2017-04-05 02:31:58 +00:00
'use strict' ;
var http = require ( 'http' ) ;
var tls = require ( 'tls' ) ;
2017-05-26 23:26:44 +00:00
var wrapSocket = require ( 'tunnel-packer' ) . wrapSocket ;
2017-04-05 07:01:43 +00:00
var redirectHttps = require ( 'redirect-https' ) ( ) ;
2017-04-05 02:31:58 +00:00
module . exports . create = function ( program ) {
2017-04-05 08:13:03 +00:00
var tunnelAdminTlsOpts = { } ;
2017-04-05 08:18:35 +00:00
// Probably a reverse proxy on an internal network (or ACME challenge)
function notFound ( req , res ) {
2017-04-05 02:31:58 +00:00
console . log ( 'req.socket.encrypted' , req . socket . encrypted ) ;
2017-04-05 08:13:03 +00:00
res . statusCode = 404 ;
res . end ( "File not found.\n" ) ;
2017-04-05 08:18:35 +00:00
}
program . httpServer = http . createServer (
program . greenlock && program . greenlock . middleware ( notFound )
|| notFound
) ;
2017-04-05 08:13:03 +00:00
program . handleHttp = function ( servername , socket ) {
console . log ( "handleHttp('" + servername + "', socket)" ) ;
socket . _ _my _servername = servername ;
program . httpServer . emit ( 'connection' , socket ) ;
} ;
2017-04-05 07:01:43 +00:00
2017-04-05 08:13:03 +00:00
// Probably something that needs to be redirected to https
2017-04-05 08:18:35 +00:00
function redirectHttpsAndClose ( req , res ) {
2017-04-05 07:01:43 +00:00
res . setHeader ( 'Connection' , 'close' ) ;
redirectHttps ( req , res ) ;
2017-04-05 08:18:35 +00:00
}
program . httpInsecureServer = http . createServer (
program . greenlock && program . greenlock . middleware ( redirectHttpsAndClose )
|| redirectHttpsAndClose
) ;
2017-04-05 08:13:03 +00:00
program . handleInsecureHttp = function ( servername , socket ) {
console . log ( "handleInsecureHttp('" + servername + "', socket)" ) ;
socket . _ _my _servername = servername ;
program . httpInsecureServer . emit ( 'connection' , socket ) ;
} ;
//
// SNI is not recogonized / cannot be handled
//
2017-04-05 02:31:58 +00:00
program . httpInvalidSniServer = http . createServer ( function ( req , res ) {
2017-10-04 23:28:38 +00:00
res . end ( "This is an old error message that shouldn't be actually be acessible anymore. If you get this please tell AJ so that he finds where it was still referenced and removes it" ) ;
2017-04-05 02:31:58 +00:00
} ) ;
program . tlsInvalidSniServer = tls . createServer ( program . tlsOptions , function ( tlsSocket ) {
console . log ( 'tls connection' ) ;
// things get a little messed up here
program . httpInvalidSniServer . emit ( 'connection' , tlsSocket ) ;
} ) ;
program . httpsInvalid = function ( servername , socket ) {
// none of these methods work:
// httpsServer.emit('connection', socket); // this didn't work
// tlsServer.emit('connection', socket); // this didn't work either
//console.log('chunkLen', firstChunk.byteLength);
console . log ( 'httpsInvalid servername' , servername ) ;
2017-10-04 23:28:38 +00:00
//program.tlsInvalidSniServer.emit('connection', wrapSocket(socket));
var tlsInvalidSniServer = tls . createServer ( program . tlsOptions , function ( tlsSocket ) {
console . log ( 'tls connection' ) ;
// things get a little messed up here
var httpInvalidSniServer = http . createServer ( function ( req , res ) {
if ( ! servername ) {
res . statusCode = 422 ;
res . end (
"3. An inexplicable temporal shift of the quantum realm... that makes me feel uncomfortable.\n\n"
+ "[ERROR] No SNI header was sent. I can only think of two possible explanations for this:\n"
+ "\t1. You really love Windows XP and you just won't let go of Internet Explorer 6\n"
+ "\t2. You're writing a bot and you forgot to set the servername parameter\n"
) ;
return ;
}
res . end (
"You came in hot looking for '" + servername + "' and, granted, the IP address for that domain"
+ " must be pointing here (or else how could you be here?), nevertheless either it's not registered"
+ " in the internal system at all (which Seth says isn't even a thing) or there is no device"
+ " connected on the south side of the network which has informed me that it's ready to have traffic"
+ " for that domain forwarded to it (sorry I didn't check that deeply to determine which).\n\n"
+ "Either way, you're doing strange things that make me feel uncomfortable... Please don't touch me there any more." ) ;
} ) ;
httpInvalidSniServer . emit ( 'connection' , tlsSocket ) ;
} ) ;
tlsInvalidSniServer . emit ( 'connection' , wrapSocket ( socket ) ) ;
2017-04-05 02:31:58 +00:00
} ;
2017-04-05 08:13:03 +00:00
//
// To ADMIN / CONTROL PANEL of the Tunnel Server Itself
//
program . httpTunnelServer = http . createServer ( function ( req , res ) {
console . log ( 'req.socket.encrypted' , req . socket . encrypted ) ;
res . end ( 'Hello, World!' ) ;
} ) ;
Object . keys ( program . tlsOptions ) . forEach ( function ( key ) {
tunnelAdminTlsOpts [ key ] = program . tlsOptions [ key ] ;
} ) ;
tunnelAdminTlsOpts . SNICallback = ( program . greenlock && program . greenlock . httpsOptions && function ( servername , cb ) {
console . log ( "time to handle '" + servername + "'" ) ;
program . greenlock . httpsOptions . SNICallback ( servername , cb ) ;
} ) || tunnelAdminTlsOpts . SNICallback ;
program . tlsTunnelServer = tls . createServer ( tunnelAdminTlsOpts , function ( tlsSocket ) {
console . log ( 'tls connection' ) ;
// things get a little messed up here
( program . httpTunnelServer || program . httpServer ) . emit ( 'connection' , tlsSocket ) ;
} ) ;
2017-04-05 02:31:58 +00:00
program . httpsTunnel = function ( servername , socket ) {
// none of these methods work:
// httpsServer.emit('connection', socket); // this didn't work
// tlsServer.emit('connection', socket); // this didn't work either
//console.log('chunkLen', firstChunk.byteLength);
2017-04-05 08:13:03 +00:00
console . log ( 'httpsTunnel (Admin) servername' , servername ) ;
2017-05-26 23:26:44 +00:00
program . tlsTunnelServer . emit ( 'connection' , wrapSocket ( socket ) ) ;
2017-04-05 02:31:58 +00:00
} ;
} ;