cmd/hello: migrate to hello.ts.net as the hostname
But still support hello.ipn.dev for a bit. Updates tailscale/corp#1327 Change-Id: Iab59cca0b260d69858af16f4e42677e54f9fe54a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>pull/3663/head
Brad Fitzpatrick
Brad Fitzpatrick
parent
01a9906bf8
commit
e2d9c99e5b
|
|
@ -2,13 +2,15 @@
|
||||||
// Use of this source code is governed by a BSD-style
|
// Use of this source code is governed by a BSD-style
|
||||||
// license that can be found in the LICENSE file.
|
// license that can be found in the LICENSE file.
|
||||||
|
|
||||||
// The hello binary runs hello.ipn.dev.
|
// The hello binary runs hello.ts.net.
|
||||||
package main // import "tailscale.com/cmd/hello"
|
package main // import "tailscale.com/cmd/hello"
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"crypto/tls"
|
||||||
_ "embed"
|
_ "embed"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"errors"
|
||||||
"flag"
|
"flag"
|
||||||
"html/template"
|
"html/template"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
|
|
@ -16,6 +18,7 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
"tailscale.com/client/tailscale"
|
"tailscale.com/client/tailscale"
|
||||||
"tailscale.com/client/tailscale/apitype"
|
"tailscale.com/client/tailscale/apitype"
|
||||||
|
|
@ -69,11 +72,31 @@ func main() {
|
||||||
if *httpsAddr != "" {
|
if *httpsAddr != "" {
|
||||||
log.Printf("running HTTPS server on %s", *httpsAddr)
|
log.Printf("running HTTPS server on %s", *httpsAddr)
|
||||||
go func() {
|
go func() {
|
||||||
errc <- http.ListenAndServeTLS(*httpsAddr,
|
hs := &http.Server{
|
||||||
"/etc/hello/hello.ipn.dev.crt",
|
Addr: *httpsAddr,
|
||||||
"/etc/hello/hello.ipn.dev.key",
|
TLSConfig: &tls.Config{
|
||||||
nil,
|
GetCertificate: func(hi *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||||
)
|
switch hi.ServerName {
|
||||||
|
case "hello.ts.net":
|
||||||
|
return tailscale.GetCertificate(hi)
|
||||||
|
case "hello.ipn.dev":
|
||||||
|
c, err := tls.LoadX509KeyPair(
|
||||||
|
"/etc/hello/hello.ipn.dev.crt",
|
||||||
|
"/etc/hello/hello.ipn.dev.key",
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return &c, nil
|
||||||
|
}
|
||||||
|
return nil, errors.New("invalid SNI name")
|
||||||
|
},
|
||||||
|
},
|
||||||
|
IdleTimeout: 30 * time.Second,
|
||||||
|
ReadHeaderTimeout: 20 * time.Second,
|
||||||
|
MaxHeaderBytes: 10 << 10,
|
||||||
|
}
|
||||||
|
errc <- hs.ListenAndServeTLS("", "")
|
||||||
}()
|
}()
|
||||||
}
|
}
|
||||||
log.Fatal(<-errc)
|
log.Fatal(<-errc)
|
||||||
|
|
@ -127,8 +150,9 @@ func tailscaleIP(who *apitype.WhoIsResponse) string {
|
||||||
func root(w http.ResponseWriter, r *http.Request) {
|
func root(w http.ResponseWriter, r *http.Request) {
|
||||||
if r.TLS == nil && *httpsAddr != "" {
|
if r.TLS == nil && *httpsAddr != "" {
|
||||||
host := r.Host
|
host := r.Host
|
||||||
if strings.Contains(r.Host, "100.101.102.103") {
|
if strings.Contains(r.Host, "100.101.102.103") ||
|
||||||
host = "hello.ipn.dev"
|
strings.Contains(r.Host, "hello.ipn.dev") {
|
||||||
|
host = "hello.ts.net"
|
||||||
}
|
}
|
||||||
http.Redirect(w, r, "https://"+host, http.StatusFound)
|
http.Redirect(w, r, "https://"+host, http.StatusFound)
|
||||||
return
|
return
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue