Example #1
0
func NewTlsServerCommand() cli.Command {
	return cli.Command{
		Name:  "tls-server",
		Usage: "Setup server encrypt mode",
		Flags: append(common, certflags...),
		Before: func(c *cli.Context) error {
			SetLoglevel(c)
			tlscacert, tlscert, tlskey := preprocess(c)
			opts := proxy.CertOptions{
				CA:      tlscacert,
				TlsCert: tlscert,
				TlsKey:  tlskey,
				Server:  true,
			}
			loadCertificate = func(c *cli.Context) proxy.TLSConfig {
				cfg, err := proxy.LoadCertificate(opts)
				if err != nil {
					fmt.Fprintln(os.Stderr, err)
					os.Exit(1)
				}
				return proxy.TLSConfig{Server: cfg}
			}
			return nil
		},
		Action: Proxy,
	}
}
Example #2
0
/*
Create a proxy that encrypts outbound connection to TLS enabled endpoint
*/
func ExampleLoadCertificate() {
	tlscfg, err := proxy.LoadCertificate(proxy.CertOptions{
		"s3://devops.org/cert/ca.pem",
		"file://cert.pem",
		"key.pem",
	})
	if err != nil {
		log.Fatal(err)
	}

	// prepare proxy option with TLS enabled
	pxyOpts := &proxy.ConnOptions{
		// Conneciton initiator does not encrypt data
		Net:  "tcp4",
		From: ":6379",

		// destination endpoint must accept TLS encrypted data
		To: []string{"10.0.0.12:6379"},

		// instructs go-proxy to establish TLS connection with config
		TLSConfig: proxy.TLSConfig{
			Client: tlscfg,
		},
	}

	context, cancel := ctx.WithCancel(ctx.Background())
	defer cancel()

	err := proxy.To(context, pxyOpts)
	log.Warning(err)
}
Example #3
0
func (i *Info) Listen() {
	var (
		// proxy type handler
		handle ProxyFunc

		// proxy connection option
		opts *proxy.ConnOptions

		// tls configuration info
		tlscfg proxy.TLSConfig

		logger = log.WithFields(log.Fields{
			"Name":    i.Name,
			"Net":     i.Net,
			"From":    i.From,
			"Range":   i.FromRange,
			"To":      i.To,
			"Service": i.Service,
			"Role":    i.ServerRole,
		})
	)

	// Setup TLS configuration
	switch {
	case i.ServerRole == "server":
		cfg, err := proxy.LoadCertificate(proxy.CertOptions{
			CA:      i.CA,
			TlsCert: i.Cert,
			TlsKey:  i.Key,
			Server:  true,
		})
		if err != nil {
			logger.Error(err)
			return
		}
		tlscfg = proxy.TLSConfig{Server: cfg}
		break
	case i.ServerRole == "client":
		cfg, err := proxy.LoadCertificate(proxy.CertOptions{
			CA:      i.CA,
			TlsCert: i.Cert,
			TlsKey:  i.Key,
		})
		if err != nil {
			logger.Error(err)
			return
		}
		tlscfg = proxy.TLSConfig{Client: cfg}
		break

	case i.ServerRole == "": // not processing TLS
		break

	default: // fall through as if not processing TLS
		break
	}

	// Setup destination and listener information
	switch {
	case i.Service != "":
		discovery := &proxy.DiscOptions{
			Service:   i.Service,
			Endpoints: disc.Endpoints(),
		}
		opts = &proxy.ConnOptions{
			Net:       i.Net,
			Discovery: discovery,
			TLSConfig: tlscfg,
		}
		if len(i.FromRange) != 0 {
			handle = proxy.ClusterSrv
			opts.FromRange = i.FromRange
		} else {
			handle = proxy.Srv
			opts.From = i.From
		}
		break
	case len(i.To) != 0:
		opts = &proxy.ConnOptions{
			Net:       i.Net,
			To:        i.To,
			TLSConfig: tlscfg,
		}
		if len(i.FromRange) != 0 {
			handle = proxy.ClusterTo
			opts.FromRange = i.FromRange
		} else {
			handle = proxy.To
			opts.From = i.From
		}
		break
	}

	// Attach context to proxy daemon
	order, abort := ctx.WithCancel(RootContext)

	// This proxy shall have its isolated abort feature
	i.Cancel = abort

	go func() {
		logger.Info("begin")
		err := handle(order, opts)
		logger.Warning(err)
	}()
}