diff --git a/common/sanitize/sanitize.go b/common/sanitize/sanitize.go index fa35b897e6..6f2c081e0b 100644 --- a/common/sanitize/sanitize.go +++ b/common/sanitize/sanitize.go @@ -29,7 +29,11 @@ func URL(defaultScheme string, defaultPort int, defaultPath string) func(string) if _, port, err := net.SplitHostPort(u.Host); err != nil && defaultPort > 0 { u.Host += fmt.Sprintf(":%d", defaultPort) } else if port == "443" { - u.Scheme = "https" + if u.Scheme == "ws" { + u.Scheme = "wss" + } else { + u.Scheme = "https" + } } if defaultPath != "" && u.Path != defaultPath { u.Path = defaultPath diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index b38721d14d..a58e0f5bf8 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -67,6 +67,7 @@ weave_expose() { mkdir -p /etc/weave APP_ARGS="" PROBE_ARGS="" +TOKEN_PROVIDED=false if [ "$1" = version ]; then /home/weave/scope version @@ -108,7 +109,7 @@ while true; do shift fi PROBE_ARGS="$PROBE_ARGS -token=$ARG_VALUE" - echo "scope.weave.works:80" >/etc/weave/apps + TOKEN_PROVIDED=true touch /etc/service/app/down ;; --no-app) @@ -157,7 +158,15 @@ echo "$PROBE_ARGS" >/etc/weave/scope-probe.args # using Weave DNS. We stick these in /etc/weave/apps # for the run-probe script to pick up. MANUAL_APPS=$@ + +# Implicitly target the Scope Service if a service token was provided with +# no explicit manual app. +if [ "$MANUAL_APPS" = "" -a "$TOKEN_PROVIDED" = "true" ]; then + MANUAL_APPS="scope.weave.works:443" +fi + echo "$MANUAL_APPS" >>/etc/weave/apps + exec /home/weave/runsvinit diff --git a/xfer/app_client.go b/xfer/app_client.go index 6043ea2193..379b936048 100644 --- a/xfer/app_client.go +++ b/xfer/app_client.go @@ -41,10 +41,11 @@ type AppClient interface { type appClient struct { ProbeConfig - quit chan struct{} - mtx sync.Mutex - target string - client http.Client + quit chan struct{} + mtx sync.Mutex + target string + client http.Client + wsDialer websocket.Dialer // Track all the background goroutines, ensure they all stop backgroundWait sync.WaitGroup @@ -74,6 +75,9 @@ func NewAppClient(pc ProbeConfig, hostname, target string, control ControlHandle client: http.Client{ Transport: httpTransport, }, + wsDialer: websocket.Dialer{ + TLSClientConfig: httpTransport.TLSClientConfig, + }, conns: map[string]*websocket.Conn{}, readers: make(chan io.Reader), control: control, @@ -186,12 +190,10 @@ func (c *appClient) doWithBackoff(msg string, f func() (bool, error)) { } func (c *appClient) controlConnection() (bool, error) { - dialer := websocket.Dialer{} headers := http.Header{} c.ProbeConfig.authorizeHeaders(headers) - // TODO(twilkie) need to update sanitize to work with wss url := sanitize.URL("ws://", 0, "/api/control/ws")(c.target) - conn, _, err := dialer.Dial(url, headers) + conn, _, err := c.wsDialer.Dial(url, headers) if err != nil { return false, err } @@ -270,12 +272,10 @@ func (c *appClient) Publish(r io.Reader) error { } func (c *appClient) pipeConnection(id string, pipe Pipe) (bool, error) { - dialer := websocket.Dialer{} headers := http.Header{} c.ProbeConfig.authorizeHeaders(headers) - // TODO(twilkie) need to update sanitize to work with wss url := sanitize.URL("ws://", 0, fmt.Sprintf("/api/pipe/%s/probe", id))(c.target) - conn, resp, err := dialer.Dial(url, headers) + conn, resp, err := c.wsDialer.Dial(url, headers) if resp != nil && resp.StatusCode == http.StatusNotFound { // Special handling - 404 means the app/user has closed the pipe pipe.Close()