quick fix ACME instance, burn some logs
This commit is contained in:
parent
13d5676a14
commit
1f39f57837
|
@ -1,7 +1,6 @@
|
||||||
package packer
|
package packer
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
|
||||||
"net"
|
"net"
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
@ -61,7 +60,8 @@ func (c *ConnWrap) Servername() string {
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
|
|
||||||
// isTerminated returns true if it is certain that the connection has been decrypted at least once
|
// isTerminated returns true if net.Conn is either a ConnWrap{ tls.Conn },
|
||||||
|
// or a telebit.Conn with a non-encrypted `scheme` such as "tcp" or "http".
|
||||||
func (c *ConnWrap) isTerminated() bool {
|
func (c *ConnWrap) isTerminated() bool {
|
||||||
if nil != c.Plain {
|
if nil != c.Plain {
|
||||||
return true
|
return true
|
||||||
|
@ -71,7 +71,6 @@ func (c *ConnWrap) isTerminated() bool {
|
||||||
case *ConnWrap:
|
case *ConnWrap:
|
||||||
return conn.isTerminated()
|
return conn.isTerminated()
|
||||||
case *Conn:
|
case *Conn:
|
||||||
fmt.Printf("[debug] isTerminated: %#v\n", conn.relayTargetAddr)
|
|
||||||
_, ok := encryptedSchemes[string(conn.relayTargetAddr.scheme)]
|
_, ok := encryptedSchemes[string(conn.relayTargetAddr.scheme)]
|
||||||
return !ok
|
return !ok
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,6 @@ package packer
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
|
||||||
"io"
|
"io"
|
||||||
"sync"
|
"sync"
|
||||||
)
|
)
|
||||||
|
@ -60,7 +59,7 @@ func (enc *Encoder) Encode(rin io.Reader, src, dst Addr) error {
|
||||||
rx := make(chan []byte)
|
rx := make(chan []byte)
|
||||||
rxErr := make(chan error)
|
rxErr := make(chan error)
|
||||||
|
|
||||||
fmt.Println("what's the source to encode?", src)
|
//fmt.Println("[debug] what's the source to encode?", src)
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
for {
|
for {
|
||||||
|
@ -95,8 +94,8 @@ func (enc *Encoder) Encode(rin io.Reader, src, dst Addr) error {
|
||||||
//rin.Close()
|
//rin.Close()
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
fmt.Println("[debug] encode header:", string(header))
|
//fmt.Println("[debug] encode header:", string(header))
|
||||||
fmt.Println("[debug] encode payload:", string(b))
|
//fmt.Println("[debug] encode payload:", string(b))
|
||||||
|
|
||||||
_, err = enc.write(header, b)
|
_, err = enc.write(header, b)
|
||||||
if nil != err {
|
if nil != err {
|
||||||
|
@ -108,7 +107,7 @@ func (enc *Encoder) Encode(rin io.Reader, src, dst Addr) error {
|
||||||
//rin.Close()
|
//rin.Close()
|
||||||
if io.EOF == err {
|
if io.EOF == err {
|
||||||
header, _, _ := Encode(nil, src, Addr{scheme: "end"})
|
header, _, _ := Encode(nil, src, Addr{scheme: "end"})
|
||||||
fmt.Println("[debug] encode end: ", string(header))
|
//fmt.Println("[debug] encode end: ", string(header))
|
||||||
// ignore err, which may have already closed
|
// ignore err, which may have already closed
|
||||||
_, _ = enc.write(header, nil)
|
_, _ = enc.write(header, nil)
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -115,10 +115,8 @@ func (l *Listener) RouteBytes(srcAddr, dstAddr Addr, b []byte) {
|
||||||
|
|
||||||
src := &srcAddr
|
src := &srcAddr
|
||||||
dst := &dstAddr
|
dst := &dstAddr
|
||||||
pipe := l.getPipe(src, dst)
|
pipe := l.getPipe(src, dst, len(b))
|
||||||
|
//fmt.Printf("%s\n", b)
|
||||||
fmt.Printf("Forwarding bytes\n\tfrom %#v\n\tto %#v:\n", src, dst)
|
|
||||||
fmt.Printf("%s\n", b)
|
|
||||||
|
|
||||||
// handle errors before data writes because I don't
|
// handle errors before data writes because I don't
|
||||||
// remember where the error message goes
|
// remember where the error message goes
|
||||||
|
@ -141,7 +139,7 @@ func (l *Listener) RouteBytes(srcAddr, dstAddr Addr, b []byte) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (l *Listener) getPipe(src, dst *Addr) net.Conn {
|
func (l *Listener) getPipe(src, dst *Addr, count int) net.Conn {
|
||||||
connID := src.Network()
|
connID := src.Network()
|
||||||
pipe, ok := l.conns[connID]
|
pipe, ok := l.conns[connID]
|
||||||
|
|
||||||
|
@ -149,6 +147,7 @@ func (l *Listener) getPipe(src, dst *Addr) net.Conn {
|
||||||
if ok {
|
if ok {
|
||||||
return pipe
|
return pipe
|
||||||
}
|
}
|
||||||
|
fmt.Printf("New client (%d byte hello)\n\tfrom %#v\n\tto %#v:\n", count, src, dst)
|
||||||
|
|
||||||
// Create pipe
|
// Create pipe
|
||||||
rawPipe, pipe := net.Pipe()
|
rawPipe, pipe := net.Pipe()
|
||||||
|
@ -156,11 +155,6 @@ func (l *Listener) getPipe(src, dst *Addr) net.Conn {
|
||||||
//updated: time.Now(),
|
//updated: time.Now(),
|
||||||
relaySourceAddr: *src,
|
relaySourceAddr: *src,
|
||||||
relayTargetAddr: *dst,
|
relayTargetAddr: *dst,
|
||||||
/*
|
|
||||||
relayTargetAddr: Addr{
|
|
||||||
scheme: addr.scheme,
|
|
||||||
},
|
|
||||||
*/
|
|
||||||
relay: rawPipe,
|
relay: rawPipe,
|
||||||
}
|
}
|
||||||
l.conns[connID] = pipe
|
l.conns[connID] = pipe
|
||||||
|
|
|
@ -36,7 +36,7 @@ func (m *RouteMux) Serve(client net.Conn) error {
|
||||||
|
|
||||||
for _, meta := range m.list {
|
for _, meta := range m.list {
|
||||||
if servername == meta.addr || "*" == meta.addr {
|
if servername == meta.addr || "*" == meta.addr {
|
||||||
fmt.Println("[debug] test of route:", meta)
|
//fmt.Println("[debug] test of route:", meta)
|
||||||
if err := meta.handler.Serve(client); nil != err {
|
if err := meta.handler.Serve(client); nil != err {
|
||||||
// error should be EOF if successful
|
// error should be EOF if successful
|
||||||
return err
|
return err
|
||||||
|
|
|
@ -110,24 +110,34 @@ func Forward(client net.Conn, target net.Conn, timeout time.Duration) error {
|
||||||
client.SetDeadline(time.Now().Add(timeout))
|
client.SetDeadline(time.Now().Add(timeout))
|
||||||
_, err = target.Write(b)
|
_, err = target.Write(b)
|
||||||
if nil != err {
|
if nil != err {
|
||||||
fmt.Printf("write to target failed: %q", err.Error())
|
fmt.Printf("write to target failed: %q\n", err.Error())
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
case b := <-dstCh:
|
case b := <-dstCh:
|
||||||
target.SetDeadline(time.Now().Add(timeout))
|
target.SetDeadline(time.Now().Add(timeout))
|
||||||
_, err = client.Write(b)
|
_, err = client.Write(b)
|
||||||
if nil != err {
|
if nil != err {
|
||||||
fmt.Printf("write to remote failed: %q", err.Error())
|
fmt.Printf("write to remote failed: %q\n", err.Error())
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
case err = <-srcErrCh:
|
case err = <-srcErrCh:
|
||||||
if nil != err {
|
if nil == err {
|
||||||
fmt.Printf("read from remote failed: %q", err.Error())
|
break
|
||||||
|
}
|
||||||
|
if io.EOF != err {
|
||||||
|
fmt.Printf("read from remote client failed: %q\n", err.Error())
|
||||||
|
} else {
|
||||||
|
fmt.Printf("Connection closed (possibly by remote client)\n")
|
||||||
}
|
}
|
||||||
break
|
break
|
||||||
case err = <-dstErrCh:
|
case err = <-dstErrCh:
|
||||||
if nil != err {
|
if nil == err {
|
||||||
fmt.Printf("read from target failed: %q", err.Error())
|
break
|
||||||
|
}
|
||||||
|
if io.EOF != err {
|
||||||
|
fmt.Printf("read from local target failed: %q\n", err.Error())
|
||||||
|
} else {
|
||||||
|
fmt.Printf("Connection closed (possibly by local target)\n")
|
||||||
}
|
}
|
||||||
break
|
break
|
||||||
|
|
||||||
|
@ -149,6 +159,8 @@ type ACME struct {
|
||||||
EnableTLSALPNChallenge bool
|
EnableTLSALPNChallenge bool
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var acmecert *certmagic.Config = nil
|
||||||
|
|
||||||
func NewTerminator(acme *ACME, handler Handler) HandlerFunc {
|
func NewTerminator(acme *ACME, handler Handler) HandlerFunc {
|
||||||
return func(client net.Conn) error {
|
return func(client net.Conn) error {
|
||||||
return handler.Serve(TerminateTLS(client, acme))
|
return handler.Serve(TerminateTLS(client, acme))
|
||||||
|
@ -156,16 +168,23 @@ func NewTerminator(acme *ACME, handler Handler) HandlerFunc {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TerminateTLS(client net.Conn, acme *ACME) net.Conn {
|
func TerminateTLS(client net.Conn, acme *ACME) net.Conn {
|
||||||
|
var magic *certmagic.Config = nil
|
||||||
|
|
||||||
|
if nil == acmecert {
|
||||||
acme.Storage = &certmagic.FileStorage{Path: acme.StoragePath}
|
acme.Storage = &certmagic.FileStorage{Path: acme.StoragePath}
|
||||||
|
|
||||||
if "" == acme.Directory {
|
if "" == acme.Directory {
|
||||||
acme.Directory = certmagic.LetsEncryptProductionCA
|
acme.Directory = certmagic.LetsEncryptProductionCA
|
||||||
}
|
}
|
||||||
magic, err := newCertMagic(acme)
|
|
||||||
|
var err error
|
||||||
|
magic, err = newCertMagic(acme)
|
||||||
if nil != err {
|
if nil != err {
|
||||||
fmt.Fprintf(os.Stderr, "failed to initialize certificate management (discovery url? local folder perms?): %s\n", err)
|
fmt.Fprintf(os.Stderr, "failed to initialize certificate management (discovery url? local folder perms?): %s\n", err)
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
}
|
}
|
||||||
|
acmecert = magic
|
||||||
|
}
|
||||||
|
|
||||||
tlsConfig := &tls.Config{
|
tlsConfig := &tls.Config{
|
||||||
GetCertificate: func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
GetCertificate: func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||||
|
|
|
@ -61,7 +61,7 @@ func (wsw *WebsocketTunnel) Read(b []byte) (int, error) {
|
||||||
if nil == wsw.tmpr {
|
if nil == wsw.tmpr {
|
||||||
_, msgr, err := wsw.wsconn.NextReader()
|
_, msgr, err := wsw.wsconn.NextReader()
|
||||||
if nil != err {
|
if nil != err {
|
||||||
fmt.Println("debug wsw NextReader err:", err)
|
//fmt.Println("debug wsw NextReader err:", err)
|
||||||
return 0, err
|
return 0, err
|
||||||
}
|
}
|
||||||
wsw.tmpr = msgr
|
wsw.tmpr = msgr
|
||||||
|
@ -69,7 +69,7 @@ func (wsw *WebsocketTunnel) Read(b []byte) (int, error) {
|
||||||
|
|
||||||
n, err := wsw.tmpr.Read(b)
|
n, err := wsw.tmpr.Read(b)
|
||||||
if nil != err {
|
if nil != err {
|
||||||
fmt.Println("debug wsw Read err:", err)
|
//fmt.Println("debug wsw Read err:", err)
|
||||||
if io.EOF == err {
|
if io.EOF == err {
|
||||||
wsw.tmpr = nil
|
wsw.tmpr = nil
|
||||||
// ignore the message EOF because it's not the websocket EOF
|
// ignore the message EOF because it's not the websocket EOF
|
||||||
|
@ -85,12 +85,12 @@ func (wsw *WebsocketTunnel) Write(b []byte) (int, error) {
|
||||||
|
|
||||||
msgw, err := wsw.wsconn.NextWriter(websocket.BinaryMessage)
|
msgw, err := wsw.wsconn.NextWriter(websocket.BinaryMessage)
|
||||||
if nil != err {
|
if nil != err {
|
||||||
fmt.Println("debug wsw NextWriter err:", err)
|
//fmt.Println("debug wsw NextWriter err:", err)
|
||||||
return 0, err
|
return 0, err
|
||||||
}
|
}
|
||||||
n, err := msgw.Write(b)
|
n, err := msgw.Write(b)
|
||||||
if nil != err {
|
if nil != err {
|
||||||
fmt.Println("debug wsw Write err:", err)
|
//fmt.Println("debug wsw Write err:", err)
|
||||||
return n, err
|
return n, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -100,7 +100,7 @@ func (wsw *WebsocketTunnel) Write(b []byte) (int, error) {
|
||||||
|
|
||||||
// Close will close the websocket with a control message
|
// Close will close the websocket with a control message
|
||||||
func (wsw *WebsocketTunnel) Close() error {
|
func (wsw *WebsocketTunnel) Close() error {
|
||||||
fmt.Println("[debug] closing the websocket.Conn")
|
//fmt.Println("[debug] closing the websocket.Conn")
|
||||||
|
|
||||||
// TODO handle EOF as websocket.CloseNormal?
|
// TODO handle EOF as websocket.CloseNormal?
|
||||||
message := websocket.FormatCloseMessage(websocket.CloseGoingAway, "closing connection")
|
message := websocket.FormatCloseMessage(websocket.CloseGoingAway, "closing connection")
|
||||||
|
|
Loading…
Reference in New Issue