support internal_tls

centrifugal · Nov 12, 2024 · 83e5846 · 83e5846
1 parent dba55cf
commit 83e5846
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 14 deletions.
diff --git a/go.mod b/go.mod
@@ -8,7 +8,7 @@ require (
 	github.com/centrifugal/centrifuge v0.33.5-0.20241111162802-ddd7cc1e7267
 	github.com/centrifugal/protocol v0.13.5-0.20241111155425-6c360178091e
 	github.com/cristalhq/jwt/v5 v5.4.0
-	github.com/go-viper/mapstructure/v2 v2.1.0
+	github.com/go-viper/mapstructure/v2 v2.2.1
 	github.com/gobwas/glob v0.2.3
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/securecookie v1.1.2

diff --git a/go.sum b/go.sum
@@ -42,8 +42,8 @@ github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
-github.com/go-viper/mapstructure/v2 v2.1.0 h1:gHnMa2Y/pIxElCH2GlZZ1lZSsn6XMtufpGyP1XxdC/w=
-github.com/go-viper/mapstructure/v2 v2.1.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/go-viper/mapstructure/v2 v2.2.1 h1:ZAaOCxANMuZx5RCeg0mBdEZk7DZasvvZIxtHqx8aGss=
+github.com/go-viper/mapstructure/v2 v2.2.1/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=

diff --git a/internal/config/config.go b/internal/config/config.go
@@ -41,7 +41,6 @@ type Config struct {
 	// TLSExternal enables TLS only for external HTTP endpoints.
 	TLSExternal bool `mapstructure:"tls_external" json:"tls_external" envconfig:"tls_external" toml:"tls_external" yaml:"tls_external"`
 	// InternalTLS is a custom configuration for internal HTTP endpoints. If not set InternalTLS will be the same as TLS.
-	// TODO v6: implement.
 	InternalTLS configtypes.TLSConfig `mapstructure:"internal_tls" json:"internal_tls" envconfig:"internal_tls" toml:"internal_tls" yaml:"internal_tls"`
 
 	// Engine is a configuration for Centrifugo engine. It's a handy combination of Broker and PresenceManager.

diff --git a/internal/runutil/mux.go b/internal/runutil/mux.go
@@ -443,6 +443,13 @@ func runHTTPServers(
 	if err != nil {
 		log.Fatal().Msgf("can not get TLS config: %v", err)
 	}
+	var internalTLSConfig *tls.Config
+	if cfg.InternalTLS.Enabled {
+		internalTLSConfig, err = cfg.InternalTLS.ToGoTLSConfig("internal_tls")
+		if err != nil {
+			log.Fatal().Msgf("can not get internal TLS config: %v", err)
+		}
+	}
 
 	// Iterate over port-to-flags mapping and start HTTP servers
 	// on separate ports serving handlers specified in flags.
@@ -455,6 +462,9 @@ func runHTTPServers(
 		if !cfg.TLSExternal || addr == externalAddr {
 			addrTLSConfig = tlsConfig
 		}
+		if addr != externalAddr && cfg.InternalTLS.Enabled {
+			addrTLSConfig = internalTLSConfig
+		}
 
 		useHTTP3 := cfg.HTTP3.Enabled && addr == externalAddr
 

diff --git a/internal/runutil/proxy.go b/internal/runutil/proxy.go
@@ -62,7 +62,7 @@ func buildProxyMap(cfg config.Config) (*client.ProxyMap, bool, error) {
 	subscribeProxyName := cfg.Channel.WithoutNamespace.SubscribeProxyName
 	if subscribeProxyEnabled {
 		var p proxy.Config
-		if subscribeProxyName == "" || subscribeProxyName == config.DefaultProxyName {
+		if subscribeProxyName == config.DefaultProxyName {
 			p = cfg.Channel.Proxy.Subscribe
 		} else {
 			p, proxyFound = namedProxies[subscribeProxyName]
@@ -87,7 +87,7 @@ func buildProxyMap(cfg config.Config) (*client.ProxyMap, bool, error) {
 	publishProxyName := cfg.Channel.WithoutNamespace.PublishProxyName
 	if publishProxyEnabled {
 		var p proxy.Config
-		if publishProxyName == "" || publishProxyName == config.DefaultProxyName {
+		if publishProxyName == config.DefaultProxyName {
 			p = cfg.Channel.Proxy.Publish
 		} else {
 			p, proxyFound = namedProxies[publishProxyName]
@@ -112,7 +112,7 @@ func buildProxyMap(cfg config.Config) (*client.ProxyMap, bool, error) {
 	subRefreshProxyName := cfg.Channel.WithoutNamespace.SubRefreshProxyName
 	if subRefreshProxyEnabled {
 		var p proxy.Config
-		if subRefreshProxyName == "" || subRefreshProxyName == config.DefaultProxyName {
+		if subRefreshProxyName == config.DefaultProxyName {
 			p = cfg.Channel.Proxy.SubRefresh
 		} else {
 			p, proxyFound = namedProxies[subRefreshProxyName]
@@ -137,7 +137,7 @@ func buildProxyMap(cfg config.Config) (*client.ProxyMap, bool, error) {
 	subscribeStreamProxyName := cfg.Channel.WithoutNamespace.SubscribeStreamProxyName
 	if subscribeStreamProxyEnabled {
 		var p proxy.Config
-		if subscribeStreamProxyName == "" || subscribeStreamProxyName == config.DefaultProxyName {
+		if subscribeStreamProxyName == config.DefaultProxyName {
 			p = cfg.Channel.Proxy.SubscribeStream
 		} else {
 			p, proxyFound = namedProxies[subscribeStreamProxyName]
@@ -166,7 +166,7 @@ func buildProxyMap(cfg config.Config) (*client.ProxyMap, bool, error) {
 		subscribeProxyName := ns.SubscribeProxyName
 		if subscribeProxyEnabled {
 			var p proxy.Config
-			if subscribeProxyName == "" || subscribeProxyName == config.DefaultProxyName {
+			if subscribeProxyName == config.DefaultProxyName {
 				p = cfg.Channel.Proxy.Subscribe
 			} else {
 				p, proxyFound = namedProxies[subscribeProxyName]
@@ -191,7 +191,7 @@ func buildProxyMap(cfg config.Config) (*client.ProxyMap, bool, error) {
 		publishProxyName := ns.PublishProxyName
 		if publishProxyEnabled {
 			var p proxy.Config
-			if publishProxyName == "" || publishProxyName == config.DefaultProxyName {
+			if publishProxyName == config.DefaultProxyName {
 				p = cfg.Channel.Proxy.Publish
 			} else {
 				p, proxyFound = namedProxies[publishProxyName]
@@ -216,7 +216,7 @@ func buildProxyMap(cfg config.Config) (*client.ProxyMap, bool, error) {
 		subRefreshProxyName := ns.SubRefreshProxyName
 		if subRefreshProxyEnabled {
 			var p proxy.Config
-			if subscribeProxyName == "" || subRefreshProxyName == config.DefaultProxyName {
+			if subRefreshProxyName == config.DefaultProxyName {
 				p = cfg.Channel.Proxy.SubRefresh
 			} else {
 				p, proxyFound = namedProxies[subRefreshProxyName]
@@ -241,7 +241,7 @@ func buildProxyMap(cfg config.Config) (*client.ProxyMap, bool, error) {
 		subscribeStreamProxyName := ns.SubscribeStreamProxyName
 		if subscribeStreamProxyEnabled {
 			var p proxy.Config
-			if subscribeStreamProxyName == "" || subscribeStreamProxyName == config.DefaultProxyName {
+			if subscribeStreamProxyName == config.DefaultProxyName {
 				p = cfg.Channel.Proxy.SubscribeStream
 			} else {
 				p, proxyFound = namedProxies[subscribeStreamProxyName]
@@ -270,7 +270,7 @@ func buildProxyMap(cfg config.Config) (*client.ProxyMap, bool, error) {
 	rpcProxyName := cfg.RPC.WithoutNamespace.ProxyName
 	if rpcProxyEnabled {
 		var p proxy.Config
-		if rpcProxyName == "" || rpcProxyName == config.DefaultProxyName {
+		if rpcProxyName == config.DefaultProxyName {
 			p = cfg.RPC.Proxy
 		} else {
 			p, proxyFound = namedProxies[rpcProxyName]
@@ -296,7 +296,7 @@ func buildProxyMap(cfg config.Config) (*client.ProxyMap, bool, error) {
 		rpcProxyName := ns.ProxyName
 		if rpcProxyEnabled {
 			var p proxy.Config
-			if rpcProxyName == "" || rpcProxyName == config.DefaultProxyName {
+			if rpcProxyName == config.DefaultProxyName {
 				p = cfg.RPC.Proxy
 			} else {
 				p, proxyFound = namedProxies[rpcProxyName]