From b1d3ff9c9ca4561fb0d152ea24394f827a364a17 Mon Sep 17 00:00:00 2001 From: David Dollar Date: Tue, 17 May 2016 16:06:36 -0400 Subject: [PATCH 1/8] warn instead of die on connection failure --- main.go | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/main.go b/main.go index 49b1d62..479c714 100644 --- a/main.go +++ b/main.go @@ -18,10 +18,14 @@ import ( ) func die(err error) { - fmt.Fprintf(os.Stderr, "ERROR: %s\n", err) + warn(err) os.Exit(1) } +func warn(err error) { + fmt.Fprintf(os.Stderr, "ERROR: %s\n", err) +} + func main() { if len(os.Args) < 4 { fmt.Fprintf(os.Stderr, "usage: proxy \n") @@ -84,7 +88,8 @@ func handleProxyConnection(in net.Conn, to string) { out, err := net.DialTimeout("tcp", to, 5*time.Second) if err != nil { - die(err) + warn(err) + return } header := fmt.Sprintf("PROXY TCP4 %s 127.0.0.1 %s %s\r\n", rp[0], rp[1], top[1]) @@ -103,7 +108,8 @@ func handleTcpConnection(in net.Conn, to string) { out, err := net.DialTimeout("tcp", to, 5*time.Second) if err != nil { - die(err) + warn(err) + return } pipe(in, out) From d1ff15c09029f879cd4c2d6158fc46aaa6a7629d Mon Sep 17 00:00:00 2001 From: David Dollar Date: Tue, 17 May 2016 16:06:49 -0400 Subject: [PATCH 2/8] determine proxy endpoint from link vars --- Dockerfile | 6 ++++-- bin/proxy-link | 9 +++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) create mode 100755 bin/proxy-link diff --git a/Dockerfile b/Dockerfile index 044d660..7f096ac 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,10 +4,12 @@ RUN apk-install git RUN apk-install go ENV GOPATH /go -ENV PATH $GOPATH/bin:$PATH +ENV PATH /go/bin:$PATH + +COPY bin/proxy-link /usr/bin/proxy-link WORKDIR /go/src/github.com/convox/proxy COPY . /go/src/github.com/convox/proxy RUN go install ./... -ENTRYPOINT ["proxy"] +ENTRYPOINT ["proxy-link"] diff --git a/bin/proxy-link b/bin/proxy-link new file mode 100755 index 0000000..d097fe7 --- /dev/null +++ b/bin/proxy-link @@ -0,0 +1,9 @@ +#!/bin/sh + +from=${1} +toport=${2} +args=${3} + +eval to="\$HOST_PORT_${toport}_TCP_ADDR:\$HOST_PORT_${toport}_TCP_PORT" + +exec proxy $from $to $args From fb13a3275889348fdb4193ad5dd01520229c9111 Mon Sep 17 00:00:00 2001 From: Noah Zoschke Date: Wed, 18 May 2016 09:51:27 -0500 Subject: [PATCH 3/8] Makefile for releasing new convox/proxy image --- Makefile | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 Makefile diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..f9973ba --- /dev/null +++ b/Makefile @@ -0,0 +1,10 @@ +all: build + +build: + docker build --no-cache -t convox/proxy . + +test: + go test -cover -v ./... + +release: build + docker push convox/proxy From 5259a8be12c005ce25ea6a984805c2aa40b4747d Mon Sep 17 00:00:00 2001 From: David Dollar Date: Wed, 18 May 2016 13:39:54 -0400 Subject: [PATCH 4/8] handle secure connections to the backend --- main.go | 39 ++++++++++++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 7 deletions(-) diff --git a/main.go b/main.go index 479c714..9e4ddbb 100644 --- a/main.go +++ b/main.go @@ -28,7 +28,7 @@ func warn(err error) { func main() { if len(os.Args) < 4 { - fmt.Fprintf(os.Stderr, "usage: proxy \n") + fmt.Fprintf(os.Stderr, "usage: proxy [options]\n") os.Exit(1) } @@ -36,6 +36,16 @@ func main() { to := os.Args[2] protocol := os.Args[3] proxy := false + secure := false + + for _, option := range os.Args[4:] { + switch option { + case "proxy": + proxy = true + case "secure": + secure = true + } + } if len(os.Args) > 4 && os.Args[4] == "proxy" { proxy = true @@ -72,20 +82,35 @@ func main() { } if proxy { - go handleProxyConnection(conn, to) + go handleProxyConnection(conn, to, secure) } else { - go handleTcpConnection(conn, to) + go handleTcpConnection(conn, to, secure) } } } -func handleProxyConnection(in net.Conn, to string) { +func dial(addr string, secure bool) (net.Conn, error) { + if secure { + config := &tls.Config{} + + dialer := &net.Dialer{ + Timeout: 5 * time.Second, + } + + return tls.DialWithDialer(dialer, "tcp", addr, config) + } else { + return net.DialTimeout("tcp", addr, 5*time.Second) + } + +} + +func handleProxyConnection(in net.Conn, to string, secure bool) { rp := strings.SplitN(in.RemoteAddr().String(), ":", 2) top := strings.SplitN(to, ":", 2) fmt.Printf("proxy %s:%s -> %s:%s\n", rp[0], rp[1], top[0], top[1]) - out, err := net.DialTimeout("tcp", to, 5*time.Second) + out, err := dial(to, secure) if err != nil { warn(err) @@ -99,13 +124,13 @@ func handleProxyConnection(in net.Conn, to string) { pipe(in, out) } -func handleTcpConnection(in net.Conn, to string) { +func handleTcpConnection(in net.Conn, to string, secure bool) { rp := strings.SplitN(in.RemoteAddr().String(), ":", 2) top := strings.SplitN(to, ":", 2) fmt.Printf("tcp %s:%s -> %s:%s\n", rp[0], rp[1], top[0], top[1]) - out, err := net.DialTimeout("tcp", to, 5*time.Second) + out, err := dial(to, secure) if err != nil { warn(err) From 6a21691df77fc211de0edfabb729a96647767c54 Mon Sep 17 00:00:00 2001 From: David Dollar Date: Wed, 18 May 2016 13:50:06 -0400 Subject: [PATCH 5/8] log secure mode --- main.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/main.go b/main.go index 9e4ddbb..81e4fa9 100644 --- a/main.go +++ b/main.go @@ -91,7 +91,9 @@ func main() { func dial(addr string, secure bool) (net.Conn, error) { if secure { - config := &tls.Config{} + config := &tls.Config{ + InsecureSkipVerify: true, + } dialer := &net.Dialer{ Timeout: 5 * time.Second, @@ -108,7 +110,7 @@ func handleProxyConnection(in net.Conn, to string, secure bool) { rp := strings.SplitN(in.RemoteAddr().String(), ":", 2) top := strings.SplitN(to, ":", 2) - fmt.Printf("proxy %s:%s -> %s:%s\n", rp[0], rp[1], top[0], top[1]) + fmt.Printf("proxy %s:%s -> %s:%s secure=%t\n", rp[0], rp[1], top[0], top[1], secure) out, err := dial(to, secure) @@ -128,7 +130,7 @@ func handleTcpConnection(in net.Conn, to string, secure bool) { rp := strings.SplitN(in.RemoteAddr().String(), ":", 2) top := strings.SplitN(to, ":", 2) - fmt.Printf("tcp %s:%s -> %s:%s\n", rp[0], rp[1], top[0], top[1]) + fmt.Printf("tcp %s:%s -> %s:%s secure=%t\n", rp[0], rp[1], top[0], top[1], secure) out, err := dial(to, secure) From 3da118de9ece2d1cfdc2212d6106627c5d367c5d Mon Sep 17 00:00:00 2001 From: David Dollar Date: Wed, 18 May 2016 13:53:21 -0400 Subject: [PATCH 6/8] handle args --- main.go | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/main.go b/main.go index 81e4fa9..67b4158 100644 --- a/main.go +++ b/main.go @@ -38,19 +38,17 @@ func main() { proxy := false secure := false - for _, option := range os.Args[4:] { - switch option { - case "proxy": - proxy = true - case "secure": - secure = true + if len(os.Args) > 4 { + for _, option := range os.Args[4:] { + switch option { + case "proxy": + proxy = true + case "secure": + secure = true + } } } - if len(os.Args) > 4 && os.Args[4] == "proxy" { - proxy = true - } - ln, err := net.Listen("tcp", fmt.Sprintf(":%s", from)) if err != nil { From ecc46c249f01cd9a67f5da24429ed32fef254a87 Mon Sep 17 00:00:00 2001 From: David Dollar Date: Wed, 18 May 2016 15:56:18 -0400 Subject: [PATCH 7/8] pass through all args --- bin/proxy-link | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bin/proxy-link b/bin/proxy-link index d097fe7..ab41bce 100755 --- a/bin/proxy-link +++ b/bin/proxy-link @@ -1,8 +1,10 @@ #!/bin/sh from=${1} -toport=${2} -args=${3} +shift +toport=${1} +shift +args=${@} eval to="\$HOST_PORT_${toport}_TCP_ADDR:\$HOST_PORT_${toport}_TCP_PORT" From d86e129d1d7d40eff1a29af3272cbc9a1a74a8cf Mon Sep 17 00:00:00 2001 From: David Dollar Date: Wed, 18 May 2016 15:56:32 -0400 Subject: [PATCH 8/8] upgrade to tls after the proxy header --- main.go | 33 ++++++++++++++------------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/main.go b/main.go index 67b4158..c01b1ce 100644 --- a/main.go +++ b/main.go @@ -87,30 +87,13 @@ func main() { } } -func dial(addr string, secure bool) (net.Conn, error) { - if secure { - config := &tls.Config{ - InsecureSkipVerify: true, - } - - dialer := &net.Dialer{ - Timeout: 5 * time.Second, - } - - return tls.DialWithDialer(dialer, "tcp", addr, config) - } else { - return net.DialTimeout("tcp", addr, 5*time.Second) - } - -} - func handleProxyConnection(in net.Conn, to string, secure bool) { rp := strings.SplitN(in.RemoteAddr().String(), ":", 2) top := strings.SplitN(to, ":", 2) fmt.Printf("proxy %s:%s -> %s:%s secure=%t\n", rp[0], rp[1], top[0], top[1], secure) - out, err := dial(to, secure) + out, err := net.DialTimeout("tcp", to, 5*time.Second) if err != nil { warn(err) @@ -121,6 +104,12 @@ func handleProxyConnection(in net.Conn, to string, secure bool) { out.Write([]byte(header)) + if secure { + out = tls.Client(out, &tls.Config{ + InsecureSkipVerify: true, + }) + } + pipe(in, out) } @@ -130,13 +119,19 @@ func handleTcpConnection(in net.Conn, to string, secure bool) { fmt.Printf("tcp %s:%s -> %s:%s secure=%t\n", rp[0], rp[1], top[0], top[1], secure) - out, err := dial(to, secure) + out, err := net.DialTimeout("tcp", to, 5*time.Second) if err != nil { warn(err) return } + if secure { + out = tls.Client(out, &tls.Config{ + InsecureSkipVerify: true, + }) + } + pipe(in, out) }