||
|
|
|
@ -476,6 +476,12 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
|
||||||
EnvVars: []string{"TUNNEL_URL"},
|
EnvVars: []string{"TUNNEL_URL"},
|
||||||
Hidden: shouldHide,
|
Hidden: shouldHide,
|
||||||
}),
|
}),
|
||||||
|
altsrc.NewStringFlag(&cli.StringFlag{
|
||||||
|
Name: "unix-socket",
|
||||||
|
Usage: "Path to unix socket to use instead of --url",
|
||||||
|
EnvVars: []string{"TUNNEL_UNIX_SOCKET"},
|
||||||
|
Hidden: shouldHide,
|
||||||
|
}),
|
||||||
altsrc.NewStringFlag(&cli.StringFlag{
|
altsrc.NewStringFlag(&cli.StringFlag{
|
||||||
Name: "hostname",
|
Name: "hostname",
|
||||||
Usage: "Set a hostname on a Cloudflare zone to route traffic through this tunnel.",
|
Usage: "Set a hostname on a Cloudflare zone to route traffic through this tunnel.",
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
package tunnel
|
package tunnel
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
|
@ -160,7 +161,6 @@ func prepareTunnelConfig(c *cli.Context, buildInfo *origin.BuildInfo, version st
|
||||||
logger.WithError(err).Error("Error validating origin URL")
|
logger.WithError(err).Error("Error validating origin URL")
|
||||||
return nil, errors.Wrap(err, "Error validating origin URL")
|
return nil, errors.Wrap(err, "Error validating origin URL")
|
||||||
}
|
}
|
||||||
logger.Infof("Proxying tunnel requests to %s", originURL)
|
|
||||||
|
|
||||||
originCert, err := getOriginCert(c)
|
originCert, err := getOriginCert(c)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -176,11 +176,6 @@ func prepareTunnelConfig(c *cli.Context, buildInfo *origin.BuildInfo, version st
|
||||||
tunnelMetrics := origin.NewTunnelMetrics()
|
tunnelMetrics := origin.NewTunnelMetrics()
|
||||||
httpTransport := &http.Transport{
|
httpTransport := &http.Transport{
|
||||||
Proxy: http.ProxyFromEnvironment,
|
Proxy: http.ProxyFromEnvironment,
|
||||||
DialContext: (&net.Dialer{
|
|
||||||
Timeout: c.Duration("proxy-connect-timeout"),
|
|
||||||
KeepAlive: c.Duration("proxy-tcp-keepalive"),
|
|
||||||
DualStack: !c.Bool("proxy-no-happy-eyeballs"),
|
|
||||||
}).DialContext,
|
|
||||||
MaxIdleConns: c.Int("proxy-keepalive-connections"),
|
MaxIdleConns: c.Int("proxy-keepalive-connections"),
|
||||||
IdleConnTimeout: c.Duration("proxy-keepalive-timeout"),
|
IdleConnTimeout: c.Duration("proxy-keepalive-timeout"),
|
||||||
TLSHandshakeTimeout: c.Duration("proxy-tls-timeout"),
|
TLSHandshakeTimeout: c.Duration("proxy-tls-timeout"),
|
||||||
|
@ -188,6 +183,29 @@ func prepareTunnelConfig(c *cli.Context, buildInfo *origin.BuildInfo, version st
|
||||||
TLSClientConfig: &tls.Config{RootCAs: originCertPool, InsecureSkipVerify: c.IsSet("no-tls-verify")},
|
TLSClientConfig: &tls.Config{RootCAs: originCertPool, InsecureSkipVerify: c.IsSet("no-tls-verify")},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
dialContext := (&net.Dialer{
|
||||||
|
Timeout: c.Duration("proxy-connect-timeout"),
|
||||||
|
KeepAlive: c.Duration("proxy-tcp-keepalive"),
|
||||||
|
DualStack: !c.Bool("proxy-no-happy-eyeballs"),
|
||||||
|
}).DialContext
|
||||||
|
|
||||||
|
if c.IsSet("unix-socket") {
|
||||||
|
unixSocket, err := config.ValidateUnixSocket(c)
|
||||||
|
if err != nil {
|
||||||
|
logger.WithError(err).Error("Error validating --unix-socket")
|
||||||
|
return nil, errors.Wrap(err, "Error validating --unix-socket")
|
||||||
|
}
|
||||||
|
|
||||||
|
logger.Infof("Proxying tunnel requests to unix:%s", unixSocket)
|
||||||
|
httpTransport.DialContext = func(ctx context.Context, _, _ string) (net.Conn, error) {
|
||||||
|
// if --unix-socket specified, enforce network type "unix"
|
||||||
|
return dialContext(ctx, "unix", unixSocket)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
logger.Infof("Proxying tunnel requests to %s", originURL)
|
||||||
|
httpTransport.DialContext = dialContext
|
||||||
|
}
|
||||||
|
|
||||||
if !c.IsSet("hello-world") && c.IsSet("origin-server-name") {
|
if !c.IsSet("hello-world") && c.IsSet("origin-server-name") {
|
||||||
httpTransport.TLSClientConfig.ServerName = c.String("origin-server-name")
|
httpTransport.TLSClientConfig.ServerName = c.String("origin-server-name")
|
||||||
}
|
}
|
||||||
|
|
|
@ -37,8 +37,10 @@ const (
|
||||||
)
|
)
|
||||||
|
|
||||||
type TunnelConfig struct {
|
type TunnelConfig struct {
|
||||||
EdgeAddrs []string
|
// OriginUrl may not be used if a user specifies a unix socket.
|
||||||
OriginUrl string
|
OriginUrl string
|
||||||
|
|
||||||
|
EdgeAddrs []string
|
||||||
Hostname string
|
Hostname string
|
||||||
OriginCert []byte
|
OriginCert []byte
|
||||||
TlsConfig *tls.Config
|
TlsConfig *tls.Config
|
||||||
|
|
Loading…
Reference in New Issue