ingress

package
v0.0.0-...-f274180 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 22, 2024 License: Apache-2.0 Imports: 37 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SSHServerFlag                 = "ssh-server"
	Socks5Flag                    = "socks5"
	ProxyConnectTimeoutFlag       = "proxy-connect-timeout"
	ProxyTLSTimeoutFlag           = "proxy-tls-timeout"
	ProxyTCPKeepAliveFlag         = "proxy-tcp-keepalive"
	ProxyNoHappyEyeballsFlag      = "proxy-no-happy-eyeballs"
	ProxyKeepAliveConnectionsFlag = "proxy-keepalive-connections"
	ProxyKeepAliveTimeoutFlag     = "proxy-keepalive-timeout"
	HTTPHostHeaderFlag            = "http-host-header"
	OriginServerNameFlag          = "origin-server-name"
	MatchSNIToHostFlag            = "match-sni-to-host"
	NoTLSVerifyFlag               = "no-tls-verify"
	NoChunkedEncodingFlag         = "no-chunked-encoding"
	ProxyAddressFlag              = "proxy-address"
	ProxyPortFlag                 = "proxy-port"
	Http2OriginFlag               = "http2-origin"
)
View Source 
const (
	ServiceBastion     = "bastion"
	ServiceSocksProxy  = "socks-proxy"
	ServiceWarpRouting = "warp-routing"
)
View Source 
const (
	HelloWorldService = "hello_world"
	HelloWorldFlag    = "hello-world"
	HttpStatusService = "http_status"
)

Variables

View Source 
var (
	ErrNoIngressRules    = errors.New("The config file doesn't contain any ingress rules")
	ErrNoIngressRulesCLI = errors.New("No ingress rules were defined in provided config (if any) nor from the cli, cloudflared will return 503 for all incoming HTTP requests")

	ErrURLIncompatibleWithIngress = errors.New("You can't set the --url flag (or $TUNNEL_URL) when using multiple-origin ingress rules")
)

Functions

func ConvertToRawOriginConfig 

func ConvertToRawOriginConfig(c OriginRequestConfig) config.OriginRequestConfig

func DefaultStreamHandler 

func DefaultStreamHandler(originConn io.ReadWriter, remoteConn net.Conn, log *zerolog.Logger)

DefaultStreamHandler is an implementation of streamHandlerFunc that performs a two way io.Copy between originConn and remoteConn.

func NewICMPRouter 

func NewICMPRouter(ipv4Addr, ipv6Addr netip.Addr, ipv6Zone string, logger *zerolog.Logger, funnelIdleTimeout time.Duration) (*icmpRouter, error)

NewICMPRouter doesn't return an error if either ipv4 proxy or ipv6 proxy can be created. The machine might only support one of them. funnelIdleTimeout controls how long to wait to close a funnel without send/return

Types

type GlobalRouterConfig 

type GlobalRouterConfig struct {
	ICMPRouter *icmpRouter
	IPv4Src    netip.Addr
	IPv6Src    netip.Addr
	Zone       string
}

GlobalRouterConfig is the configuration shared by all instance of Router.

type HTTPLocalProxy 

type HTTPLocalProxy interface {
	// Handler is how cloudflared proxies eyeball requests to the local cloudflared services
	http.Handler
}

HTTPLocalProxy can be implemented by cloudflared services that want to handle incoming http requests.

type HTTPOriginProxy 

type HTTPOriginProxy interface {
	// RoundTripper is how cloudflared proxies eyeball requests to the actual origin services
	http.RoundTripper
}

HTTPOriginProxy can be implemented by origin services that want to proxy http requests.

type Ingress 

type Ingress struct {
	// Set of ingress rules that are not added to remote config, e.g. management
	InternalRules []Rule
	// Rules that are provided by the user from remote or local configuration
	Rules    []Rule              `json:"ingress"`
	Defaults OriginRequestConfig `json:"originRequest"`
}

Ingress maps eyeball requests to origins.

func ParseIngress 

func ParseIngress(conf *config.Configuration) (Ingress, error)

ParseIngress parses ingress rules, but does not send HTTP requests to the origins.

func ParseIngressFromConfigAndCLI 

func ParseIngressFromConfigAndCLI(conf *config.Configuration, c *cli.Context, log *zerolog.Logger) (Ingress, error)

ParseIngressFromConfigAndCLI will parse the configuration rules from config files for ingress rules and then attempt to parse CLI for ingress rules. Will always return at least one valid ingress rule. If none are provided by the user, the default will be to return 503 status code for all incoming requests.

func (Ingress) CatchAll 

func (ing Ingress) CatchAll() *Rule

CatchAll returns the catch-all rule (i.e. the last rule)

func (Ingress) FindMatchingRule 

func (ing Ingress) FindMatchingRule(hostname, path string) (*Rule, int)

FindMatchingRule returns the index of the Ingress Rule which matches the given hostname and path. This function assumes the last rule matches everything, which is the case if the rules were instantiated via the ingress#Validate method.

Negative index rule signifies local cloudflared rules (not-user defined).

func (Ingress) IsEmpty 

func (ing Ingress) IsEmpty() bool

IsEmpty checks if there are any ingress rules.

func (Ingress) IsSingleRule 

func (ing Ingress) IsSingleRule() bool

IsSingleRule checks if the user only specified a single ingress rule.

func (Ingress) StartOrigins 

func (ing Ingress) StartOrigins(
	log *zerolog.Logger,
	shutdownC <-chan struct{},
) error

StartOrigins will start any origin services managed by cloudflared, e.g. proxy servers or Hello World.

type ManagementService 

type ManagementService struct {
	HTTPLocalProxy
}

ManagementService starts a local HTTP server to handle incoming management requests.

func (ManagementService) MarshalJSON 

func (o ManagementService) MarshalJSON() ([]byte, error)

func (*ManagementService) String 

func (o *ManagementService) String() string

type MockOriginHTTPService 

type MockOriginHTTPService struct {
	Transport http.RoundTripper
}

MockOriginHTTPService should only be used by other packages to mock OriginService. Set Transport to configure desired RoundTripper behavior.

func (MockOriginHTTPService) MarshalJSON 

func (mos MockOriginHTTPService) MarshalJSON() ([]byte, error)

func (MockOriginHTTPService) RoundTrip 

func (mos MockOriginHTTPService) RoundTrip(req *http.Request) (*http.Response, error)

func (MockOriginHTTPService) String 

func (mos MockOriginHTTPService) String() string

type NopReadCloser 

type NopReadCloser struct{}

func (*NopReadCloser) Close 

func (nrc *NopReadCloser) Close() error

func (*NopReadCloser) Read 

func (nrc *NopReadCloser) Read(buf []byte) (int, error)

Read always returns EOF to signal end of input

type OriginConnection 

type OriginConnection interface {
	// Stream should generally be implemented as a bidirectional io.Copy.
	Stream(ctx context.Context, tunnelConn io.ReadWriter, log *zerolog.Logger)
	Close()
}

OriginConnection is a way to stream to a service running on the user's origin. Different concrete implementations will stream different protocols as long as they are io.ReadWriters.

type OriginRequestConfig 

type OriginRequestConfig struct {
	// HTTP proxy timeout for establishing a new connection
	ConnectTimeout config.CustomDuration `yaml:"connectTimeout" json:"connectTimeout"`
	// HTTP proxy timeout for completing a TLS handshake
	TLSTimeout config.CustomDuration `yaml:"tlsTimeout" json:"tlsTimeout"`
	// HTTP proxy TCP keepalive duration
	TCPKeepAlive config.CustomDuration `yaml:"tcpKeepAlive" json:"tcpKeepAlive"`
	// HTTP proxy should disable "happy eyeballs" for IPv4/v6 fallback
	NoHappyEyeballs bool `yaml:"noHappyEyeballs" json:"noHappyEyeballs"`
	// HTTP proxy timeout for closing an idle connection
	KeepAliveTimeout config.CustomDuration `yaml:"keepAliveTimeout" json:"keepAliveTimeout"`
	// HTTP proxy maximum keepalive connection pool size
	KeepAliveConnections int `yaml:"keepAliveConnections" json:"keepAliveConnections"`
	// Sets the HTTP Host header for the local webserver.
	HTTPHostHeader string `yaml:"httpHostHeader" json:"httpHostHeader"`
	// Hostname on the origin server certificate.
	OriginServerName string `yaml:"originServerName" json:"originServerName"`
	// Auto configure the Hostname on the origin server certificate.
	MatchSNIToHost bool `yaml:"matchSNItoHost" json:"matchSNItoHost"`
	// Path to the CA for the certificate of your origin.
	// This option should be used only if your certificate is not signed by Cloudflare.
	CAPool string `yaml:"caPool" json:"caPool"`
	// Disables TLS verification of the certificate presented by your origin.
	// Will allow any certificate from the origin to be accepted.
	// Note: The connection from your machine to Cloudflare's Edge is still encrypted.
	NoTLSVerify bool `yaml:"noTLSVerify" json:"noTLSVerify"`
	// Disables chunked transfer encoding.
	// Useful if you are running a WSGI server.
	DisableChunkedEncoding bool `yaml:"disableChunkedEncoding" json:"disableChunkedEncoding"`
	// Runs as jump host
	BastionMode bool `yaml:"bastionMode" json:"bastionMode"`
	// Listen address for the proxy.
	ProxyAddress string `yaml:"proxyAddress" json:"proxyAddress"`
	// Listen port for the proxy.
	ProxyPort uint `yaml:"proxyPort" json:"proxyPort"`
	// What sort of proxy should be started
	ProxyType string `yaml:"proxyType" json:"proxyType"`
	// IP rules for the proxy service
	IPRules []ipaccess.Rule `yaml:"ipRules" json:"ipRules"`
	// Attempt to connect to origin with HTTP/2
	Http2Origin bool `yaml:"http2Origin" json:"http2Origin"`

	// Access holds all access related configs
	Access config.AccessConfig `yaml:"access" json:"access,omitempty"`
}

OriginRequestConfig configures how Cloudflared sends requests to origin services. Note: To specify a time.Duration in go-yaml, use e.g. "3s" or "24h".

type OriginService 

type OriginService interface {
	String() string

	MarshalJSON() ([]byte, error)
	// contains filtered or unexported methods
}

OriginService is something a tunnel can proxy traffic to.

type PacketRouter 

type PacketRouter struct {
	// contains filtered or unexported fields
}

PacketRouter routes packets between Upstream and ICMPRouter. Currently it rejects all other type of ICMP packets

func NewPacketRouter 

func NewPacketRouter(globalConfig *GlobalRouterConfig, muxer muxer, logger *zerolog.Logger) *PacketRouter

NewPacketRouter creates a PacketRouter that handles ICMP packets. Packets are read from muxer but dropped if globalConfig is nil.

func (*PacketRouter) Serve 

func (r *PacketRouter) Serve(ctx context.Context) error

type Regexp 

type Regexp struct {
	*regexp.Regexp
}

Regexp adds unmarshalling from json for regexp.Regexp

func (*Regexp) MarshalJSON 

func (r *Regexp) MarshalJSON() ([]byte, error)

type RemoteConfig 

type RemoteConfig struct {
	Ingress     Ingress
	WarpRouting WarpRoutingConfig
}

RemoteConfig models ingress settings that can be managed remotely, for example through the dashboard.

func (*RemoteConfig) UnmarshalJSON 

func (rc *RemoteConfig) UnmarshalJSON(b []byte) error

type RemoteConfigJSON 

type RemoteConfigJSON struct {
	GlobalOriginRequest *config.OriginRequestConfig     `json:"originRequest,omitempty"`
	IngressRules        []config.UnvalidatedIngressRule `json:"ingress"`
	WarpRouting         config.WarpRoutingConfig        `json:"warp-routing"`
}

type Rule 

type Rule struct {
	// Requests for this hostname will be proxied to this rule's service.
	Hostname string `json:"hostname"`

	// Path is an optional regex that can specify path-driven ingress rules.
	Path *Regexp `json:"path"`

	// A (probably local) address. Requests for a hostname which matches this
	// rule's hostname pattern will be proxied to the service running on this
	// address.
	Service OriginService `json:"service"`

	// Handlers is a list of functions that acts as a middleware during ProxyHTTP
	Handlers []middleware.Handler

	// Configure the request cloudflared sends to this specific origin.
	Config OriginRequestConfig `json:"originRequest"`
	// contains filtered or unexported fields
}

Rule routes traffic from a hostname/path on the public internet to the service running on the given URL.

func GetDefaultIngressRules 

func GetDefaultIngressRules(log *zerolog.Logger) []Rule

Gets the default ingress rule that will be return 503 status code for all incoming requests.

func NewManagementRule 

func NewManagementRule(management *management.ManagementService) Rule

func (*Rule) Matches 

func (r *Rule) Matches(hostname, path string) bool

Matches checks if the rule matches a given hostname/path combination.

func (Rule) MultiLineString 

func (r Rule) MultiLineString() string

MultiLineString is for outputting rules in a human-friendly way when Cloudflared is used as a CLI tool (not as a daemon).

type StreamBasedOriginProxy 

type StreamBasedOriginProxy interface {
	EstablishConnection(ctx context.Context, dest string, log *zerolog.Logger) (OriginConnection, error)
}

StreamBasedOriginProxy can be implemented by origin services that want to proxy ws/TCP.

type UDPProxy 

type UDPProxy interface {
	io.ReadWriteCloser
	LocalAddr() net.Addr
}

func DialUDP 

func DialUDP(dstIP net.IP, dstPort uint16) (UDPProxy, error)

type WarpRoutingConfig 

type WarpRoutingConfig struct {
	ConnectTimeout config.CustomDuration `yaml:"connectTimeout" json:"connectTimeout,omitempty"`
	TCPKeepAlive   config.CustomDuration `yaml:"tcpKeepAlive" json:"tcpKeepAlive,omitempty"`
}

func NewWarpRoutingConfig 

func NewWarpRoutingConfig(raw *config.WarpRoutingConfig) WarpRoutingConfig

func (*WarpRoutingConfig) RawConfig 

func (c *WarpRoutingConfig) RawConfig() config.WarpRoutingConfig

type WarpRoutingService 

type WarpRoutingService struct {
	Proxy StreamBasedOriginProxy
}

WarpRoutingService starts a tcp stream between the origin and requests from warp clients.

func NewWarpRoutingService 

func NewWarpRoutingService(config WarpRoutingConfig, writeTimeout time.Duration) *WarpRoutingService

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.