Improve log formatting, syntax and order. Require TLS 1.2 when acting as a server
This commit is contained in:
parent
c28d6e3675
commit
23bf0ff34c
20
server.go
20
server.go
|
|
@ -34,6 +34,9 @@ var (
|
|||
|
||||
func init() {
|
||||
setMyIpAndPtrAddr(&myIp, &myPtrAddr)
|
||||
if len(myPtrAddr) > 0 {
|
||||
tlsCertManager.HostPolicy = autocert.HostWhitelist(append(allowedHosts, myPtrAddr)...)
|
||||
}
|
||||
}
|
||||
|
||||
// setMyIpAndPtrAddr attempts to set myIp and myPtrAddr
|
||||
|
|
@ -75,7 +78,10 @@ func newHttpReverseProxy(addr string, serveTls bool) *httpReverseProxy {
|
|||
server.Addr = addr
|
||||
server.serveTls = serveTls
|
||||
if server.serveTls {
|
||||
server.TLSConfig = &tls.Config{GetCertificate: tlsCertManager.GetCertificate}
|
||||
server.TLSConfig = &tls.Config{
|
||||
GetCertificate: tlsCertManager.GetCertificate,
|
||||
MinVersion: tls.VersionTLS12,
|
||||
}
|
||||
}
|
||||
|
||||
proxy := new(httputil.ReverseProxy)
|
||||
|
|
@ -91,7 +97,7 @@ func newHttpReverseProxy(addr string, serveTls bool) *httpReverseProxy {
|
|||
}
|
||||
|
||||
mux := http.NewServeMux()
|
||||
// Hostnames specified in the variable allowedHosts for which the reverse proxy should direct requests to the target host
|
||||
// Hostnames for which the reverse proxy should direct requests to the target host
|
||||
for _, host := range allowedHosts {
|
||||
mux.Handle(host+"/", proxy)
|
||||
mux.Handle(host+"/.well-known/acme-challenge/", tlsCertManager.HTTPHandler(nil))
|
||||
|
|
@ -122,15 +128,17 @@ func newHttpReverseProxy(addr string, serveTls bool) *httpReverseProxy {
|
|||
|
||||
// listenAndServe will call ListenAndServe or ListenAndServeTLS on httpReverseProxy to handle requests on incoming connections
|
||||
func (t *httpReverseProxy) listenAndServe() {
|
||||
fmt.Printf("Listening on %s\n", t.Addr)
|
||||
var err error
|
||||
|
||||
fmt.Printf("Listening on %s\n", t.Addr)
|
||||
|
||||
if t.serveTls {
|
||||
err = t.ListenAndServeTLS("", "")
|
||||
} else {
|
||||
err = t.ListenAndServe()
|
||||
}
|
||||
if err != nil {
|
||||
log.Fatalf("listenAndServe, Addr: %s, serveTls: %s, error: %s", t.Addr, strconv.FormatBool(t.serveTls), err)
|
||||
log.Fatalf("listenAndServe, Addr: %s, serveTls: %s, error: %v", t.Addr, strconv.FormatBool(t.serveTls), err)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -139,10 +147,6 @@ func main() {
|
|||
log.Fatalf("Invalid Let's Encrypt account email: %v\n", err)
|
||||
}
|
||||
|
||||
if len(myPtrAddr) > 0 {
|
||||
tlsCertManager.HostPolicy = autocert.HostWhitelist(append(allowedHosts, myPtrAddr)...)
|
||||
}
|
||||
|
||||
fmt.Print("Allowed hosts: ")
|
||||
fmt.Println(allowedHosts)
|
||||
fmt.Print("PTR record (if any): ")
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user