Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make Signal Service listen on a standard 443/80 port instead of 10000 #396

Merged
merged 4 commits into from
Jul 25, 2022
Merged

Make Signal Service listen on a standard 443/80 port instead of 10000 #396

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d62d37a
Initial work for a single port Signal service
braginini Jul 23, 2022
94c2023
Migrate Signal to port 80 or 443
braginini Jul 24, 2022
a53ac8f
Migrate Signal to port 80 or 443
braginini Jul 25, 2022
61e7276
Update Signal port in docker compose
braginini Jul 25, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Initial work for a single port Signal service
  • Loading branch information
@braginini
braginini committed Jul 23, 2022
commit d62d37af00c2bdd61fd32967015297692c55e2d8
6 changes: 3 additions & 3 deletions encryption/letsencrypt.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,13 @@ import (
)

// CreateCertManager wraps common logic of generating Let's encrypt certificate.
func CreateCertManager(datadir string, letsencryptDomain string) *autocert.Manager {
func CreateCertManager(datadir string, letsencryptDomain string) (*autocert.Manager, error) {
certDir := filepath.Join(datadir, "letsencrypt")

if _, err := os.Stat(certDir); os.IsNotExist(err) {
err = os.MkdirAll(certDir, os.ModeDir)
if err != nil {
log.Fatalf("failed creating Let's encrypt certdir: %s: %v", certDir, err)
return nil, err
}
}

Expand All @@ -26,5 +26,5 @@ func CreateCertManager(datadir string, letsencryptDomain string) *autocert.Manag
HostPolicy: autocert.HostWhitelist(letsencryptDomain),
}

return certManager
return certManager, nil
}
3 changes: 2 additions & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,9 @@ require (
github.com/patrickmn/go-cache v2.1.0+incompatible
github.com/rs/xid v1.3.0
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
github.com/soheilhy/cmux v0.1.5
github.com/stretchr/testify v1.7.1
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
golang.org/x/term v0.0.0-20220526004731-065cf7ba2467
)

Expand Down Expand Up @@ -97,7 +99,6 @@ require (
golang.org/x/image v0.0.0-20200430140353-33d19683fad8 // indirect
golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect
golang.org/x/net v0.0.0-20220513224357-95641704303c // indirect
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
golang.org/x/text v0.3.8-0.20211105212822-18b340fc7af2 // indirect
golang.org/x/tools v0.1.10 // indirect
golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f // indirect
Expand Down
3 changes: 3 additions & 0 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -575,6 +575,8 @@ github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 h1:JIAuq3EE
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog=
github.com/smartystreets/assertions v1.13.0 h1:Dx1kYM01xsSqKPno3aqLnrwac2LetPvN23diwyr69Qs=
github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg=
github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js=
github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
Expand Down Expand Up @@ -740,6 +742,7 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY
golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201201195509-5d6afe98e0b7/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20201216054612-986b41b23924/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
Expand Down
5 changes: 4 additions & 1 deletion management/cmd/management.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,10 @@ var (
var httpServer *http.Server
if config.HttpConfig.LetsEncryptDomain != "" {
// automatically generate a new certificate with Let's Encrypt
certManager := encryption.CreateCertManager(config.Datadir, config.HttpConfig.LetsEncryptDomain)
certManager, err := encryption.CreateCertManager(config.Datadir, config.HttpConfig.LetsEncryptDomain)
if err != nil {
log.Fatalf("failed creating Let's Encrypt cert manager: %v", err)
}
transportCredentials := credentials.NewTLS(certManager.TLSConfig())
opts = append(opts, grpc.Creds(transportCredentials))

Expand Down
79 changes: 54 additions & 25 deletions signal/cmd/run.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,16 @@ import (
"errors"
"flag"
"fmt"
"github.com/soheilhy/cmux"
"golang.org/x/crypto/acme/autocert"
"io"
"io/fs"
"io/ioutil"
"net"
"net/http"
"os"
"path"
"strings"
"time"

"github.com/netbirdio/netbird/encryption"
Expand Down Expand Up @@ -44,8 +47,8 @@ var (

runCmd = &cobra.Command{
Use: "run",
Short: "start Netbird Signal Server daemon",
Run: func(cmd *cobra.Command, args []string) {
Short: "start NetBird Signal Server daemon",
RunE: func(cmd *cobra.Command, args []string) error {
flag.Parse()
err := util.InitLog(logLevel, logFile)
if err != nil {
Expand All @@ -62,47 +65,73 @@ var (
}

var opts []grpc.ServerOption
var listener net.Listener
var certManager *autocert.Manager
// Let's encrypt enabled -> generate certificate automatically
if signalLetsencryptDomain != "" {
if _, err := os.Stat(signalSSLDir); os.IsNotExist(err) {
err = os.MkdirAll(signalSSLDir, os.ModeDir)
if err != nil {
log.Fatalf("failed creating datadir: %s: %v", signalSSLDir, err)
}
certManager, err = encryption.CreateCertManager(signalSSLDir, signalLetsencryptDomain)
if err != nil {
return err
}
certManager := encryption.CreateCertManager(signalSSLDir, signalLetsencryptDomain)
transportCredentials := credentials.NewTLS(certManager.TLSConfig())
opts = append(opts, grpc.Creds(transportCredentials))

listener := certManager.Listener()
log.Infof("http server listening on %s", listener.Addr())
go func() {
if err := http.Serve(listener, certManager.HTTPHandler(nil)); err != nil {
log.Errorf("failed to serve https server: %v", err)
}
}()
listener = certManager.Listener()
log.Infof("HTTP server listening on %s", listener.Addr())
} else {
listener, err = net.Listen("tcp", fmt.Sprintf(":%d", signalPort))
if err != nil {
return err
}
}

cMux := cmux.New(listener)
grpcListener := cMux.MatchWithWriters(
cmux.HTTP2MatchHeaderFieldSendSettings("content-type", "application/grpc"),
cmux.HTTP2MatchHeaderFieldSendSettings("content-type", "application/grpc+proto"),
)
httpListener := cMux.Match(cmux.HTTP1())

opts = append(opts, signalKaep, signalKasp)
grpcServer := grpc.NewServer(opts...)
proto.RegisterSignalExchangeServer(grpcServer, server.NewServer())

lis, err := net.Listen("tcp", fmt.Sprintf(":%d", signalPort))
if err != nil {
log.Fatalf("failed to listen: %v", err)
go grpcServer.Serve(grpcListener)
if certManager != nil {
go http.Serve(httpListener, certManager.HTTPHandler(nil))
}

proto.RegisterSignalExchangeServer(grpcServer, server.NewServer())
log.Printf("started server: localhost:%v", signalPort)
if err := grpcServer.Serve(lis); err != nil {
log.Fatalf("failed to serve: %v", err)
}
log.Infof("started Signal Service: %v", grpcListener.Addr())

SetupCloseHandler()

err = cMux.Serve()
if err != nil {
return err
}

<-stopCh
log.Println("Receive signal to stop running the Signal server")
_ = listener.Close()
log.Infof("stopped Signal Service")

return nil
},
}
)

// grpcHandlerFunc returns a http.Handler that delegates to grpcServer on incoming gRPC
func grpcHandlerFunc(grpcServer *grpc.Server, otherHandler http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// TODO(tamird): point to merged gRPC code rather than a PR.
// This is a partial recreation of gRPC's internal checks https://github.com/grpc/grpc-go/pull/514/files#diff-95e9a25b738459a2d3030e1e6fa2a718R61
if r.ProtoMajor == 2 && strings.Contains(r.Header.Get("Content-Type"), "application/grpc") {
grpcServer.ServeHTTP(w, r)
} else {
otherHandler.ServeHTTP(w, r)
}
})
}

func cpFile(src, dst string) error {
var err error
var srcfd *os.File
Expand Down Expand Up @@ -191,7 +220,7 @@ func migrateToNetbird(oldPath, newPath string) bool {
}

func init() {
runCmd.PersistentFlags().IntVar(&signalPort, "port", 10000, "Server port to listen on (e.g. 10000)")
runCmd.PersistentFlags().IntVar(&signalPort, "port", 80, "Server port to listen on (e.g. 80)")
runCmd.Flags().StringVar(&signalSSLDir, "ssl-dir", defaultSignalSSLDir, "server ssl directory location. *Required only for Let's Encrypt certificates.")
runCmd.Flags().StringVar(&signalLetsencryptDomain, "letsencrypt-domain", "", "a domain to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS")
}