|
2 | 2 | // Use of this source code is governed by a BSD-style |
3 | 3 | // license that can be found in the LICENSE file. |
4 | 4 |
|
5 | | -// The hello binary runs hello.ipn.dev. |
| 5 | +// The hello binary runs hello.ts.net. |
6 | 6 | package main // import "tailscale.com/cmd/hello" |
7 | 7 |
|
8 | 8 | import ( |
9 | 9 | "context" |
| 10 | + "crypto/tls" |
10 | 11 | _ "embed" |
11 | 12 | "encoding/json" |
| 13 | + "errors" |
12 | 14 | "flag" |
13 | 15 | "html/template" |
14 | 16 | "io/ioutil" |
15 | 17 | "log" |
16 | 18 | "net/http" |
17 | 19 | "os" |
18 | 20 | "strings" |
| 21 | + "time" |
19 | 22 |
|
20 | 23 | "tailscale.com/client/tailscale" |
21 | 24 | "tailscale.com/client/tailscale/apitype" |
@@ -69,11 +72,31 @@ func main() { |
69 | 72 | if *httpsAddr != "" { |
70 | 73 | log.Printf("running HTTPS server on %s", *httpsAddr) |
71 | 74 | go func() { |
72 | | - errc <- http.ListenAndServeTLS(*httpsAddr, |
73 | | - "/etc/hello/hello.ipn.dev.crt", |
74 | | - "/etc/hello/hello.ipn.dev.key", |
75 | | - nil, |
76 | | - ) |
| 75 | + hs := &http.Server{ |
| 76 | + Addr: *httpsAddr, |
| 77 | + TLSConfig: &tls.Config{ |
| 78 | + GetCertificate: func(hi *tls.ClientHelloInfo) (*tls.Certificate, error) { |
| 79 | + switch hi.ServerName { |
| 80 | + case "hello.ts.net": |
| 81 | + return tailscale.GetCertificate(hi) |
| 82 | + case "hello.ipn.dev": |
| 83 | + c, err := tls.LoadX509KeyPair( |
| 84 | + "/etc/hello/hello.ipn.dev.crt", |
| 85 | + "/etc/hello/hello.ipn.dev.key", |
| 86 | + ) |
| 87 | + if err != nil { |
| 88 | + return nil, err |
| 89 | + } |
| 90 | + return &c, nil |
| 91 | + } |
| 92 | + return nil, errors.New("invalid SNI name") |
| 93 | + }, |
| 94 | + }, |
| 95 | + IdleTimeout: 30 * time.Second, |
| 96 | + ReadHeaderTimeout: 20 * time.Second, |
| 97 | + MaxHeaderBytes: 10 << 10, |
| 98 | + } |
| 99 | + errc <- hs.ListenAndServeTLS("", "") |
77 | 100 | }() |
78 | 101 | } |
79 | 102 | log.Fatal(<-errc) |
@@ -127,8 +150,9 @@ func tailscaleIP(who *apitype.WhoIsResponse) string { |
127 | 150 | func root(w http.ResponseWriter, r *http.Request) { |
128 | 151 | if r.TLS == nil && *httpsAddr != "" { |
129 | 152 | host := r.Host |
130 | | - if strings.Contains(r.Host, "100.101.102.103") { |
131 | | - host = "hello.ipn.dev" |
| 153 | + if strings.Contains(r.Host, "100.101.102.103") || |
| 154 | + strings.Contains(r.Host, "hello.ipn.dev") { |
| 155 | + host = "hello.ts.net" |
132 | 156 | } |
133 | 157 | http.Redirect(w, r, "https://"+host, http.StatusFound) |
134 | 158 | return |
|
0 commit comments