add --proxy-http-01

This commit is contained in:
AJ ONeal 2020-11-18 02:05:36 -07:00
parent 43aec3007a
commit ebce63c08e
4 changed files with 22 additions and 1 deletions

View File

@ -30,6 +30,8 @@ export LISTEN=":443"
export LOCALS=https:mgmt.example.com:6468 export LOCALS=https:mgmt.example.com:6468
# --auth-url # --auth-url
export AUTH_URL=http://localhost:6468/api export AUTH_URL=http://localhost:6468/api
# --proxy-http-01
export PROXY_HTTP_01=http://mgmt.example.com:6468
# --acme-agree # --acme-agree
export ACME_AGREE=true export ACME_AGREE=true
# --acme-email # --acme-email

View File

@ -24,6 +24,7 @@ import (
"git.rootprojects.org/root/telebit/internal/dbg" "git.rootprojects.org/root/telebit/internal/dbg"
"git.rootprojects.org/root/telebit/internal/dns01" "git.rootprojects.org/root/telebit/internal/dns01"
"git.rootprojects.org/root/telebit/internal/http01" "git.rootprojects.org/root/telebit/internal/http01"
"git.rootprojects.org/root/telebit/internal/http01proxy"
"git.rootprojects.org/root/telebit/internal/iplist" "git.rootprojects.org/root/telebit/internal/iplist"
"git.rootprojects.org/root/telebit/internal/mgmt" "git.rootprojects.org/root/telebit/internal/mgmt"
"git.rootprojects.org/root/telebit/internal/mgmt/authstore" "git.rootprojects.org/root/telebit/internal/mgmt/authstore"
@ -225,9 +226,9 @@ func parseFlagsAndENVs() {
acmeDirectory := flag.String("acme-directory", "", "ACME Directory URL") acmeDirectory := flag.String("acme-directory", "", "ACME Directory URL")
clientSecret := flag.String("secret", "", "the same secret used by telebit-relay (used for JWT authentication)") clientSecret := flag.String("secret", "", "the same secret used by telebit-relay (used for JWT authentication)")
resolverList := flag.String("dns-resolvers", "", "a list of resolvers in the format 8.8.8.8:53,8.8.4.4:53") resolverList := flag.String("dns-resolvers", "", "a list of resolvers in the format 8.8.8.8:53,8.8.4.4:53")
proxyHTTP01 := flag.String("proxy-http-01", "", "listen on port 80 and forward .well-known/acme-challenge traffic to this url")
flag.DurationVar(&dnsPropagationDelay, "dns-01-delay", 0, "add an extra delay after dns self-check to allow DNS-01 challenges to propagate") flag.DurationVar(&dnsPropagationDelay, "dns-01-delay", 0, "add an extra delay after dns self-check to allow DNS-01 challenges to propagate")
flag.BoolVar(&config.enableHTTP01, "acme-http-01", false, "enable HTTP-01 ACME challenges") flag.BoolVar(&config.enableHTTP01, "acme-http-01", false, "enable HTTP-01 ACME challenges")
flag.BoolVar(&config.enableTLSALPN01, "acme-tls-alpn-01", false, "enable TLS-ALPN-01 ACME challenges") flag.BoolVar(&config.enableTLSALPN01, "acme-tls-alpn-01", false, "enable TLS-ALPN-01 ACME challenges")
flag.StringVar(&config.logPath, "outfile", "", "where to direct output (default system logger or OS stdout)") flag.StringVar(&config.logPath, "outfile", "", "where to direct output (default system logger or OS stdout)")
@ -454,6 +455,10 @@ func parseFlagsAndENVs() {
config.token = "" config.token = ""
} }
if 0 == len(*proxyHTTP01) {
*proxyHTTP01 = os.Getenv("PROXY_HTTP_01")
}
if 0 == len(config.tunnelRelay) { if 0 == len(config.tunnelRelay) {
config.tunnelRelay = os.Getenv("TUNNEL_RELAY_URL") // "wss://example.com:443" config.tunnelRelay = os.Getenv("TUNNEL_RELAY_URL") // "wss://example.com:443"
} }
@ -490,6 +495,15 @@ func parseFlagsAndENVs() {
if 0 == len(config.apiHostname) { if 0 == len(config.apiHostname) {
config.apiHostname = os.Getenv("API_HOSTNAME") config.apiHostname = os.Getenv("API_HOSTNAME")
} }
// Proxy for HTTP-01 requests
// TODO needs to be limited to .well-known/acme-challenges
if len(*proxyHTTP01) > 0 {
go func() {
fmt.Printf("Proxying HTTP-01 on port 80 to %s\n", *proxyHTTP01)
log.Fatalf("%v", http01proxy.ListenAndServe(*proxyHTTP01, 10*time.Second))
}()
}
} }
func tokener() string { func tokener() string {

View File

@ -32,6 +32,10 @@ LOCALS=https:mgmt.devices.example.com:6468
# be handled per each specific use case. # be handled per each specific use case.
AUTH_URL=http://localhost:6468/api AUTH_URL=http://localhost:6468/api
# PROXY_HTTP_01
# Proxy traffic on port 80 to the given target
#PROXY_HTTP_01=https://mgmt.devices.example.com
# For Let's Encrypt ACME registration of the API_HOSTNAME # For Let's Encrypt ACME registration of the API_HOSTNAME
# and LOCALS (reverse-proxied traffic). # and LOCALS (reverse-proxied traffic).
# This is NOT for the remote telebit clients! # This is NOT for the remote telebit clients!

View File

@ -98,6 +98,7 @@ func newReverseProxier(target string, timeout time.Duration, theatre bool) Handl
targetQuery := targetURL.RawQuery targetQuery := targetURL.RawQuery
req.URL.Scheme = targetURL.Scheme req.URL.Scheme = targetURL.Scheme
req.URL.Host = targetURL.Host req.URL.Host = targetURL.Host
req.Host = targetURL.Host
req.URL.Path, req.URL.RawPath = joinURLPath(targetURL, req.URL) req.URL.Path, req.URL.RawPath = joinURLPath(targetURL, req.URL)
if targetQuery == "" || req.URL.RawQuery == "" { if targetQuery == "" || req.URL.RawQuery == "" {
req.URL.RawQuery = targetQuery + req.URL.RawQuery req.URL.RawQuery = targetQuery + req.URL.RawQuery