Reimplement proxy using ReverseProxy
parent
6a12bcaf5c
commit
e64eeecd5d
|
@ -1,11 +1,11 @@
|
||||||
// This is honestly terrible
|
// This is honestly terrible. It only exists to replace the AWS S3 website hosting feature missing in minio
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"io"
|
|
||||||
"log"
|
"log"
|
||||||
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/http/httputil"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
@ -16,7 +16,6 @@ import (
|
||||||
var endpoint string
|
var endpoint string
|
||||||
var endpointSecure bool
|
var endpointSecure bool
|
||||||
var behindProxy bool
|
var behindProxy bool
|
||||||
var client *http.Client
|
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
// Read configuration
|
// Read configuration
|
||||||
|
@ -24,23 +23,11 @@ func main() {
|
||||||
endpointSecure = os.Getenv("MINIO_ENDPOINT_SECURE") == "true"
|
endpointSecure = os.Getenv("MINIO_ENDPOINT_SECURE") == "true"
|
||||||
behindProxy = os.Getenv("BEHIND_PROXY") == "true"
|
behindProxy = os.Getenv("BEHIND_PROXY") == "true"
|
||||||
|
|
||||||
// Setup HTTP client
|
|
||||||
transport := &http.Transport{
|
|
||||||
MaxIdleConns: 4,
|
|
||||||
MaxIdleConnsPerHost: 4,
|
|
||||||
IdleConnTimeout: 30 * time.Second,
|
|
||||||
DisableCompression: true,
|
|
||||||
}
|
|
||||||
client = &http.Client{
|
|
||||||
Transport: transport,
|
|
||||||
Timeout: 5 * time.Second,
|
|
||||||
}
|
|
||||||
|
|
||||||
server := &http.Server{
|
server := &http.Server{
|
||||||
Addr: ":80",
|
Addr: ":80",
|
||||||
ReadTimeout: 5 * time.Second,
|
ReadTimeout: 5 * time.Second,
|
||||||
WriteTimeout: 10 * time.Second,
|
WriteTimeout: 10 * time.Second,
|
||||||
Handler: http.HandlerFunc(handle),
|
Handler: &httputil.ReverseProxy{Director: director},
|
||||||
}
|
}
|
||||||
err := server.ListenAndServe()
|
err := server.ListenAndServe()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -48,44 +35,38 @@ func main() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func handle(w http.ResponseWriter, r *http.Request) {
|
func director(req *http.Request) {
|
||||||
// Validate host
|
// Validate host
|
||||||
if _, ok := dns.IsDomainName(r.Host); !ok {
|
host, port, err := net.SplitHostPort(req.Host)
|
||||||
w.WriteHeader(http.StatusBadRequest)
|
if err != nil {
|
||||||
|
// Assumption: IsDomainName will handle other cases
|
||||||
|
host = req.Host
|
||||||
|
}
|
||||||
|
if _, ok := dns.IsDomainName(host); !ok {
|
||||||
|
req.URL.Scheme = ""
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Rewrite URL
|
// Rewrite URL
|
||||||
path := mapPath(r.URL.Path, r.Host)
|
req.URL.Scheme = "http"
|
||||||
url := &url.URL{
|
|
||||||
Scheme: "http",
|
|
||||||
Host: endpoint,
|
|
||||||
Path: path,
|
|
||||||
}
|
|
||||||
if endpointSecure {
|
if endpointSecure {
|
||||||
url.Scheme = "https"
|
req.URL.Scheme = "https"
|
||||||
|
}
|
||||||
|
req.URL.Host = endpoint
|
||||||
|
req.URL.Path = mapPath(req.URL.Path, host)
|
||||||
|
|
||||||
|
if !behindProxy {
|
||||||
|
// Clear existing unsafe headers
|
||||||
|
req.Header.Del("Forwarded")
|
||||||
|
req.Header.Del("X-Forwarded-For")
|
||||||
|
|
||||||
|
// Unnecessary, but might as well
|
||||||
|
req.Header.Set("X-Forwarded-Proto", req.URL.Scheme)
|
||||||
|
req.Header.Set("X-Forwarded-Host", host)
|
||||||
|
req.Header.Set("X-Forwarded-Port", port)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Update Forwarded headers
|
log.Println(req.URL)
|
||||||
header := safeCloneHeader(r.Header)
|
|
||||||
|
|
||||||
// Create forwarded request
|
|
||||||
out := &http.Request{
|
|
||||||
URL: url,
|
|
||||||
Header: header,
|
|
||||||
}
|
|
||||||
|
|
||||||
log.Println(out.URL)
|
|
||||||
resp, err := client.Do(out)
|
|
||||||
if err != nil {
|
|
||||||
w.WriteHeader(http.StatusInternalServerError)
|
|
||||||
log.Println(err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
defer resp.Body.Close()
|
|
||||||
|
|
||||||
w.WriteHeader(resp.StatusCode)
|
|
||||||
io.Copy(w, resp.Body)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func mapPath(path, host string) string {
|
func mapPath(path, host string) string {
|
||||||
|
@ -94,36 +75,3 @@ func mapPath(path, host string) string {
|
||||||
}
|
}
|
||||||
return "/" + host + path
|
return "/" + host + path
|
||||||
}
|
}
|
||||||
|
|
||||||
// Further validation is required for this function
|
|
||||||
func safeCloneHeader(h http.Header) http.Header {
|
|
||||||
clone := make(http.Header, 0)
|
|
||||||
for key, value := range h {
|
|
||||||
if !safeHeaderName(key) {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
for _, v := range value {
|
|
||||||
clone.Add(key, v)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return clone
|
|
||||||
}
|
|
||||||
|
|
||||||
// Comparisons in this function MUST be in canonical form
|
|
||||||
func safeHeaderName(name string) bool {
|
|
||||||
if behindProxy {
|
|
||||||
if name == "X-Forwarded-For" {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
if name == "X-Forwarded-Host" {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
if name == "X-Forwarded-Proto" {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
if name == "Forwarded" {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
|
@ -101,7 +101,6 @@ func update(w http.ResponseWriter, req *http.Request) {
|
||||||
}
|
}
|
||||||
|
|
||||||
wg.Wait()
|
wg.Wait()
|
||||||
|
|
||||||
// Check for errors
|
// Check for errors
|
||||||
for _, op := range resizes {
|
for _, op := range resizes {
|
||||||
if op.err != nil {
|
if op.err != nil {
|
||||||
|
@ -124,7 +123,6 @@ func update(w http.ResponseWriter, req *http.Request) {
|
||||||
}
|
}
|
||||||
|
|
||||||
wg.Wait()
|
wg.Wait()
|
||||||
|
|
||||||
// Check for errors
|
// Check for errors
|
||||||
for _, op := range resizes {
|
for _, op := range resizes {
|
||||||
if op.err != nil {
|
if op.err != nil {
|
||||||
|
|
Loading…
Reference in New Issue