Https defaule support

ehang-io · Apr 1, 2019 · dd65e32 · dd65e32
1 parent b1b91b0
commit dd65e32
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 8 deletions.
diff --git a/conf/nps.conf b/conf/nps.conf
@@ -3,10 +3,13 @@ appname = nps
 runmode = pro
 
 #HTTP(S) proxy port, no startup if empty
+http_proxy_ip=0.0.0.0
 http_proxy_port=80
 https_proxy_port=443
 https_just_proxy=true
-http_proxy_ip=0.0.0.0
+#default https certificate setting
+https_default_cert_file=conf/server.pem
+https_default_key_file=conf/server.key
 
 ##bridge
 bridge_type=tcp

diff --git a/server/proxy/https.go b/server/proxy/https.go
@@ -33,26 +33,44 @@ func (https *HttpsServer) Start() error {
 			https.handleHttps(c)
 		})
 	} else {
+		//start the default listener
+		certFile := beego.AppConfig.String("https_default_cert_file")
+		keyFile := beego.AppConfig.String("https_default_key_file")
+		if common.FileExists(certFile) && common.FileExists(keyFile) {
+			l := NewHttpsListener(https.listener)
+			https.NewHttps(l, certFile, keyFile)
+			https.httpsListenerMap.Store("default", l)
+		}
 		conn.Accept(https.listener, func(c net.Conn) {
 			serverName, rb := GetServerNameFromClientHello(c)
+			//if the clientHello does not contains sni ,use the default ssl certificate
+			if serverName == "" {
+				serverName = "default"
+			}
 			var l *HttpsListener
 			if v, ok := https.httpsListenerMap.Load(serverName); ok {
 				l = v.(*HttpsListener)
 			} else {
 				r := buildHttpsRequest(serverName)
 				if host, err := file.GetDb().GetInfoByHost(serverName, r); err != nil {
 					c.Close()
-					logs.Notice("the url %s can't be parsed!", serverName)
+					logs.Notice("the url %s can't be parsed!,remote addr %s", serverName, c.RemoteAddr().String())
 					return
 				} else {
 					if !common.FileExists(host.CertFilePath) || !common.FileExists(host.KeyFilePath) {
-						c.Close()
-						logs.Error("the key %s cert %s file is not exist", host.KeyFilePath, host.CertFilePath)
-						return
+						//if the host cert file or key file is not set ,use the default file
+						if v, ok := https.httpsListenerMap.Load("default"); ok {
+							l = v.(*HttpsListener)
+						} else {
+							c.Close()
+							logs.Error("the key %s cert %s file is not exist", host.KeyFilePath, host.CertFilePath)
+							return
+						}
+					} else {
+						l = NewHttpsListener(https.listener)
+						https.NewHttps(l, host.CertFilePath, host.KeyFilePath)
+						https.httpsListenerMap.Store(serverName, l)
 					}
-					l = NewHttpsListener(https.listener)
-					https.NewHttps(l, host.CertFilePath, host.KeyFilePath)
-					https.httpsListenerMap.Store(serverName, l)
 				}
 			}
 			acceptConn := conn.NewConn(c)