kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Merge pull request #17211 from endocode/kayrus/docker_fd_https

Browse source 
Added possibility to use TLS with systemd socket activation
This commit is contained in:
Antonio Murdaca 2015-11-14 08:36:54 +01:00
commit dc136b710b
3 changed files with 38 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
api/server/server_unix.go
View file

@ -3,6 +3,7 @@
package server package server
import ( import (
"crypto/tls"
"fmt" "fmt"
"net" "net"
"net/http" "net/http"
@ -24,7 +25,7 @@ func (s *Server) newServer(proto, addr string) ([]*HTTPServer, error) {
) )
switch proto { switch proto {
case "fd": case "fd":
ls, err = listenFD(addr) ls, err = listenFD(addr, s.cfg.TLSConfig)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -84,9 +85,17 @@ func allocateDaemonPort(addr string) error {
// listenFD returns the specified socket activated files as a slice of // listenFD returns the specified socket activated files as a slice of
// net.Listeners or all of the activated files if "*" is given. // net.Listeners or all of the activated files if "*" is given.
func listenFD(addr string) ([]net.Listener, error) { func listenFD(addr string, tlsConfig *tls.Config) ([]net.Listener, error) {
var (
err error
listeners []net.Listener
)
// socket activation // socket activation
listeners, err := systemdActivation.Listeners(false) if tlsConfig != nil {
listeners, err = systemdActivation.TLSListeners(false, tlsConfig)
} else {
listeners, err = systemdActivation.Listeners(false)
}
if err != nil { if err != nil {
return nil, err return nil, err
} }

2
hack/vendor.sh
View file

@ -52,7 +52,7 @@ clone git github.com/agl/ed25519 d2b94fd789ea21d12fac1a4443dd3a3f79cda72c
# update next time # update next time
clone git github.com/opencontainers/runc 1349b37bd56f4f5ce2690b5b2c0f53f88a261c67 # libcontainer clone git github.com/opencontainers/runc 1349b37bd56f4f5ce2690b5b2c0f53f88a261c67 # libcontainer
# libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json) # libcontainer deps (see src/github.com/opencontainers/runc/Godeps/Godeps.json)
clone git github.com/coreos/go-systemd v3 clone git github.com/coreos/go-systemd v4
clone git github.com/godbus/dbus v2 clone git github.com/godbus/dbus v2
clone git github.com/syndtr/gocapability 66ef2aa7a23ba682594e2b6f74cf40c0692b49fb clone git github.com/syndtr/gocapability 66ef2aa7a23ba682594e2b6f74cf40c0692b49fb
clone git github.com/golang/protobuf 655cdfa588ea clone git github.com/golang/protobuf 655cdfa588ea

25
vendor/src/github.com/coreos/go-systemd/activation/listeners.go vendored
View file

@ -15,6 +15,7 @@
package activation package activation
import ( import (
"crypto/tls"
"net" "net"
) )
@ -35,3 +36,27 @@ func Listeners(unsetEnv bool) ([]net.Listener, error) {
} }
return listeners, nil return listeners, nil
} }
// TLSListeners returns a slice containing a net.listener for each matching TCP socket type
// passed to this process.
// It uses default Listeners func and forces TCP sockets handlers to use TLS based on tlsConfig.
func TLSListeners(unsetEnv bool, tlsConfig *tls.Config) ([]net.Listener, error) {
listeners, err := Listeners(unsetEnv)
if listeners == nil || err != nil {
return nil, err
}
if tlsConfig != nil && err == nil {
tlsConfig.NextProtos = []string{"http/1.1"}
for i, l := range listeners {
// Activate TLS only for TCP sockets
if l.Addr().Network() == "tcp" {
listeners[i] = tls.NewListener(l, tlsConfig)
}
}
}
return listeners, err
}