mirror of
https://github.com/alibaba/anyproxy.git
synced 2025-08-04 21:39:04 +00:00
fix https proxy server for ip host
This commit is contained in:
xiaofeng.mxf
@@ -4,61 +4,16 @@
|
||||
const async = require('async'),
|
||||
https = require('https'),
|
||||
tls = require('tls'),
|
||||
assert = require('assert'),
|
||||
crypto = require('crypto'),
|
||||
color = require('colorful'),
|
||||
certMgr = require('./certMgr'),
|
||||
logUtil = require('./log'),
|
||||
util = require('./util'),
|
||||
wsServerMgr = require('./wsServerMgr'),
|
||||
co = require('co'),
|
||||
assert = require('assert'),
|
||||
constants = require('constants'),
|
||||
asyncTask = require('async-task-mgr');
|
||||
|
||||
const createSecureContext = tls.createSecureContext || crypto.createSecureContext;
|
||||
function SNIPrepareCert(serverName, SNICallback) {
|
||||
let keyContent,
|
||||
crtContent,
|
||||
ctx;
|
||||
|
||||
async.series([
|
||||
(callback) => {
|
||||
certMgr.getCertificate(serverName, (err, key, crt) => {
|
||||
if (err) {
|
||||
callback(err);
|
||||
} else {
|
||||
keyContent = key;
|
||||
crtContent = crt;
|
||||
callback();
|
||||
}
|
||||
});
|
||||
},
|
||||
(callback) => {
|
||||
try {
|
||||
ctx = createSecureContext({
|
||||
key: keyContent,
|
||||
cert: crtContent
|
||||
});
|
||||
callback();
|
||||
} catch (e) {
|
||||
callback(e);
|
||||
}
|
||||
}
|
||||
], (err) => {
|
||||
if (!err) {
|
||||
const tipText = 'proxy server for __NAME established'.replace('__NAME', serverName);
|
||||
logUtil.printLog(color.yellow(color.bold('[internal https]')) + color.yellow(tipText));
|
||||
SNICallback(null, ctx);
|
||||
} else {
|
||||
logUtil.printLog('err occurred when prepare certs for SNI - ' + err, logUtil.T_ERR);
|
||||
logUtil.printLog('err occurred when prepare certs for SNI - ' + err.stack, logUtil.T_ERR);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
//config.port - port to start https server
|
||||
//config.handler - request handler
|
||||
|
||||
/**
|
||||
* Create an https server
|
||||
*
|
||||
@@ -66,55 +21,107 @@ function SNIPrepareCert(serverName, SNICallback) {
|
||||
* @param {number} config.port
|
||||
* @param {function} config.handler
|
||||
*/
|
||||
function createHttpsServer(config) {
|
||||
if (!config || !config.port || !config.handler) {
|
||||
throw (new Error('please assign a port'));
|
||||
function createHttpsSNIServer(port, handler) {
|
||||
assert(port && handler, 'invalid param for https SNI server');
|
||||
|
||||
const createSecureContext = tls.createSecureContext || crypto.createSecureContext;
|
||||
function SNIPrepareCert(serverName, SNICallback) {
|
||||
let keyContent,
|
||||
crtContent,
|
||||
ctx;
|
||||
|
||||
async.series([
|
||||
(callback) => {
|
||||
certMgr.getCertificate(serverName, (err, key, crt) => {
|
||||
if (err) {
|
||||
callback(err);
|
||||
} else {
|
||||
keyContent = key;
|
||||
crtContent = crt;
|
||||
callback();
|
||||
}
|
||||
});
|
||||
},
|
||||
(callback) => {
|
||||
try {
|
||||
ctx = createSecureContext({
|
||||
key: keyContent,
|
||||
cert: crtContent
|
||||
});
|
||||
callback();
|
||||
} catch (e) {
|
||||
callback(e);
|
||||
}
|
||||
}
|
||||
], (err) => {
|
||||
if (!err) {
|
||||
const tipText = 'proxy server for __NAME established'.replace('__NAME', serverName);
|
||||
logUtil.printLog(color.yellow(color.bold('[internal https]')) + color.yellow(tipText));
|
||||
SNICallback(null, ctx);
|
||||
} else {
|
||||
logUtil.printLog('err occurred when prepare certs for SNI - ' + err, logUtil.T_ERR);
|
||||
logUtil.printLog('err occurred when prepare certs for SNI - ' + err.stack, logUtil.T_ERR);
|
||||
SNICallback(err);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
return new Promise((resolve) => {
|
||||
const server = https.createServer({
|
||||
secureOptions: constants.SSL_OP_NO_SSLv3 || constants.SSL_OP_NO_TLSv1,
|
||||
SNICallback: SNIPrepareCert,
|
||||
}, config.handler).listen(config.port);
|
||||
}, handler).listen(port);
|
||||
resolve(server);
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
* @class httpsServerMgr
|
||||
* @param {object} config
|
||||
* @param {function} config.handler handler to deal https request
|
||||
*
|
||||
*/
|
||||
function createHttpsIPServer(ip, port, handler) {
|
||||
assert(ip && port && handler, 'invalid param for https IP server');
|
||||
|
||||
return new Promise((resolve, reject) => {
|
||||
certMgr.getCertificate(ip, (err, keyContent, crtContent) => {
|
||||
if (err) return reject(err);
|
||||
const server = https.createServer({
|
||||
secureOptions: constants.SSL_OP_NO_SSLv3 || constants.SSL_OP_NO_TLSv1,
|
||||
key: keyContent,
|
||||
cert: crtContent,
|
||||
}, handler).listen(port);
|
||||
|
||||
resolve(server);
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
class httpsServerMgr {
|
||||
constructor(config) {
|
||||
assert(config, 'config is required');
|
||||
assert(config.handler && config.wsHandler, 'handler and wsHandler are required');
|
||||
assert(config.hostname, 'hostname is required');
|
||||
this.hostname = config.hostname;
|
||||
this.handler = config.handler;
|
||||
this.wsHandler = config.wsHandler;
|
||||
if (!config || !config.handler) {
|
||||
throw new Error('handler is required');
|
||||
}
|
||||
this.httpsAsyncTask = new asyncTask();
|
||||
this.asyncTaskName = `https_${Math.random()}`;
|
||||
this.httpsServer = null;
|
||||
this.handler = config.handler;
|
||||
this.wsHandler = config.wsHandler
|
||||
this.asyncSNITaskName = `https_SNI_${Math.random()}`;
|
||||
this.activeServers = [];
|
||||
}
|
||||
|
||||
getSharedHttpsServer() {
|
||||
getSharedHttpsServer(hostname) {
|
||||
const self = this;
|
||||
const finalHost = self.hostname;
|
||||
function prepareServer(callback) {
|
||||
let instancePort;
|
||||
co(util.getFreePort)
|
||||
.then(co.wrap(function *(port) {
|
||||
instancePort = port;
|
||||
let httpsServer = null;
|
||||
const ifIPHost = hostname && util.isIp(hostname);
|
||||
const serverHost = '127.0.0.1';
|
||||
|
||||
httpsServer = yield createHttpsServer({
|
||||
port,
|
||||
handler: self.handler
|
||||
});
|
||||
function prepareServer(callback) {
|
||||
let port;
|
||||
Promise.resolve(util.getFreePort())
|
||||
.then(freePort => {
|
||||
port = freePort;
|
||||
if (ifIPHost) {
|
||||
return createHttpsIPServer(hostname, port, self.handler);
|
||||
} else {
|
||||
return createHttpsSNIServer(port, self.handler);
|
||||
}
|
||||
})
|
||||
.then(httpsServer => {
|
||||
self.activeServers.push(httpsServer);
|
||||
|
||||
wsServerMgr.getWsServer({
|
||||
server: httpsServer,
|
||||
@@ -125,22 +132,20 @@ class httpsServerMgr {
|
||||
logUtil.debug('will let WebSocket server to handle the upgrade event');
|
||||
});
|
||||
|
||||
self.httpsServer = httpsServer;
|
||||
|
||||
const result = {
|
||||
host: finalHost,
|
||||
port: instancePort,
|
||||
host: serverHost,
|
||||
port,
|
||||
};
|
||||
callback(null, result);
|
||||
return result;
|
||||
}))
|
||||
})
|
||||
.catch(e => {
|
||||
callback(e);
|
||||
});
|
||||
}
|
||||
|
||||
// same server for same host
|
||||
return new Promise((resolve, reject) => {
|
||||
self.httpsAsyncTask.addTask(self.asyncTaskName, prepareServer, (error, serverInfo) => {
|
||||
self.httpsAsyncTask.addTask(ifIPHost ? hostname : serverHost, prepareServer, (error, serverInfo) => {
|
||||
if (error) {
|
||||
reject(error);
|
||||
} else {
|
||||
@@ -151,7 +156,9 @@ class httpsServerMgr {
|
||||
}
|
||||
|
||||
close() {
|
||||
return this.httpsServer && this.httpsServer.close();
|
||||
this.activeServers.forEach(server => {
|
||||
server.close();
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -298,7 +298,7 @@ module.exports.getByteSize = function (content) {
|
||||
/*
|
||||
* identify whether the
|
||||
*/
|
||||
module.exports.isIpDomain = function (domain) {
|
||||
module.exports.isIp = function (domain) {
|
||||
if (!domain) {
|
||||
return false;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user