/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package http import ( "context" "crypto/tls" "errors" "fmt" "github.com/apache/servicecomb-mesher/proxy/ingress" "github.com/apache/servicecomb-mesher/proxy/pkg/runtime" "net" "net/http" "strings" "github.com/apache/servicecomb-mesher/proxy/common" "github.com/apache/servicecomb-mesher/proxy/resolver" chassisCom "github.com/go-chassis/go-chassis/v2/core/common" "github.com/go-chassis/go-chassis/v2/core/server" chassisTLS "github.com/go-chassis/go-chassis/v2/core/tls" chassisRuntime "github.com/go-chassis/go-chassis/v2/pkg/runtime" "github.com/go-chassis/openlog" ) const ( Name = "http" ) func init() { server.InstallPlugin(Name, newServer) } func newServer(opts server.Options) server.ProtocolServer { return &httpServer{ opts: opts, } } type httpServer struct { opts server.Options server *http.Server } func (hs *httpServer) Register(schema interface{}, options ...server.RegisterOption) (string, error) { return "", nil } func (hs *httpServer) Start() error { host, port, err := net.SplitHostPort(hs.opts.Address) if err != nil { return err } ip := net.ParseIP(host) if ip == nil { return fmt.Errorf("IP format error, input is [%s]", hs.opts.Address) } if ip.To4() == nil { return fmt.Errorf("only support ipv4, input is [%s]", hs.opts.Address) } switch runtime.Role { case common.RoleSidecar: err = hs.startSidecar(host, port) default: err = hs.startCommonProxy() } if err != nil { return err } return nil } func (hs *httpServer) startSidecar(host, port string) error { mesherTLSConfig, mesherSSLConfig, mesherErr := chassisTLS.GetTLSConfigByService( common.ComponentName, "", chassisCom.Provider) if mesherErr != nil { if !chassisTLS.IsSSLConfigNotExist(mesherErr) { return mesherErr } } else { sslTag := genTag(common.ComponentName, chassisCom.Provider) openlog.Warn(fmt.Sprintf("%s TLS mode, verify peer: %t, cipher plugin: %s.", sslTag, mesherSSLConfig.VerifyPeer, mesherSSLConfig.CipherPlugin)) } err := hs.listenAndServe("127.0.0.1"+":"+port, mesherTLSConfig, http.HandlerFunc(LocalRequestHandler)) if err != nil { return err } resolver.SelfEndpoint = "127.0.0.1" + ":" + port switch host { case "0.0.0.0": return errors.New("in sidecar mode, forbidden to listen on 0.0.0.0") case "127.0.0.1": openlog.Warn("Mesher listen on 127.0.0.1, it can only proxy for consumer. " + "for provider, mesher must listen on external ip.") return nil default: serverTLSConfig, serverSSLConfig, serverErr := chassisTLS.GetTLSConfigByService( chassisRuntime.ServiceName, chassisCom.ProtocolRest, chassisCom.Provider) if serverErr != nil { if !chassisTLS.IsSSLConfigNotExist(serverErr) { return serverErr } } else { sslTag := genTag(chassisRuntime.ServiceName, chassisCom.ProtocolRest, chassisCom.Provider) openlog.Warn(fmt.Sprintf("%s TLS mode, verify peer: %t, cipher plugin: %s.", sslTag, serverSSLConfig.VerifyPeer, serverSSLConfig.CipherPlugin)) } err = hs.listenAndServe(hs.opts.Address, serverTLSConfig, http.HandlerFunc(RemoteRequestHandler)) if err != nil { return err } } return nil } func (hs *httpServer) startCommonProxy() error { if err := ingress.Init(); err != nil { return err } mesherTLSConfig, mesherSSLConfig, err := chassisTLS.GetTLSConfigByService( chassisRuntime.ServiceName, "rest", chassisCom.Provider) if err != nil { if !chassisTLS.IsSSLConfigNotExist(err) { return err } } else { openlog.Warn(fmt.Sprintf("TLS mode, verify peer: %t, cipher plugin: %s.", mesherSSLConfig.VerifyPeer, mesherSSLConfig.CipherPlugin)) } err = hs.listenAndServe(hs.opts.Address, mesherTLSConfig, http.HandlerFunc(HandleIngressTraffic)) if err != nil { return err } return nil } func (hs *httpServer) listenAndServe(addr string, t *tls.Config, h http.Handler) error { ln, err := net.Listen("tcp4", addr) if err != nil { return err } if t != nil { openlog.Info("run as https") lnTLS := tls.NewListener(ln, t) ln = lnTLS } go func() { hs.server = &http.Server{ Handler: h, } if err := hs.server.Serve(ln); err != nil { server.ErrRuntime <- err return } }() return nil } func (hs *httpServer) Stop() error { //go 1.8+ drain connections handleIncomingTraffic stop server if hs.server == nil { openlog.Info("http server don't need to be stopped") return nil } if err := hs.server.Shutdown(context.TODO()); err != nil { panic(err) } openlog.Info("Mesher gracefully stopped") return nil } func (hs *httpServer) String() string { return Name } func genTag(s ...string) string { return strings.Join(s, ".") }