-
Notifications
You must be signed in to change notification settings - Fork 79
/
Copy pathserver.go
198 lines (184 loc) · 4.66 KB
/
server.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
package tigertonic
import (
"crypto/tls"
"crypto/x509"
"io/ioutil"
"net"
"net/http"
"sync"
"time"
)
// Server is an http.Server with better defaults and built-in graceful stop.
type Server struct {
http.Server
ch chan<- struct{}
conns map[string]net.Conn
listeners []net.Listener
mu sync.Mutex // guards conns and listeners
wg sync.WaitGroup
}
// NewServer returns an http.Server with better defaults and built-in graceful
// stop.
func NewServer(addr string, handler http.Handler) *Server {
ch := make(chan struct{})
s := &Server{
Server: http.Server{
Addr: addr,
Handler: &serverHandler{
Handler: handler,
},
MaxHeaderBytes: 4096,
ReadTimeout: 60e9, // These are absolute times which must be
WriteTimeout: 60e9, // longer than the longest {up,down}load.
},
ch: ch,
conns: make(map[string]net.Conn),
}
s.ConnState = func(conn net.Conn, state http.ConnState) {
switch state {
case http.StateNew:
s.wg.Add(1)
case http.StateActive:
s.mu.Lock()
delete(s.conns, conn.LocalAddr().String())
s.mu.Unlock()
case http.StateIdle:
select {
case <-ch:
//conn.SetReadDeadline(time.Now().Add(500 * time.Millisecond)) // Doesn't work but seems like the right idea.
conn.Close()
default:
s.mu.Lock()
s.conns[conn.LocalAddr().String()] = conn
s.mu.Unlock()
}
case http.StateHijacked, http.StateClosed:
s.wg.Done()
}
}
return s
}
// NewTLSServer returns an http.Server with better defaults configured to use
// the certificate and private key files.
func NewTLSServer(
addr, cert, key string,
handler http.Handler,
) (*Server, error) {
s := NewServer(addr, handler)
return s, s.TLS(cert, key)
}
// CA overrides the certificate authority on the Server's TLSConfig field.
func (s *Server) CA(ca string) error {
certPool := x509.NewCertPool()
buf, err := ioutil.ReadFile(ca)
if nil != err {
return err
}
certPool.AppendCertsFromPEM(buf)
s.tlsConfig()
s.TLSConfig.RootCAs = certPool
return nil
}
// ClientCA configures the CA pool for verifying client side certificates.
func (s *Server) ClientCA(ca string) error {
certPool := x509.NewCertPool()
buf, err := ioutil.ReadFile(ca)
if nil != err {
return err
}
certPool.AppendCertsFromPEM(buf)
s.tlsConfig()
s.TLSConfig.ClientAuth = tls.RequireAndVerifyClientCert
s.TLSConfig.ClientCAs = certPool
return nil
}
// Close closes all the net.Listeners passed to Serve (even via ListenAndServe)
// and signals open connections to close at their earliest convenience. That
// is either after responding to the current request or after a short grace
// period for idle keepalive connections. Close blocks until all connections
// have been closed.
func (s *Server) Close() error {
close(s.ch)
s.SetKeepAlivesEnabled(false)
s.mu.Lock()
for _, l := range s.listeners {
if err := l.Close(); nil != err {
return err
}
}
s.listeners = nil
t := time.Now().Add(500 * time.Millisecond)
for _, c := range s.conns {
c.SetReadDeadline(t)
}
s.conns = make(map[string]net.Conn)
s.mu.Unlock()
s.wg.Wait()
return nil
}
// ListenAndServe calls net.Listen with s.Addr and then calls s.Serve.
func (s *Server) ListenAndServe() error {
addr := s.Addr
if "" == addr {
if nil == s.TLSConfig {
addr = ":http"
} else {
addr = ":https"
}
}
l, err := net.Listen("tcp", addr)
if nil != err {
return err
}
if nil != s.TLSConfig {
l = tls.NewListener(l, s.TLSConfig)
}
return s.Serve(l)
}
// ListenAndServeTLS calls s.TLS with the given certificate and private key
// files and then calls s.ListenAndServe.
func (s *Server) ListenAndServeTLS(cert, key string) error {
if err := s.TLS(cert, key); err != nil {
return err
}
return s.ListenAndServe()
}
// Serve behaves like http.Server.Serve with the added option to stop the
// Server gracefully with the s.Close method.
func (s *Server) Serve(l net.Listener) error {
s.mu.Lock()
s.listeners = append(s.listeners, l)
s.mu.Unlock()
return s.Server.Serve(l)
}
// TLS configures this Server to be a TLS server using the given certificate
// and private key files.
func (s *Server) TLS(cert, key string) error {
c, err := tls.LoadX509KeyPair(cert, key)
if nil != err {
return err
}
s.tlsConfig()
s.TLSConfig.Certificates = []tls.Certificate{c}
return nil
}
func (s *Server) tlsConfig() {
if nil == s.TLSConfig {
s.TLSConfig = &tls.Config{
NextProtos: []string{"http/1.1"},
}
}
}
type serverHandler struct {
http.Handler
}
func (h *serverHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// r.Header.Set("Host", r.Host) // Should I?
r.URL.Host = r.Host
if nil != r.TLS {
r.URL.Scheme = "https"
} else {
r.URL.Scheme = "http"
}
h.Handler.ServeHTTP(w, r)
}