cmd/tip: enable HTTP ACME challenges

Updates golang/go#23627 Change-Id: I9dff655b531dc3491419ee1883c570c0bc5d8955 Reviewed-on: https://go-review.googlesource.com/91518 Reviewed-by: Andrew Bonventre <andybons@golang.org>
2018-02-01 23:02:22 +00:00 · 2018-02-01 23:02:22 +00:00 · 66487607e2
parent 25101aadb9
commit 66487607e2
4 changed files with 79 additions and 37 deletions
--- a/cmd/tip/Dockerfile
+++ b/cmd/tip/Dockerfile
@ -1,4 +1,4 @@
-FROM golang:1.8
+FROM golang:1.9
 RUN apt-get update && apt-get install --no-install-recommends -y -q build-essential git
@ -7,59 +7,59 @@ ENV GOROOT_BOOTSTRAP /usr/local/go
 # BEGIN deps (run `make update-deps` to update)
-# Repo cloud.google.com/go at 76d607c (2017-07-20)
+# Repo cloud.google.com/go at 1d0c2da (2018-01-30)
-ENV REV=76d607c4e7a2b9df49f1d1a58a3f3d2dd2614704
+ENV REV=1d0c2da40456a9b47f5376165f275424acc15c09
 RUN go get -d cloud.google.com/go/compute/metadata `#and 6 other pkgs` &&\
    (cd /go/src/cloud.google.com/go && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
-# Repo github.com/golang/protobuf at 0a4f71a (2017-07-11)
+# Repo github.com/golang/protobuf at 9255415 (2018-01-25)
-ENV REV=0a4f71a498b7c4812f64969510bcb4eca251e33a
+ENV REV=925541529c1fa6821df4e44ce2723319eb2be768
 RUN go get -d github.com/golang/protobuf/proto `#and 6 other pkgs` &&\
    (cd /go/src/github.com/golang/protobuf && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
-# Repo github.com/googleapis/gax-go at 84ed267 (2017-06-10)
+# Repo github.com/googleapis/gax-go at 317e000 (2017-09-15)
-ENV REV=84ed26760e7f6f80887a2fbfb50db3cc415d2cea
+ENV REV=317e0006254c44a0ac427cc52a0e083ff0b9622f
 RUN go get -d github.com/googleapis/gax-go &&\
    (cd /go/src/github.com/googleapis/gax-go && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
-# Repo golang.org/x/build at da1460b (2017-07-31)
+# Repo golang.org/x/build at e879390 (2018-02-01)
-ENV REV=da1460b7c9c9b65383d1336593ed9ad346f6a1c5
+ENV REV=e8793909ba350594eea4c7c6bdb0f0d9a0d0f77a
 RUN go get -d golang.org/x/build/autocertcache &&\
    (cd /go/src/golang.org/x/build && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
-# Repo golang.org/x/crypto at 6914964 (2017-07-20)
+# Repo golang.org/x/crypto at 1875d0a (2018-01-27)
-ENV REV=6914964337150723782436d56b3f21610a74ce7b
+ENV REV=1875d0a70c90e57f11972aefd42276df65e895b9
 RUN go get -d golang.org/x/crypto/acme `#and 2 other pkgs` &&\
    (cd /go/src/golang.org/x/crypto && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
-# Repo golang.org/x/net at ab54850 (2017-07-21)
+# Repo golang.org/x/net at 6d90978 (2018-02-01)
-ENV REV=ab5485076ff3407ad2d02db054635913f017b0ed
+ENV REV=6d90978dc4889d44e8cfbd04c05d17b5417823c7
 RUN go get -d golang.org/x/net/context `#and 8 other pkgs` &&\
    (cd /go/src/golang.org/x/net && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
-# Repo golang.org/x/oauth2 at b53b38a (2017-07-19)
+# Repo golang.org/x/oauth2 at 30785a2 (2018-01-04)
-ENV REV=b53b38ad8a6435bd399ea76d0fa74f23149cca4e
+ENV REV=30785a2c434e431ef7c507b54617d6a951d5f2b4
 RUN go get -d golang.org/x/oauth2 `#and 5 other pkgs` &&\
    (cd /go/src/golang.org/x/oauth2 && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
-# Repo golang.org/x/text at 836efe4 (2017-07-14)
+# Repo golang.org/x/text at e19ae14 (2017-12-27)
-ENV REV=836efe42bb4aa16aaa17b9c155d8813d336ed720
+ENV REV=e19ae1496984b1c655b8044a65c0300a3c878dd3
 RUN go get -d golang.org/x/text/secure/bidirule `#and 4 other pkgs` &&\
    (cd /go/src/golang.org/x/text && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
-# Repo google.golang.org/api at 295e4bb (2017-07-18)
+# Repo google.golang.org/api at 7d0e2d3 (2018-01-30)
-ENV REV=295e4bb0ade057ae2cfb9876ab0b54635dbfcea4
+ENV REV=7d0e2d350555821bef5a5b8aecf0d12cc1def633
 RUN go get -d google.golang.org/api/gensupport `#and 9 other pkgs` &&\
    (cd /go/src/google.golang.org/api && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
-# Repo google.golang.org/genproto at b0a3dcf (2017-07-12)
+# Repo google.golang.org/genproto at 4eb30f4 (2018-01-25)
-ENV REV=b0a3dcfcd1a9bd48e63634bd8802960804cf8315
+ENV REV=4eb30f4778eed4c258ba66527a0d4f9ec8a36c45
 RUN go get -d google.golang.org/genproto/googleapis/api/annotations `#and 3 other pkgs` &&\
    (cd /go/src/google.golang.org/genproto && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
-# Repo google.golang.org/grpc at fa1cb32 (2017-07-31)
+# Repo google.golang.org/grpc at 0bd008f (2018-01-25)
-ENV REV=fa1cb32dc4f81e23ab862dd5e7ac4f2920a33088
+ENV REV=0bd008f5fadb62d228f12b18d016709e8139a7af
-RUN go get -d google.golang.org/grpc `#and 14 other pkgs` &&\
+RUN go get -d google.golang.org/grpc `#and 23 other pkgs` &&\
    (cd /go/src/google.golang.org/grpc && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
 # Optimization to speed up iterative development, not necessary for correctness:
@ -109,15 +109,24 @@ RUN go install cloud.google.com/go/compute/metadata \
 	google.golang.org/genproto/googleapis/iam/v1 \
 	google.golang.org/genproto/googleapis/rpc/status \
 	google.golang.org/grpc \
 	google.golang.org/grpc/balancer \
 	google.golang.org/grpc/balancer/base \
 	google.golang.org/grpc/balancer/roundrobin \
 	google.golang.org/grpc/codes \
 	google.golang.org/grpc/connectivity \
 	google.golang.org/grpc/credentials \
-	google.golang.org/grpc/grpclb/grpc_lb_v1 \
+	google.golang.org/grpc/encoding \
 	google.golang.org/grpc/encoding/proto \
 	google.golang.org/grpc/grpclb/grpc_lb_v1/messages \
 	google.golang.org/grpc/grpclog \
 	google.golang.org/grpc/internal \
 	google.golang.org/grpc/keepalive \
 	google.golang.org/grpc/metadata \
 	google.golang.org/grpc/naming \
 	google.golang.org/grpc/peer \
 	google.golang.org/grpc/resolver \
 	google.golang.org/grpc/resolver/dns \
 	google.golang.org/grpc/resolver/passthrough \
 	google.golang.org/grpc/stats \
 	google.golang.org/grpc/status \
 	google.golang.org/grpc/tap \
@ -128,5 +137,7 @@ RUN go install cloud.google.com/go/compute/metadata \
 ADD . /go/src/tip
 RUN go install --tags=autocert tip
 ENTRYPOINT ["/go/bin/tip"]
-# App Engine expects us to listen on port 8080
+
-EXPOSE 8080
+# We listen on 8080 (for historical reasons). The service.yaml maps public port 80 to 8080.
 # We also listen on 443 for LetsEncrypt TLS.
 EXPOSE 8080 443
--- a/cmd/tip/Makefile
+++ b/cmd/tip/Makefile
@ -4,9 +4,15 @@
 VERSION=v2
 .PHONY: usage
 usage:
 	echo "See Makefile"
 	exit 1
 update-deps:
 	go install golang.org/x/build/cmd/gitlock
-	gitlock --update=Dockerfile --ignore=NONE golang.org/x/tools/cmd/tip
+	gitlock --update=Dockerfile --ignore=NONE --tags=autocert golang.org/x/tools/cmd/tip
 docker-prod: Dockerfile
 	docker build -f Dockerfile --tag=gcr.io/symbolic-datum-552/tip:$(VERSION) .
--- a/cmd/tip/cert.go
+++ b/cmd/tip/cert.go
@ -25,9 +25,13 @@ import (
 func init() {
 	runHTTPS = runHTTPSAutocert
 	certInit = certInitAutocert
 	wrapHTTPMux = wrapHTTPMuxAutocert
 }
-func runHTTPSAutocert(h http.Handler) error {
+var autocertManager *autocert.Manager
 func certInitAutocert() {
 	var cache autocert.Cache
 	if b := *autoCertCacheBucket; b != "" {
 		sc, err := storage.NewClient(context.Background())
@ -36,15 +40,24 @@ func runHTTPSAutocert(h http.Handler) error {
 		}
 		cache = autocertcache.NewGoogleCloudStorageCache(sc, b)
 	}
-	m := autocert.Manager{
+	autocertManager = &autocert.Manager{
 		Prompt:     autocert.AcceptTOS,
 		HostPolicy: autocert.HostWhitelist(*autoCertDomain),
 		Cache:      cache,
 	}
 }
 func runHTTPSAutocert(h http.Handler) error {
 	s := &http.Server{
 		Addr:    ":https",
 		Handler: h,
-		TLSConfig: &tls.Config{GetCertificate: m.GetCertificate},
+		TLSConfig: &tls.Config{
 			GetCertificate: autocertManager.GetCertificate,
 		},
 	}
 	return s.ListenAndServeTLS("", "")
 }
 func wrapHTTPMuxAutocert(h http.Handler) http.Handler {
 	return autocertManager.HTTPHandler(h)
 }
--- a/cmd/tip/tip.go
+++ b/cmd/tip/tip.go
@ -38,9 +38,13 @@ var (
 	autoCertCacheBucket = flag.String("autocert-bucket", "", "if non-empty, the Google Cloud Storage bucket in which to store the LetsEncrypt cache")
 )
-// runHTTPS, if non-nil, specifies the function to serve HTTPS.
+// Hooks that are set non-nil in cert.go if the "autocert" build tag
-// It is set non-nil in cert.go with the "autocert" build tag.
+// is used.
-var runHTTPS func(http.Handler) error
+var (
 	certInit    func()
 	runHTTPS    func(http.Handler) error
 	wrapHTTPMux func(http.Handler) http.Handler
 )
 func main() {
 	flag.Parse()
@ -56,6 +60,10 @@ func main() {
 		log.Fatalf("Unknown %v value: %q", k, os.Getenv(k))
 	}
 	if certInit != nil {
 		certInit()
 	}
 	p := &Proxy{builder: b}
 	go p.run()
 	mux := newServeMux(p)
@ -65,7 +73,11 @@ func main() {
 	errc := make(chan error, 1)
 	go func() {
-		errc <- http.ListenAndServe(":8080", mux)
+		var httpMux http.Handler = mux
 		if wrapHTTPMux != nil {
 			httpMux = wrapHTTPMux(httpMux)
 		}
 		errc <- http.ListenAndServe(":8080", httpMux)
 	}()
 	if *autoCertDomain != "" {
 		if runHTTPS == nil {