close_issue_2
/
tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cmd/godoc: support http-01 ACME challenge in optional autocert support 

Using same structure & naming as CL 91518.

Fixes golang/go#23627

Change-Id: Ifb73c77d2c39f9f669d425650f9c5bc31bace196
Reviewed-on: https://go-review.googlesource.com/106455
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Andrew Bonventre <andybons@golang.org>
This commit is contained in:
Brad Fitzpatrick 2018-04-11 20:51:08 +00:00
parent 8b3cccae50
commit dc06d3e643
2 changed files with 32 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
cmd/godoc/autocert.go
View File

@ -32,21 +32,28 @@ var (
) )
func init() { func init() {
serveAutoCertHook = serveAutoCert runHTTPS = runHTTPSAutocert
certInit = certInitAutocert
wrapHTTPMux = wrapHTTPMuxAutocert
} }
func serveAutoCert(h http.Handler) error { var autocertManager *autocert.Manager
m := autocert.Manager{
func certInitAutocert() {
autocertManager = &autocert.Manager{
Cache: autocert.DirCache(*autoCertDirFlag), Cache: autocert.DirCache(*autoCertDirFlag),
Prompt: autocert.AcceptTOS, Prompt: autocert.AcceptTOS,
} }
if *autoCertHostFlag != "" { if *autoCertHostFlag != "" {
m.HostPolicy = autocert.HostWhitelist(*autoCertHostFlag) autocertManager.HostPolicy = autocert.HostWhitelist(*autoCertHostFlag)
} }
}
func runHTTPSAutocert(h http.Handler) error {
srv := &http.Server{ srv := &http.Server{
Handler: h, Handler: h,
TLSConfig: &tls.Config{ TLSConfig: &tls.Config{
GetCertificate: m.GetCertificate, GetCertificate: autocertManager.GetCertificate,
}, },
IdleTimeout: 60 * time.Second, IdleTimeout: 60 * time.Second,
} }
@ -58,6 +65,10 @@ func serveAutoCert(h http.Handler) error {
return srv.Serve(tls.NewListener(tcpKeepAliveListener{ln.(*net.TCPListener)}, srv.TLSConfig)) return srv.Serve(tls.NewListener(tcpKeepAliveListener{ln.(*net.TCPListener)}, srv.TLSConfig))
} }
func wrapHTTPMuxAutocert(h http.Handler) http.Handler {
return autocertManager.HTTPHandler(h)
}
// tcpKeepAliveListener sets TCP keep-alive timeouts on accepted // tcpKeepAliveListener sets TCP keep-alive timeouts on accepted
// connections. It's used by ListenAndServe and ListenAndServeTLS so // connections. It's used by ListenAndServe and ListenAndServeTLS so
// dead TCP connections (e.g. closing laptop mid-download) eventually // dead TCP connections (e.g. closing laptop mid-download) eventually

21
cmd/godoc/main.go
View File

@ -165,6 +165,10 @@ func main() {
flag.Usage = usage flag.Usage = usage
flag.Parse() flag.Parse()
if certInit != nil {
certInit()
}
playEnabled = *showPlayground playEnabled = *showPlayground
// Check usage: server and no args. // Check usage: server and no args.
@ -325,9 +329,9 @@ func main() {
go analysis.Run(pointerAnalysis, &corpus.Analysis) go analysis.Run(pointerAnalysis, &corpus.Analysis)
} }
if serveAutoCertHook != nil { if runHTTPS != nil {
go func() { go func() {
if err := serveAutoCertHook(handler); err != nil { if err := runHTTPS(handler); err != nil {
log.Fatalf("ListenAndServe TLS: %v", err) log.Fatalf("ListenAndServe TLS: %v", err)
} }
}() }()
@ -337,6 +341,9 @@ func main() {
if *verbose { if *verbose {
log.Println("starting HTTP server") log.Println("starting HTTP server")
} }
if wrapHTTPMux != nil {
handler = wrapHTTPMux(handler)
}
if err := http.ListenAndServe(*httpAddr, handler); err != nil { if err := http.ListenAndServe(*httpAddr, handler); err != nil {
log.Fatalf("ListenAndServe %s: %v", *httpAddr, err) log.Fatalf("ListenAndServe %s: %v", *httpAddr, err)
} }
@ -354,6 +361,10 @@ func main() {
} }
} }
// serveAutoCertHook if non-nil specifies a function to listen on port 443. // Hooks that are set non-nil in autocert.go if the "autocert" build tag
// See autocert.go. // is used.
var serveAutoCertHook func(http.Handler) error var (
certInit func()
runHTTPS func(http.Handler) error
wrapHTTPMux func(http.Handler) http.Handler
)