Merge pull request #224 from vieux/fix_proxy_tls

fix proxy function with TLS
2015-01-08 14:03:48 +01:00 · 2015-01-08 14:03:48 +01:00 · e5cc8636bd
parent 322c5476e9 20018ff141
commit e5cc8636bd
3 changed files with 24 additions and 7 deletions
--- a/api/api.go
+++ b/api/api.go
@ -2,6 +2,7 @@ package api

 import (
 	"bytes"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@ -25,6 +26,7 @@ type context struct {
 	eventsHandler *eventsHandler
 	debug         bool
 	version       string
+	tlsConfig     *tls.Config
 }

 type handler func(c *context, w http.ResponseWriter, r *http.Request)
@ -218,7 +220,7 @@ func proxyContainerAndForceRefresh(c *context, w http.ResponseWriter, r *http.Re
 		return
 	}

-	if err := proxy(container, w, r); err != nil {
+	if err := proxy(c.tlsConfig, container, w, r); err != nil {
 		httpError(w, err.Error(), http.StatusInternalServerError)
 	}

@ -234,7 +236,7 @@ func proxyContainer(c *context, w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	if err := proxy(container, w, r); err != nil {
+	if err := proxy(c.tlsConfig, container, w, r); err != nil {
 		httpError(w, err.Error(), http.StatusInternalServerError)
 	}
 }
@ -247,7 +249,7 @@ func proxyHijack(c *context, w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	if err := hijack(container, w, r); err != nil {
+	if err := hijack(c.tlsConfig, container, w, r); err != nil {
 		httpError(w, err.Error(), http.StatusInternalServerError)
 	}
 }
--- a/api/server.go
+++ b/api/server.go
@ -35,6 +35,7 @@ func ListenAndServe(c *cluster.Cluster, s *scheduler.Scheduler, hosts []string,
 		scheduler:     s,
 		version:       version,
 		eventsHandler: NewEventsHandler(),
+		tlsConfig:     tlsConfig,
 	}
 	c.Events(context.eventsHandler)
 	r, err := createRouter(context, enableCors)
--- a/api/utils.go
+++ b/api/utils.go
@ -1,6 +1,7 @@
 package api

 import (
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"io"
@ -33,9 +34,13 @@ func getContainerFromVars(c *context, vars map[string]string) (*cluster.Containe
 	return nil, errors.New("Not found")
 }

-func proxy(container *cluster.Container, w http.ResponseWriter, r *http.Request) error {
+func proxy(tlsConfig *tls.Config, container *cluster.Container, w http.ResponseWriter, r *http.Request) error {
 	// Use a new client for each request
-	client := &http.Client{}
+	client := &http.Client{
+		Transport: &http.Transport{
+			TLSClientConfig: tlsConfig,
+		},
+	}

 	// RequestURI may not be sent to client
 	r.RequestURI = ""
@ -60,7 +65,7 @@ func proxy(container *cluster.Container, w http.ResponseWriter, r *http.Request)
 	return nil
 }

-func hijack(container *cluster.Container, w http.ResponseWriter, r *http.Request) error {
+func hijack(tlsConfig *tls.Config, container *cluster.Container, w http.ResponseWriter, r *http.Request) error {
 	addr := container.Node().Addr
 	if parts := strings.SplitN(container.Node().Addr, "://", 2); len(parts) == 2 {
 		addr = parts[1]
@ -68,7 +73,16 @@ func hijack(container *cluster.Container, w http.ResponseWriter, r *http.Request

 	log.Debugf("[HIJACK PROXY] --> %s", addr)

-	d, err := net.Dial("tcp", addr)
+	var (
+		d   net.Conn
+		err error
+	)
+
+	if tlsConfig != nil {
+		d, err = tls.Dial("tcp", addr, tlsConfig)
+	} else {
+		d, err = net.Dial("tcp", addr)
+	}
 	if err != nil {
 		return err
 	}