Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make probes use TLS against scope.weave.works by default #785

Merged
merged 4 commits into from
Jan 4, 2016
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion common/sanitize/sanitize.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,11 @@ func URL(defaultScheme string, defaultPort int, defaultPath string) func(string)
if _, port, err := net.SplitHostPort(u.Host); err != nil && defaultPort > 0 {
u.Host += fmt.Sprintf(":%d", defaultPort)
} else if port == "443" {
u.Scheme = "https"
if u.Scheme == "ws" {
u.Scheme = "wss"
} else {
u.Scheme = "https"
}
}
if defaultPath != "" && u.Path != defaultPath {
u.Path = defaultPath
Expand Down
11 changes: 10 additions & 1 deletion docker/entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ weave_expose() {
mkdir -p /etc/weave
APP_ARGS=""
PROBE_ARGS=""
TOKEN_PROVIDED=false

if [ "$1" = version ]; then
/home/weave/scope version
Expand Down Expand Up @@ -108,7 +109,7 @@ while true; do
shift
fi
PROBE_ARGS="$PROBE_ARGS -token=$ARG_VALUE"
echo "scope.weave.works:80" >/etc/weave/apps
TOKEN_PROVIDED=true
touch /etc/service/app/down
;;
--no-app)
Expand Down Expand Up @@ -157,7 +158,15 @@ echo "$PROBE_ARGS" >/etc/weave/scope-probe.args
# using Weave DNS. We stick these in /etc/weave/apps
# for the run-probe script to pick up.
MANUAL_APPS=$@

# Implicitly target the Scope Service if a service token was provided with
# no explicit manual app.
if [ "$MANUAL_APPS" = "" -a "$TOKEN_PROVIDED" = "true" ]; then
MANUAL_APPS="scope.weave.works:443"
fi

echo "$MANUAL_APPS" >>/etc/weave/apps


exec /home/weave/runsvinit

20 changes: 10 additions & 10 deletions xfer/app_client.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,10 +41,11 @@ type AppClient interface {
type appClient struct {
ProbeConfig

quit chan struct{}
mtx sync.Mutex
target string
client http.Client
quit chan struct{}
mtx sync.Mutex
target string
client http.Client
wsDialer websocket.Dialer

// Track all the background goroutines, ensure they all stop
backgroundWait sync.WaitGroup
Expand Down Expand Up @@ -74,6 +75,9 @@ func NewAppClient(pc ProbeConfig, hostname, target string, control ControlHandle
client: http.Client{
Transport: httpTransport,
},
wsDialer: websocket.Dialer{
TLSClientConfig: httpTransport.TLSClientConfig,
},
conns: map[string]*websocket.Conn{},
readers: make(chan io.Reader),
control: control,
Expand Down Expand Up @@ -186,12 +190,10 @@ func (c *appClient) doWithBackoff(msg string, f func() (bool, error)) {
}

func (c *appClient) controlConnection() (bool, error) {
dialer := websocket.Dialer{}
headers := http.Header{}
c.ProbeConfig.authorizeHeaders(headers)
// TODO(twilkie) need to update sanitize to work with wss
url := sanitize.URL("ws://", 0, "/api/control/ws")(c.target)
conn, _, err := dialer.Dial(url, headers)
conn, _, err := c.wsDialer.Dial(url, headers)
if err != nil {
return false, err
}
Expand Down Expand Up @@ -270,12 +272,10 @@ func (c *appClient) Publish(r io.Reader) error {
}

func (c *appClient) pipeConnection(id string, pipe Pipe) (bool, error) {
dialer := websocket.Dialer{}
headers := http.Header{}
c.ProbeConfig.authorizeHeaders(headers)
// TODO(twilkie) need to update sanitize to work with wss
url := sanitize.URL("ws://", 0, fmt.Sprintf("/api/pipe/%s/probe", id))(c.target)
conn, resp, err := dialer.Dial(url, headers)
conn, resp, err := c.wsDialer.Dial(url, headers)
if resp != nil && resp.StatusCode == http.StatusNotFound {
// Special handling - 404 means the app/user has closed the pipe
pipe.Close()
Expand Down