diff --git a/api/server/server.go b/api/server/server.go index 64a211093d..8d2dafa740 100644 --- a/api/server/server.go +++ b/api/server/server.go @@ -30,6 +30,7 @@ import ( "github.com/docker/docker/pkg/parsers/filters" "github.com/docker/docker/pkg/parsers/kernel" "github.com/docker/docker/pkg/signal" + "github.com/docker/docker/pkg/sockets" "github.com/docker/docker/pkg/stdcopy" "github.com/docker/docker/pkg/streamformatter" "github.com/docker/docker/pkg/version" @@ -1402,6 +1403,26 @@ func (s *Server) ping(version version.Version, w http.ResponseWriter, r *http.Re return err } +func (s *Server) initTcpSocket(addr string) (l net.Listener, err error) { + if !s.cfg.TlsVerify { + logrus.Warn("/!\\ DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\") + } + + var c *sockets.TlsConfig + if s.cfg.Tls || s.cfg.TlsVerify { + c = sockets.NewTlsConfig(s.cfg.TlsCert, s.cfg.TlsKey, s.cfg.TlsCa, s.cfg.TlsVerify) + } + + if l, err = sockets.NewTcpSocket(addr, c, s.start); err != nil { + return nil, err + } + if err := allocateDaemonPort(addr); err != nil { + return nil, err + } + + return +} + func makeHttpHandler(logging bool, localMethod string, localRoute string, handlerFunc HttpApiFunc, corsHeaders string, dockerVersion version.Version) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { // log the request diff --git a/api/server/server_linux.go b/api/server/server_linux.go index 43f0eefe0e..a0cfee1f96 100644 --- a/api/server/server_linux.go +++ b/api/server/server_linux.go @@ -7,8 +7,8 @@ import ( "net" "net/http" - "github.com/Sirupsen/logrus" "github.com/docker/docker/daemon" + "github.com/docker/docker/pkg/sockets" "github.com/docker/docker/pkg/systemd" ) @@ -45,17 +45,12 @@ func (s *Server) newServer(proto, addr string) (serverCloser, error) { } return nil, nil case "tcp": - if !s.cfg.TlsVerify { - logrus.Warn("/!\\ DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\") - } - if l, err = NewTcpSocket(addr, tlsConfigFromServerConfig(s.cfg), s.start); err != nil { - return nil, err - } - if err := allocateDaemonPort(addr); err != nil { + l, err = s.initTcpSocket(addr) + if err != nil { return nil, err } case "unix": - if l, err = NewUnixSocket(addr, s.cfg.SocketGroup, s.start); err != nil { + if l, err = sockets.NewUnixSocket(addr, s.cfg.SocketGroup, s.start); err != nil { return nil, err } default: diff --git a/api/server/server_windows.go b/api/server/server_windows.go index c121bbd3e8..9fa5ab64a1 100644 --- a/api/server/server_windows.go +++ b/api/server/server_windows.go @@ -7,7 +7,6 @@ import ( "net" "net/http" - "github.com/Sirupsen/logrus" "github.com/docker/docker/daemon" ) @@ -19,13 +18,8 @@ func (s *Server) newServer(proto, addr string) (Server, error) { ) switch proto { case "tcp": - if !s.cfg.TlsVerify { - logrus.Warn("/!\\ DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING /!\\") - } - if l, err = NewTcpSocket(addr, tlsConfigFromServerConfig(s.cfg)); err != nil { - return nil, err - } - if err := allocateDaemonPort(addr); err != nil { + l, err = s.initTcpSocket(addr) + if err != nil { return nil, err } default: diff --git a/pkg/sockets/README.md b/pkg/sockets/README.md new file mode 100644 index 0000000000..e69de29bb2 diff --git a/api/server/tcp_socket.go b/pkg/sockets/tcp_socket.go similarity index 77% rename from api/server/tcp_socket.go rename to pkg/sockets/tcp_socket.go index a1f57231a5..ac9edaebd1 100644 --- a/api/server/tcp_socket.go +++ b/pkg/sockets/tcp_socket.go @@ -1,4 +1,4 @@ -package server +package sockets import ( "crypto/tls" @@ -11,27 +11,23 @@ import ( "github.com/docker/docker/pkg/listenbuffer" ) -type tlsConfig struct { +type TlsConfig struct { CA string Certificate string Key string Verify bool } -func tlsConfigFromServerConfig(conf *ServerConfig) *tlsConfig { - verify := conf.TlsVerify - if !conf.Tls && !conf.TlsVerify { - return nil - } - return &tlsConfig{ +func NewTlsConfig(tlsCert, tlsKey, tlsCA string, verify bool) *TlsConfig { + return &TlsConfig{ Verify: verify, - Certificate: conf.TlsCert, - Key: conf.TlsKey, - CA: conf.TlsCa, + Certificate: tlsCert, + Key: tlsKey, + CA: tlsCA, } } -func NewTcpSocket(addr string, config *tlsConfig, activate <-chan struct{}) (net.Listener, error) { +func NewTcpSocket(addr string, config *TlsConfig, activate <-chan struct{}) (net.Listener, error) { l, err := listenbuffer.NewListenBuffer("tcp", addr, activate) if err != nil { return nil, err @@ -44,7 +40,7 @@ func NewTcpSocket(addr string, config *tlsConfig, activate <-chan struct{}) (net return l, nil } -func setupTls(l net.Listener, config *tlsConfig) (net.Listener, error) { +func setupTls(l net.Listener, config *TlsConfig) (net.Listener, error) { tlsCert, err := tls.LoadX509KeyPair(config.Certificate, config.Key) if err != nil { if os.IsNotExist(err) { diff --git a/api/server/unix_socket.go b/pkg/sockets/unix_socket.go similarity index 99% rename from api/server/unix_socket.go rename to pkg/sockets/unix_socket.go index c3c657077e..0536382c8f 100644 --- a/api/server/unix_socket.go +++ b/pkg/sockets/unix_socket.go @@ -1,6 +1,6 @@ // +build linux -package server +package sockets import ( "fmt"