Andreas/siyuan
1
0
Fork 0
mirror of https://github.com/siyuan-note/siyuan.git synced 2026-02-08 08:14:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
siyuan/kernel/server/proxy/fixedport.go
Davide Garberi cff12611c0
🎨 Support HTTPS network serving (#16930) 
* Add use TLS for network serving configuration option

* kernel: Implement TLS certificate generation

* kernel: server: Use https for fixed port proxy when needed

* Allow exporting the CA Certificate file

* Implement import and export of CA Certs

* kernel: fixedport: Use the same port for HTTP and HTTPS
2026-01-29 09:41:39 +08:00

96 lines
3 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

// SiYuan - Refactor your thinking
// Copyright (c) 2020-present, b3log.org
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package proxy
import (
"crypto/tls"
"net"
"net/http"
"net/http/httputil"
"github.com/siyuan-note/logging"
"github.com/siyuan-note/siyuan/kernel/util"
"github.com/soheilhy/cmux"
)
func InitFixedPortService(host string, useTLS bool, certPath, keyPath string) {
if util.FixedPort != util.ServerPort {
if util.IsPortOpen(util.FixedPort) {
return
}
addr := host + ":" + util.FixedPort
// 启动一个固定 6806 端口的反向代理服务器,这样浏览器扩展才能直接使用 127.0.0.1:6806不用配置端口
proxy := httputil.NewSingleHostReverseProxy(util.ServerURL)
if useTLS {
proxy.Transport = &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
logging.LogInfof("fixed port service [%s] is running (HTTP/HTTPS dual mode)", addr)
ln, err := net.Listen("tcp", addr)
if err != nil {
logging.LogWarnf("boot fixed port service [%s] failed: %s", addr, err)
return
}
m := cmux.New(ln)
// Match TLS connections (first byte 0x16 indicates TLS handshake)
tlsL := m.Match(cmux.TLS())
// Match HTTP (anything else)
httpL := m.Match(cmux.Any())
cert, err := tls.LoadX509KeyPair(certPath, keyPath)
if err != nil {
logging.LogWarnf("failed to load TLS cert for fixed port service: %s", err)
ln.Close()
return
}
tlsConfig := &tls.Config{Certificates: []tls.Certificate{cert}}
tlsListener := tls.NewListener(tlsL, tlsConfig)
go func() {
httpServer := &http.Server{Handler: proxy}
if err := httpServer.Serve(httpL); err != nil && err != cmux.ErrListenerClosed {
logging.LogWarnf("fixed port HTTP server error: %s", err)
}
}()
go func() {
httpsServer := &http.Server{Handler: proxy}
if err := httpsServer.Serve(tlsListener); err != nil && err != cmux.ErrListenerClosed {
logging.LogWarnf("fixed port HTTPS server error: %s", err)
}
}()
if err := m.Serve(); err != nil && err != cmux.ErrListenerClosed {
logging.LogWarnf("fixed port cmux serve error: %s", err)
}
} else {
logging.LogInfof("fixed port service [%s] is running", addr)
if proxyErr := http.ListenAndServe(addr, proxy); nil != proxyErr {
logging.LogWarnf("boot fixed port service [%s] failed: %s", util.ServerURL, proxyErr)
}
}
logging.LogInfof("fixed port service [%s] is stopped", addr)
}
}
Reference in a new issue View git blame Copy permalink