Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor listener config #28

Closed
magiconair opened this issue Dec 13, 2015 · 3 comments
Closed

Refactor listener config #28

magiconair opened this issue Dec 13, 2015 · 3 comments
Milestone

Comments

@magiconair
Copy link
Contributor

The listener configuration in proxy.addr seemed like a good idea but wasn't. To provide parameters for read and write timeout and reuse the same configuration also for the UI (see issue #25) I'm planning to change the configuration of the listeners as follows:

# proxy.listen configures one or more listeners for the reverse proxy.
#
# The default is to create a single HTTP listener on :9999 without
# authentication. Listeners which have a valid certificate are on HTTPS. If the
# certificate file contains both the certificate and the private key then the
# 'key' parameter can be omitted. For HTTPS connections X509 client certificate
# authentication can be configured which is set to RequireAndVerifyCert when
# enabled.
#
# All certificates and keys must be in PEM format.
#
# To configure the listener you can set the following options:
#
# proxy.listen.<name>.addr; listen address
# proxy.listen.<name>.tlsCert: path to TLS certificate file
# proxy.listen.<name>.tlsKey: path to TLS key file
# proxy.listen.<name>.clientCert: path to client certficate file
# proxy.listen.<name>.readTimeout: read timeout
# proxy.listen.<name>.writeTimeout: write timeout

The same options will be available for the UI/API listener and the same code will start all listeners.

proxy.addr and ui.addr will be deprecated with a startup warning and removed in a later release.

@magiconair magiconair added this to the 1.0.8 milestone Dec 13, 2015
@magiconair magiconair modified the milestones: 1.0.9, 1.0.8 Jan 14, 2016
@magiconair magiconair modified the milestones: later, 1.0.9 Feb 12, 2016
@magiconair
Copy link
Contributor Author

Won't happen for 1.0.9 unfortunately.

@smancke
Copy link
Contributor

smancke commented Mar 26, 2016

Maybe it would be a good idea to allow a list of certificates for each listener, so that multiple Domains can be served on the same port.

As I saw, golang supports a slice of Certificates in tls.Config{} and should be able to create a mapping of the CommonName and SubjectAlternateName provided in the certificate (see also tls.Config.BuildNameToCertificate())

Maybe the configuration then should be something like:
proxy.listen..tlsCert.0 =
proxy.listen..tlsCert.1 =

@magiconair
Copy link
Contributor Author

I've started working on that to support #27 and #70 and #79 - which will support multiple dynamic certificates per listener - and will probably settle for

proxy.addr = [host]:port;opt=arg;opt=arg,[host]:port;opt=arg;...

This allows me to specify an arbitrary number of options without going crazy on parameter parsing. It is a similar approach as with the GODEBUG env variable.

magiconair added a commit that referenced this issue Jun 3, 2016
* Issue #27: change certificates via API
* Issue #28: refactor listener config
* Issue #70: support Vault
* Issue #85: SNI support
magiconair added a commit that referenced this issue Jun 3, 2016

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
* Issue #27: change certificates via API
* Issue #28: refactor listener config
* Issue #70: support Vault
* Issue #85: SNI support
magiconair added a commit that referenced this issue Jun 3, 2016
* Issue #27: change certificates via API
* Issue #28: refactor listener config
* Issue #70: support Vault
* Issue #85: SNI support
magiconair added a commit that referenced this issue Jun 3, 2016
* Issue #27: change certificates via API
* Issue #28: refactor listener config
* Issue #70: support Vault
* Issue #85: SNI support
magiconair added a commit that referenced this issue Jun 7, 2016
* Issue #27: change certificates via API
* Issue #28: refactor listener config
* Issue #70: support Vault
* Issue #85: SNI support
magiconair added a commit that referenced this issue Jun 7, 2016
* Issue #27: change certificates via API
* Issue #28: refactor listener config
* Issue #70: support Vault
* Issue #85: SNI support
magiconair added a commit that referenced this issue Jun 8, 2016
* Issue #27: change certificates via API
* Issue #28: refactor listener config
* Issue #70: support Vault
* Issue #85: SNI support
magiconair added a commit that referenced this issue Jun 8, 2016
* Issue #27: change certificates via API
* Issue #28: refactor listener config
* Issue #70: support Vault
* Issue #85: SNI support
magiconair added a commit that referenced this issue Jun 8, 2016
* Issue #27: change certificates via API
* Issue #28: refactor listener config
* Issue #70: support Vault
* Issue #85: SNI support
magiconair added a commit that referenced this issue Jun 8, 2016
* Issue #27: change certificates via API
* Issue #28: refactor listener config
* Issue #70: support Vault
* Issue #85: SNI support
magiconair added a commit that referenced this issue Jun 8, 2016
* Issue #27: change certificates via API
* Issue #28: refactor listener config
* Issue #70: support Vault
* Issue #85: SNI support
magiconair added a commit that referenced this issue Jun 9, 2016
* Issue #27: change certificates via API
* Issue #28: refactor listener config
* Issue #70: support Vault
* Issue #85: SNI support
magiconair added a commit that referenced this issue Jun 9, 2016
* Issue #27: change certificates via API
* Issue #28: refactor listener config
* Issue #70: support Vault
* Issue #85: SNI support
magiconair added a commit that referenced this issue Jun 9, 2016
* Issue #27: change certificates via API
* Issue #28: refactor listener config
* Issue #70: support Vault
* Issue #85: SNI support
magiconair added a commit that referenced this issue Jun 15, 2016
* Issue #27: change certificates via API
* Issue #28: refactor listener config
* Issue #70: support Vault
* Issue #85: SNI support
magiconair added a commit that referenced this issue Jun 15, 2016
* Issue #27: change certificates via API
* Issue #28: refactor listener config
* Issue #70: support Vault
* Issue #85: SNI support
@magiconair magiconair modified the milestones: 1.2, later Jun 21, 2016
magiconair added a commit that referenced this issue Jul 12, 2016
* Issue #27: change certificates via API
* Issue #28: refactor listener config
* Issue #70: support Vault
* Issue #85: SNI support
magiconair added a commit that referenced this issue Jul 16, 2016
* Issue #27: Add/remove certificates using API
* Issue #28: Refactor listener config
* Issue #70: SSL Certs from Vault
* Issue #79: Refactor config loading to use flag sets
* Issue #85: SNI Support
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants