diff options
Diffstat (limited to 'workhorse/main.go')
-rw-r--r-- | workhorse/main.go | 34 |
1 files changed, 23 insertions, 11 deletions
diff --git a/workhorse/main.go b/workhorse/main.go index 123d21596e2..55c29b8abf5 100644 --- a/workhorse/main.go +++ b/workhorse/main.go @@ -13,6 +13,7 @@ import ( "syscall" "time" + "gitlab.com/gitlab-org/labkit/fips" "gitlab.com/gitlab-org/labkit/log" "gitlab.com/gitlab-org/labkit/monitoring" "gitlab.com/gitlab-org/labkit/tracing" @@ -155,6 +156,7 @@ func buildConfig(arg0 string, args []string) (*bootConfig, *config.Config, error cfg.ShutdownTimeout = cfgFromFile.ShutdownTimeout cfg.TrustedCIDRsForXForwardedFor = cfgFromFile.TrustedCIDRsForXForwardedFor cfg.TrustedCIDRsForPropagation = cfgFromFile.TrustedCIDRsForPropagation + cfg.Listeners = cfgFromFile.Listeners return boot, cfg, nil } @@ -169,6 +171,7 @@ func run(boot bootConfig, cfg config.Config) error { tracing.Initialize(tracing.WithServiceName("gitlab-workhorse")) log.WithField("version", Version).WithField("build_time", BuildTime).Print("Starting") + fips.Check() // Good housekeeping for Unix sockets: unlink before binding if boot.listenNetwork == "unix" { @@ -177,14 +180,6 @@ func run(boot bootConfig, cfg config.Config) error { } } - // Change the umask only around net.Listen() - oldUmask := syscall.Umask(boot.listenUmask) - listener, err := net.Listen(boot.listenNetwork, boot.listenAddr) - syscall.Umask(oldUmask) - if err != nil { - return fmt.Errorf("main listener: %v", err) - } - finalErrors := make(chan error) // The profiler will only be activated by HTTP requests. HTTP @@ -241,8 +236,25 @@ func run(boot bootConfig, cfg config.Config) error { done := make(chan os.Signal, 1) signal.Notify(done, syscall.SIGINT, syscall.SIGTERM) - server := http.Server{Handler: up} - go func() { finalErrors <- server.Serve(listener) }() + listenerFromBootConfig := config.ListenerConfig{ + Network: boot.listenNetwork, + Addr: boot.listenAddr, + } + var listeners []net.Listener + oldUmask := syscall.Umask(boot.listenUmask) + for _, cfg := range append(cfg.Listeners, listenerFromBootConfig) { + l, err := newListener("upstream", cfg) + if err != nil { + return err + } + listeners = append(listeners, l) + } + syscall.Umask(oldUmask) + + srv := &http.Server{Handler: up} + for _, l := range listeners { + go func(l net.Listener) { finalErrors <- srv.Serve(l) }(l) + } select { case err := <-finalErrors: @@ -254,6 +266,6 @@ func run(boot bootConfig, cfg config.Config) error { defer cancel() redis.Shutdown() - return server.Shutdown(ctx) + return srv.Shutdown(ctx) } } |