Embedded outpost (#1193)

* api: allow API requests as managed outpost's account when using secret_key Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: load secret key from env Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outposts: make listener IP configurable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost/proxy: run outpost in background and pass requests conditionally Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * outpost: unify branding to embedded Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: fix embedded outpost not being editable Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix mismatched host detection Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: fix LDAP test not including user for embedded outpost Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * tests/e2e: fix user matching Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add tests for secret_key auth Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * root: load environment variables using github.com/Netflix/go-env Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-29 11:30:30 +02:00
parent 1b03aae7aa
commit f01bc20d44
28 changed files with 285 additions and 118 deletions
--- a/internal/outpost/proxy/server_https.go
+++ b/internal/outpost/proxy/server_https.go
@ -2,27 +2,13 @@ package proxy

 import (
 	"crypto/tls"
+	"fmt"
 	"net"
 	"sync"

 	"github.com/pires/go-proxyproto"
 )

-// ServeHTTP constructs a net.Listener and starts handling HTTP requests
-func (s *Server) ServeHTTP() {
-	listenAddress := "0.0.0.0:4180"
-	listener, err := net.Listen("tcp", listenAddress)
-	if err != nil {
-		s.logger.Fatalf("FATAL: listen (%s) failed - %s", listenAddress, err)
-	}
-	proxyListener := &proxyproto.Listener{Listener: listener}
-	defer proxyListener.Close()
-
-	s.logger.Printf("listening on %s", listener.Addr())
-	s.serve(proxyListener)
-	s.logger.Printf("closing %s", listener.Addr())
-}
-
 func (s *Server) getCertificates(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
 	handler, ok := s.Handlers[info.ServerName]
 	if !ok {
@ -38,7 +24,7 @@ func (s *Server) getCertificates(info *tls.ClientHelloInfo) (*tls.Certificate, e

 // ServeHTTPS constructs a net.Listener and starts handling HTTPS requests
 func (s *Server) ServeHTTPS() {
-	listenAddress := "0.0.0.0:4443"
+	listenAddress := fmt.Sprintf(s.Listen, 4443)
 	config := &tls.Config{
 		MinVersion:     tls.VersionTLS12,
 		MaxVersion:     tls.VersionTLS12,