3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-06 10:21:05 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: change http addr if conflict (#355)

Browse source 
Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
This commit is contained in:
Bobby DeSimone 2019-10-07 17:13:21 -07:00 committed by GitHub
parent badd8d69af
commit c0bcab5171
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

21
internal/config/options.go
View file

@ -25,6 +25,11 @@ import (
// DisableHeaderKey is the key used to check whether to disable setting header // DisableHeaderKey is the key used to check whether to disable setting header
const DisableHeaderKey = "disable" const DisableHeaderKey = "disable"
// DefaultAlternativeAddr is the address used is two services are competing over
// the same listener. Typically this is invisible to the end user (e.g. localhost)
// gRPC server, or is used for healthchecks (authorize only service)
const DefaultAlternativeAddr = ":5443"
// Options are the global environmental flags used to set up pomerium's services. // Options are the global environmental flags used to set up pomerium's services.
// Use NewXXXOptions() methods for a safely initialized data structure. // Use NewXXXOptions() methods for a safely initialized data structure.
type Options struct { type Options struct {
@ -166,8 +171,6 @@ type Options struct {
// allow you to delegate and authenticate each request to your website // allow you to delegate and authenticate each request to your website
// with an external server or service. Pomerium can be configured to accept // with an external server or service. Pomerium can be configured to accept
// these requests with this switch // these requests with this switch
//
// todo(bdd): link to docs
ForwardAuthURLString string `mapstructure:"forward_auth_url"` ForwardAuthURLString string `mapstructure:"forward_auth_url"`
ForwardAuthURL *url.URL ForwardAuthURL *url.URL
@ -390,11 +393,21 @@ func (o *Options) Validate() error {
o.GRPCInsecure = true o.GRPCInsecure = true
// to avoid port collision when running on localhost // to avoid port collision when running on localhost
if o.GRPCAddr == defaultOptions.GRPCAddr { if o.GRPCAddr == defaultOptions.GRPCAddr {
o.GRPCAddr = ":5443" o.GRPCAddr = DefaultAlternativeAddr
} }
// and we can set the corresponding client // and we can set the corresponding client
if o.AuthorizeURLString == "" { if o.AuthorizeURLString == "" {
o.AuthorizeURLString = "https://localhost:5443" o.AuthorizeURLString = "https://localhost" + DefaultAlternativeAddr
}
}
if IsAuthorize(o.Services) {
// if authorize is set, we don't really need a http server
// but we'll still set one up incase the user wants to use
// the HTTP health check api
if o.Addr == o.GRPCAddr {
o.Addr = DefaultAlternativeAddr
log.Warn().Str("Addr", o.Addr).Str("GRPCAddr", o.Addr).Msg("internal/config: default http handler changed")
} }
} }

4
internal/httputil/server.go
View file

@ -48,9 +48,11 @@ func NewServer(opt *ServerOptions, h http.Handler, wg *sync.WaitGroup) (*http.Se
go func() { go func() {
defer wg.Done() defer wg.Done()
if err := srv.Serve(ln); err != http.ErrServerClosed { if err := srv.Serve(ln); err != http.ErrServerClosed {
log.Error().Err(err).Msg("internal/httputil: tls server crashed") sublogger.Error().Err(err).Msg("internal/httputil: http server crashed")
} }
}() }()
sublogger.Info().Msg("internal/httputil: http server started")
return srv, nil return srv, nil
} }