From 6552c7c884cd2c5355d157b5157f67234ec960d3 Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Tue, 6 Jan 2015 21:55:59 +0000 Subject: [PATCH 1/2] fix proxy function with TLS Signed-off-by: Victor Vieux --- api/api.go | 4 +++- api/server.go | 1 + api/utils.go | 9 +++++++-- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/api/api.go b/api/api.go index b2a0fb0e48..36ea6d617e 100644 --- a/api/api.go +++ b/api/api.go @@ -2,6 +2,7 @@ package api import ( "bytes" + "crypto/tls" "encoding/json" "fmt" "io/ioutil" @@ -25,6 +26,7 @@ type context struct { eventsHandler *eventsHandler debug bool version string + tlsConfig *tls.Config } type handler func(c *context, w http.ResponseWriter, r *http.Request) @@ -234,7 +236,7 @@ func proxyContainer(c *context, w http.ResponseWriter, r *http.Request) { return } - if err := proxy(container, w, r); err != nil { + if err := proxy(c.tlsConfig, container, w, r); err != nil { httpError(w, err.Error(), http.StatusInternalServerError) } } diff --git a/api/server.go b/api/server.go index 1d75de68f3..7a3b44f552 100644 --- a/api/server.go +++ b/api/server.go @@ -35,6 +35,7 @@ func ListenAndServe(c *cluster.Cluster, s *scheduler.Scheduler, hosts []string, scheduler: s, version: version, eventsHandler: NewEventsHandler(), + tlsConfig: tlsConfig, } c.Events(context.eventsHandler) r, err := createRouter(context, enableCors) diff --git a/api/utils.go b/api/utils.go index 5c8396432a..9e51779b45 100644 --- a/api/utils.go +++ b/api/utils.go @@ -1,6 +1,7 @@ package api import ( + "crypto/tls" "errors" "fmt" "io" @@ -33,9 +34,13 @@ func getContainerFromVars(c *context, vars map[string]string) (*cluster.Containe return nil, errors.New("Not found") } -func proxy(container *cluster.Container, w http.ResponseWriter, r *http.Request) error { +func proxy(tlsConfig *tls.Config, container *cluster.Container, w http.ResponseWriter, r *http.Request) error { // Use a new client for each request - client := &http.Client{} + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: tlsConfig, + }, + } // RequestURI may not be sent to client r.RequestURI = "" From 20018ff1415c041bb51ecbf414f7d4806160551b Mon Sep 17 00:00:00 2001 From: Victor Vieux Date: Tue, 6 Jan 2015 23:17:16 +0000 Subject: [PATCH 2/2] add tls to hijack as well Signed-off-by: Victor Vieux --- api/api.go | 4 ++-- api/utils.go | 13 +++++++++++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/api/api.go b/api/api.go index 36ea6d617e..a89a8ed470 100644 --- a/api/api.go +++ b/api/api.go @@ -220,7 +220,7 @@ func proxyContainerAndForceRefresh(c *context, w http.ResponseWriter, r *http.Re return } - if err := proxy(container, w, r); err != nil { + if err := proxy(c.tlsConfig, container, w, r); err != nil { httpError(w, err.Error(), http.StatusInternalServerError) } @@ -249,7 +249,7 @@ func proxyHijack(c *context, w http.ResponseWriter, r *http.Request) { return } - if err := hijack(container, w, r); err != nil { + if err := hijack(c.tlsConfig, container, w, r); err != nil { httpError(w, err.Error(), http.StatusInternalServerError) } } diff --git a/api/utils.go b/api/utils.go index 9e51779b45..6380e0812e 100644 --- a/api/utils.go +++ b/api/utils.go @@ -65,7 +65,7 @@ func proxy(tlsConfig *tls.Config, container *cluster.Container, w http.ResponseW return nil } -func hijack(container *cluster.Container, w http.ResponseWriter, r *http.Request) error { +func hijack(tlsConfig *tls.Config, container *cluster.Container, w http.ResponseWriter, r *http.Request) error { addr := container.Node().Addr if parts := strings.SplitN(container.Node().Addr, "://", 2); len(parts) == 2 { addr = parts[1] @@ -73,7 +73,16 @@ func hijack(container *cluster.Container, w http.ResponseWriter, r *http.Request log.Debugf("[HIJACK PROXY] --> %s", addr) - d, err := net.Dial("tcp", addr) + var ( + d net.Conn + err error + ) + + if tlsConfig != nil { + d, err = tls.Dial("tcp", addr, tlsConfig) + } else { + d, err = net.Dial("tcp", addr) + } if err != nil { return err }