diff options
author | Igor Wiedler <iwiedler@gitlab.com> | 2020-05-04 15:30:39 +0300 |
---|---|---|
committer | Igor Wiedler <iwiedler@gitlab.com> | 2020-11-18 12:48:36 +0300 |
commit | 481a5bf0c8fbac9c18889341757ee9806d4ebd63 (patch) | |
tree | 12e653b8d164ea1a126eaaf189c9609e667b846a /server.go | |
parent | 12fa24ee96cb9d971a75df2cacfcbb1e014125e9 (diff) |
Support for HTTPS over PROXYv2 protocol
Diffstat (limited to 'server.go')
-rw-r--r-- | server.go | 20 |
1 files changed, 16 insertions, 4 deletions
@@ -9,6 +9,7 @@ import ( "time" "github.com/gorilla/context" + proxyproto "github.com/pires/go-proxyproto" "golang.org/x/net/http2" "gitlab.com/gitlab-org/gitlab-pages/internal/netutil" @@ -36,7 +37,7 @@ func (ln *keepAliveListener) Accept() (net.Conn, error) { return conn, nil } -func listenAndServe(fd uintptr, handler http.Handler, useHTTP2 bool, tlsConfig *tls.Config, limiter *netutil.Limiter) error { +func listenAndServe(fd uintptr, handler http.Handler, useHTTP2 bool, tlsConfig *tls.Config, limiter *netutil.Limiter, proxyv2 bool) error { // create server server := &http.Server{Handler: context.ClearHandler(handler), TLSConfig: tlsConfig} @@ -56,9 +57,20 @@ func listenAndServe(fd uintptr, handler http.Handler, useHTTP2 bool, tlsConfig * l = netutil.SharedLimitListener(l, limiter) } + l = &keepAliveListener{l} + + if proxyv2 { + l = &proxyproto.Listener{ + Listener: l, + Policy: func(upstream net.Addr) (proxyproto.Policy, error) { + return proxyproto.REQUIRE, nil + }, + } + } + if tlsConfig != nil { - tlsListener := tls.NewListener(&keepAliveListener{l}, server.TLSConfig) - return server.Serve(tlsListener) + l = tls.NewListener(l, server.TLSConfig) } - return server.Serve(&keepAliveListener{l}) + + return server.Serve(l) } |