Support unix sockets.

This commit is contained in:
Kristian Mide 2019-02-14 11:40:54 +01:00 committed by Silver
parent f22202b31b
commit 07a409ffef
4 changed files with 44 additions and 8 deletions

View File

@ -63,7 +63,17 @@ func FindDefaultConfigPath() string {
return "" return ""
} }
// ValidateUnixSocket ensures --unix-socket param is used exclusively
// i.e. it fails if a user specifies both --url and --unix-socket
func ValidateUnixSocket(c *cli.Context) (string, error) {
if c.IsSet("unix-socket") && (c.IsSet("url") || c.NArg() > 0) {
return "", errors.New("--unix-socket must be used exclusivly.")
}
return c.String("unix-socket"), nil
}
// ValidateUrl will validate url flag correctness. It can be either from --url or argument // ValidateUrl will validate url flag correctness. It can be either from --url or argument
// Notice ValidateUnixSocket, it will enforce --unix-socket is not used with --url or argument
func ValidateUrl(c *cli.Context) (string, error) { func ValidateUrl(c *cli.Context) (string, error) {
var url = c.String("url") var url = c.String("url")
if c.NArg() > 0 { if c.NArg() > 0 {

View File

@ -476,6 +476,12 @@ func tunnelFlags(shouldHide bool) []cli.Flag {
EnvVars: []string{"TUNNEL_URL"}, EnvVars: []string{"TUNNEL_URL"},
Hidden: shouldHide, Hidden: shouldHide,
}), }),
altsrc.NewStringFlag(&cli.StringFlag{
Name: "unix-socket",
Usage: "Path to unix socket to use instead of --url",
EnvVars: []string{"TUNNEL_UNIX_SOCKET"},
Hidden: shouldHide,
}),
altsrc.NewStringFlag(&cli.StringFlag{ altsrc.NewStringFlag(&cli.StringFlag{
Name: "hostname", Name: "hostname",
Usage: "Set a hostname on a Cloudflare zone to route traffic through this tunnel.", Usage: "Set a hostname on a Cloudflare zone to route traffic through this tunnel.",

View File

@ -1,6 +1,7 @@
package tunnel package tunnel
import ( import (
"context"
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"encoding/hex" "encoding/hex"
@ -160,7 +161,6 @@ func prepareTunnelConfig(c *cli.Context, buildInfo *origin.BuildInfo, version st
logger.WithError(err).Error("Error validating origin URL") logger.WithError(err).Error("Error validating origin URL")
return nil, errors.Wrap(err, "Error validating origin URL") return nil, errors.Wrap(err, "Error validating origin URL")
} }
logger.Infof("Proxying tunnel requests to %s", originURL)
originCert, err := getOriginCert(c) originCert, err := getOriginCert(c)
if err != nil { if err != nil {
@ -175,12 +175,7 @@ func prepareTunnelConfig(c *cli.Context, buildInfo *origin.BuildInfo, version st
tunnelMetrics := origin.NewTunnelMetrics() tunnelMetrics := origin.NewTunnelMetrics()
httpTransport := &http.Transport{ httpTransport := &http.Transport{
Proxy: http.ProxyFromEnvironment, Proxy: http.ProxyFromEnvironment,
DialContext: (&net.Dialer{
Timeout: c.Duration("proxy-connect-timeout"),
KeepAlive: c.Duration("proxy-tcp-keepalive"),
DualStack: !c.Bool("proxy-no-happy-eyeballs"),
}).DialContext,
MaxIdleConns: c.Int("proxy-keepalive-connections"), MaxIdleConns: c.Int("proxy-keepalive-connections"),
IdleConnTimeout: c.Duration("proxy-keepalive-timeout"), IdleConnTimeout: c.Duration("proxy-keepalive-timeout"),
TLSHandshakeTimeout: c.Duration("proxy-tls-timeout"), TLSHandshakeTimeout: c.Duration("proxy-tls-timeout"),
@ -188,6 +183,29 @@ func prepareTunnelConfig(c *cli.Context, buildInfo *origin.BuildInfo, version st
TLSClientConfig: &tls.Config{RootCAs: originCertPool, InsecureSkipVerify: c.IsSet("no-tls-verify")}, TLSClientConfig: &tls.Config{RootCAs: originCertPool, InsecureSkipVerify: c.IsSet("no-tls-verify")},
} }
dialContext := (&net.Dialer{
Timeout: c.Duration("proxy-connect-timeout"),
KeepAlive: c.Duration("proxy-tcp-keepalive"),
DualStack: !c.Bool("proxy-no-happy-eyeballs"),
}).DialContext
if c.IsSet("unix-socket") {
unixSocket, err := config.ValidateUnixSocket(c)
if err != nil {
logger.WithError(err).Error("Error validating --unix-socket")
return nil, errors.Wrap(err, "Error validating --unix-socket")
}
logger.Infof("Proxying tunnel requests to unix:%s", unixSocket)
httpTransport.DialContext = func(ctx context.Context, _, _ string) (net.Conn, error) {
// if --unix-socket specified, enforce network type "unix"
return dialContext(ctx, "unix", unixSocket)
}
} else {
logger.Infof("Proxying tunnel requests to %s", originURL)
httpTransport.DialContext = dialContext
}
if !c.IsSet("hello-world") && c.IsSet("origin-server-name") { if !c.IsSet("hello-world") && c.IsSet("origin-server-name") {
httpTransport.TLSClientConfig.ServerName = c.String("origin-server-name") httpTransport.TLSClientConfig.ServerName = c.String("origin-server-name")
} }

View File

@ -37,8 +37,10 @@ const (
) )
type TunnelConfig struct { type TunnelConfig struct {
// OriginUrl may not be used if a user specifies a unix socket.
OriginUrl string
EdgeAddrs []string EdgeAddrs []string
OriginUrl string
Hostname string Hostname string
OriginCert []byte OriginCert []byte
TlsConfig *tls.Config TlsConfig *tls.Config