devbennett7/goma-gateway
1
0
Fork 0
Code Pull Requests Activity

Merge pull request #55 from jkaninda/ssl-cert

Browse Source 
feat: integrate TLS, running server over HTTPS
This commit is contained in:
Jonas Kaninda
2024-11-05 11:06:21 +01:00
committed by GitHub
parent 84a151f5fd aed039aa92
commit d364f032fa
5 changed files with 48 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.env.example
View File

@@ -1,8 +0,0 @@
GOMA_LISTEN_ADDR=0.0.0.0:80
GOMA_WRITE_TIMEOUT=15
GOMA_READ_TIMEOUT=15
GOMA_IDLE_TIMEOUT=30
GOMA_RATE_LIMITER=10
GOMA_ACCESS_LOG=/dev/Stdout
GOMA_ERROR_LOG=/dev/stderr
GOMA_CONFIG_FILE=/config/goma.yml

4
internal/handler.go
View File

@@ -75,6 +75,7 @@ func (heathRoute HealthCheckRoute) HealthCheckHandler(w http.ResponseWriter, r *
var routes []HealthCheckRouteResponse var routes []HealthCheckRouteResponse
for _, route := range heathRoute.Routes { for _, route := range heathRoute.Routes {
go func() { go func() {
defer wg.Done()
if route.HealthCheck != "" { if route.HealthCheck != "" {
err := HealthCheck(route.Destination + route.HealthCheck) err := HealthCheck(route.Destination + route.HealthCheck)
if err != nil { if err != nil {
@@ -90,7 +91,6 @@ func (heathRoute HealthCheckRoute) HealthCheckHandler(w http.ResponseWriter, r *
logger.Warn("Route %s's healthCheck is undefined", route.Name) logger.Warn("Route %s's healthCheck is undefined", route.Name)
routes = append(routes, HealthCheckRouteResponse{Name: route.Name, Status: "undefined", Error: ""}) routes = append(routes, HealthCheckRouteResponse{Name: route.Name, Status: "undefined", Error: ""})
} }
defer wg.Done()
}() }()
} }
@@ -109,7 +109,7 @@ func (heathRoute HealthCheckRoute) HealthCheckHandler(w http.ResponseWriter, r *
func (heathRoute HealthCheckRoute) HealthReadyHandler(w http.ResponseWriter, r *http.Request) { func (heathRoute HealthCheckRoute) HealthReadyHandler(w http.ResponseWriter, r *http.Request) {
logger.Info("%s %s %s %s", r.Method, r.RemoteAddr, r.URL, r.UserAgent()) logger.Info("%s %s %s %s", r.Method, r.RemoteAddr, r.URL, r.UserAgent())
response := HealthCheckRouteResponse{ response := HealthCheckRouteResponse{
Name: "Goma Gateway", Name: "Service Gateway",
Status: "healthy", Status: "healthy",
Error: "", Error: "",
} }

21
internal/helpers.go
View File

@@ -10,11 +10,14 @@ You may get a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0 http://www.apache.org/licenses/LICENSE-2.0
*/ */
import ( import (
"crypto/tls"
"fmt" "fmt"
"github.com/jedib0t/go-pretty/v6/table" "github.com/jedib0t/go-pretty/v6/table"
"github.com/jkaninda/goma-gateway/pkg/logger"
"net/http" "net/http"
) )
// printRoute prints routes
func printRoute(routes []Route) { func printRoute(routes []Route) {
t := table.NewWriter() t := table.NewWriter()
t.AppendHeader(table.Row{"Name", "Route", "Rewrite", "Destination"}) t.AppendHeader(table.Row{"Name", "Route", "Rewrite", "Destination"})
@@ -23,6 +26,8 @@ func printRoute(routes []Route) {
} }
fmt.Println(t.Render()) fmt.Println(t.Render())
} }
// getRealIP gets user real IP
func getRealIP(r *http.Request) string { func getRealIP(r *http.Request) string {
if ip := r.Header.Get("X-Real-IP"); ip != "" { if ip := r.Header.Get("X-Real-IP"); ip != "" {
return ip return ip
@@ -32,3 +37,19 @@ func getRealIP(r *http.Request) string {
} }
return r.RemoteAddr return r.RemoteAddr
} }
// loadTLS loads TLS Certificate
func loadTLS(cert, key string) (*tls.Config, error) {
if cert == "" && key == "" {
return nil, fmt.Errorf("no certificate or key file provided")
}
serverCert, err := tls.LoadX509KeyPair(cert, key)
if err != nil {
logger.Error("Error loading server certificate: %v", err)
return nil, err
}
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{serverCert},
}
return tlsConfig, nil
}

23
internal/server.go
View File

@@ -17,6 +17,7 @@ limitations under the License.
*/ */
import ( import (
"context" "context"
"crypto/tls"
"fmt" "fmt"
"github.com/jkaninda/goma-gateway/pkg/logger" "github.com/jkaninda/goma-gateway/pkg/logger"
"net/http" "net/http"
@@ -29,12 +30,24 @@ func (gatewayServer GatewayServer) Start(ctx context.Context) error {
logger.Info("Initializing routes...") logger.Info("Initializing routes...")
route := gatewayServer.Initialize() route := gatewayServer.Initialize()
logger.Info("Initializing routes...done") logger.Info("Initializing routes...done")
tlsConfig := &tls.Config{}
var listenWithTLS = false
if cert := gatewayServer.gateway.SSLCertFile; cert != "" && gatewayServer.gateway.SSLKeyFile != "" {
tlsConf, err := loadTLS(cert, gatewayServer.gateway.SSLKeyFile)
if err != nil {
return err
}
tlsConfig = tlsConf
listenWithTLS = true
}
srv := &http.Server{ srv := &http.Server{
Addr: gatewayServer.gateway.ListenAddr, Addr: gatewayServer.gateway.ListenAddr,
WriteTimeout: time.Second * time.Duration(gatewayServer.gateway.WriteTimeout), WriteTimeout: time.Second * time.Duration(gatewayServer.gateway.WriteTimeout),
ReadTimeout: time.Second * time.Duration(gatewayServer.gateway.ReadTimeout), ReadTimeout: time.Second * time.Duration(gatewayServer.gateway.ReadTimeout),
IdleTimeout: time.Second * time.Duration(gatewayServer.gateway.IdleTimeout), IdleTimeout: time.Second * time.Duration(gatewayServer.gateway.IdleTimeout),
Handler: route, // Pass our instance of gorilla/mux in. Handler: route, // Pass our instance of gorilla/mux in.
TLSConfig: tlsConfig,
} }
if !gatewayServer.gateway.DisableDisplayRouteOnStart { if !gatewayServer.gateway.DisableDisplayRouteOnStart {
printRoute(gatewayServer.gateway.Routes) printRoute(gatewayServer.gateway.Routes)
@@ -42,10 +55,16 @@ func (gatewayServer GatewayServer) Start(ctx context.Context) error {
// Set KeepAlive // Set KeepAlive
srv.SetKeepAlivesEnabled(!gatewayServer.gateway.DisableKeepAlive) srv.SetKeepAlivesEnabled(!gatewayServer.gateway.DisableKeepAlive)
go func() { go func() {
logger.Info("Started Goma Gateway server on %v", gatewayServer.gateway.ListenAddr) logger.Info("Started Goma Gateway server on %v", gatewayServer.gateway.ListenAddr)
if listenWithTLS {
logger.Info("Server is running securely over HTTPS on %v ", gatewayServer.gateway.ListenAddr)
if err := srv.ListenAndServeTLS("", ""); err != nil {
logger.Fatal("Error starting Goma Gateway server: %v", err)
}
} else {
if err := srv.ListenAndServe(); err != nil { if err := srv.ListenAndServe(); err != nil {
logger.Error("Error starting Goma Gateway server: %v", err) logger.Fatal("Error starting Goma Gateway server: %v", err)
}
} }
}() }()
var wg sync.WaitGroup var wg sync.WaitGroup

2
internal/types.go
View File

@@ -137,6 +137,8 @@ type Gateway struct {
// //
//e.g: localhost:8080 //e.g: localhost:8080
ListenAddr string `yaml:"listenAddr" env:"GOMA_LISTEN_ADDR, overwrite"` ListenAddr string `yaml:"listenAddr" env:"GOMA_LISTEN_ADDR, overwrite"`
SSLCertFile string `yaml:"sslCertFile" env:"GOMA_SSL_CERT_FILE, overwrite"`
SSLKeyFile string `yaml:"sslKeyFile" env:"GOMA_SSL_KEY_FILE, overwrite"`
// WriteTimeout defines proxy write timeout // WriteTimeout defines proxy write timeout
WriteTimeout int `yaml:"writeTimeout" env:"GOMA_WRITE_TIMEOUT, overwrite"` WriteTimeout int `yaml:"writeTimeout" env:"GOMA_WRITE_TIMEOUT, overwrite"`
// ReadTimeout defines proxy read timeout // ReadTimeout defines proxy read timeout