From dd65e32fb55671200dcf5a8672dd3a096faad6e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=88=98=E6=B2=B3?= <shixi_liuhe1@staff.sina.com.cn>
Date: Mon, 1 Apr 2019 23:54:03 +0800
Subject: [PATCH] Https defaule support

---
 conf/nps.conf         |  5 ++++-
 server/proxy/https.go | 32 +++++++++++++++++++++++++-------
 2 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/conf/nps.conf b/conf/nps.conf
index 1269f0d7..e5042317 100755
--- a/conf/nps.conf
+++ b/conf/nps.conf
@@ -3,10 +3,13 @@ appname = nps
 runmode = pro
 
 #HTTP(S) proxy port, no startup if empty
+http_proxy_ip=0.0.0.0
 http_proxy_port=80
 https_proxy_port=443
 https_just_proxy=true
-http_proxy_ip=0.0.0.0
+#default https certificate setting
+https_default_cert_file=conf/server.pem
+https_default_key_file=conf/server.key
 
 ##bridge
 bridge_type=tcp
diff --git a/server/proxy/https.go b/server/proxy/https.go
index 3a134a8e..67627897 100644
--- a/server/proxy/https.go
+++ b/server/proxy/https.go
@@ -33,8 +33,20 @@ func (https *HttpsServer) Start() error {
 			https.handleHttps(c)
 		})
 	} else {
+		//start the default listener
+		certFile := beego.AppConfig.String("https_default_cert_file")
+		keyFile := beego.AppConfig.String("https_default_key_file")
+		if common.FileExists(certFile) && common.FileExists(keyFile) {
+			l := NewHttpsListener(https.listener)
+			https.NewHttps(l, certFile, keyFile)
+			https.httpsListenerMap.Store("default", l)
+		}
 		conn.Accept(https.listener, func(c net.Conn) {
 			serverName, rb := GetServerNameFromClientHello(c)
+			//if the clientHello does not contains sni ,use the default ssl certificate
+			if serverName == "" {
+				serverName = "default"
+			}
 			var l *HttpsListener
 			if v, ok := https.httpsListenerMap.Load(serverName); ok {
 				l = v.(*HttpsListener)
@@ -42,17 +54,23 @@ func (https *HttpsServer) Start() error {
 				r := buildHttpsRequest(serverName)
 				if host, err := file.GetDb().GetInfoByHost(serverName, r); err != nil {
 					c.Close()
-					logs.Notice("the url %s can't be parsed!", serverName)
+					logs.Notice("the url %s can't be parsed!,remote addr %s", serverName, c.RemoteAddr().String())
 					return
 				} else {
 					if !common.FileExists(host.CertFilePath) || !common.FileExists(host.KeyFilePath) {
-						c.Close()
-						logs.Error("the key %s cert %s file is not exist", host.KeyFilePath, host.CertFilePath)
-						return
+						//if the host cert file or key file is not set ,use the default file
+						if v, ok := https.httpsListenerMap.Load("default"); ok {
+							l = v.(*HttpsListener)
+						} else {
+							c.Close()
+							logs.Error("the key %s cert %s file is not exist", host.KeyFilePath, host.CertFilePath)
+							return
+						}
+					} else {
+						l = NewHttpsListener(https.listener)
+						https.NewHttps(l, host.CertFilePath, host.KeyFilePath)
+						https.httpsListenerMap.Store(serverName, l)
 					}
-					l = NewHttpsListener(https.listener)
-					https.NewHttps(l, host.CertFilePath, host.KeyFilePath)
-					https.httpsListenerMap.Store(serverName, l)
 				}
 			}
 			acceptConn := conn.NewConn(c)