1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
package main
import (
"crypto/tls"
"fmt"
"net"
"net/http"
"os"
"time"
"github.com/gorilla/context"
"golang.org/x/net/http2"
"gitlab.com/gitlab-org/gitlab-pages/internal/netutil"
"gitlab.com/gitlab-org/gitlab-pages/internal/tlsconfig"
)
type keepAliveListener struct {
net.Listener
}
type keepAliveSetter interface {
SetKeepAlive(bool) error
SetKeepAlivePeriod(time.Duration) error
}
func (ln *keepAliveListener) Accept() (net.Conn, error) {
conn, err := ln.Listener.Accept()
if err != nil {
return nil, err
}
kc := conn.(keepAliveSetter)
kc.SetKeepAlive(true)
kc.SetKeepAlivePeriod(3 * time.Minute)
return conn, nil
}
func listenAndServe(fd uintptr, handler http.HandlerFunc, useHTTP2 bool, tlsConfig *tls.Config, limiter *netutil.Limiter) error {
// create server
server := &http.Server{Handler: context.ClearHandler(handler), TLSConfig: tlsConfig}
if useHTTP2 {
err := http2.ConfigureServer(server, &http2.Server{})
if err != nil {
return err
}
}
l, err := net.FileListener(os.NewFile(fd, "[socket]"))
if err != nil {
return fmt.Errorf("failed to listen on FD %d: %v", fd, err)
}
if limiter != nil {
l = netutil.SharedLimitListener(l, limiter)
}
if tlsConfig != nil {
tlsListener := tls.NewListener(&keepAliveListener{l}, server.TLSConfig)
return server.Serve(tlsListener)
}
return server.Serve(&keepAliveListener{l})
}
func listenAndServeTLS(fd uintptr, cert, key []byte, handler http.HandlerFunc, getCertificate tlsconfig.GetCertificateFunc, insecureCiphers bool, tlsMinVersion uint16, tlsMaxVersion uint16, useHTTP2 bool, limiter *netutil.Limiter) error {
tlsConfig, err := tlsconfig.Create(cert, key, getCertificate, insecureCiphers, tlsMinVersion, tlsMaxVersion)
if err != nil {
return err
}
return listenAndServe(fd, handler, useHTTP2, tlsConfig, limiter)
}
|