# frozen_string_literal: true # Copyright, 2018, by Samuel G. D. Williams. # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal # in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN # THE SOFTWARE. require 'async/container/controller' require_relative 'serve' require_relative '../middleware/proxy' require_relative '../service/proxy' require_relative '../tls' module Falcon module Controller # A controller for proxying requests. class Proxy < Serve # The default SSL session identifier. DEFAULT_SESSION_ID = "falcon" # Initialize the proxy controller. # @parameter command [Command::Proxy] The user-specified command-line options. # @parameter session_id [String] The SSL session identifier to use for the session cache. def initialize(command, session_id: DEFAULT_SESSION_ID, **options) super(command, **options) @session_id = session_id @hosts = {} end # Load the {Middleware::Proxy} application with the specified hosts. def load_app return Middleware::Proxy.new(Middleware::BadRequest, @hosts) end # The name of the controller which is used for the process title. def name "Falcon Proxy Server" end # Look up the host context for the given hostname, and update the socket hostname if necessary. # @parameter socket [OpenSSL::SSL::SSLSocket] The incoming connection. # @parameter hostname [String] The negotiated hostname. def host_context(socket, hostname) if host = @hosts[hostname] Console.logger.debug(self) {"Resolving #{hostname} -> #{host}"} socket.hostname = hostname return host.ssl_context else Console.logger.warn(self) {"Unable to resolve #{hostname}!"} return nil end end # Generate an SSL context which delegates to {host_context} to multiplex based on hostname. def ssl_context @server_context ||= OpenSSL::SSL::SSLContext.new.tap do |context| context.servername_cb = Proc.new do |socket, hostname| self.host_context(socket, hostname) end context.session_id_context = @session_id context.ssl_version = :TLSv1_2_server context.set_params( ciphers: TLS::SERVER_CIPHERS, verify_mode: OpenSSL::SSL::VERIFY_NONE, ) context.setup end end # The endpoint the server will bind to. def endpoint @command.endpoint.with( ssl_context: self.ssl_context, reuse_address: true, ) end # Builds a map of host redirections. def start configuration = @command.configuration services = Services.new(configuration) @hosts = {} services.each do |service| if service.is_a?(Service::Proxy) Console.logger.info(self) {"Proxying #{service.authority} to #{service.endpoint}"} @hosts[service.authority] = service # Pre-cache the ssl contexts: # It seems some OpenSSL objects don't like event-driven I/O. service.ssl_context end end super end end end end