astraproxy/main.go

package main

import (
	"crypto/tls"
	"flag"
	"fmt"
	"log"
	"net"
	"net/http"
	"os"
	"path/filepath"
	"strings"
	"time"

	"github.com/coreos/go-systemd/v22/activation"
	"golang.org/x/crypto/acme"
	"golang.org/x/crypto/acme/autocert"
	"golang.org/x/crypto/bcrypt"
)

var (
	home, _ = os.UserHomeDir()
	version = "undefined"
)

func perror(msg string) {
	fmt.Fprintln(os.Stderr, "")
	fmt.Fprintln(os.Stderr, msg)
}

func arg_fail(msg string) {
	perror(msg)
	perror("Usage:")
	flag.PrintDefaults()
	os.Exit(2)
}

type CSVArg []string

func (a *CSVArg) Set(s string) error {
	*a = strings.Split(s, ",")
	return nil
}

func (a *CSVArg) String() string {
	if a == nil {
		return "<nil>"
	}
	if *a == nil {
		return "<empty>"
	}
	return strings.Join(*a, ",")
}

type TLSVersionArg uint16

func (a *TLSVersionArg) Set(s string) error {
	/*var ver uint16
	switch strings.ToUpper(s) {
	case "TLS10":
		ver = tls.VersionTLS10
	case "TLS11":
		ver = tls.VersionTLS11
	case "TLS12":
		ver = tls.VersionTLS12
	case "TLS13":
		ver = tls.VersionTLS13
	case "TLS1.0":
		ver = tls.VersionTLS10
	case "TLS1.1":
		ver = tls.VersionTLS11
	case "TLS1.2":
		ver = tls.VersionTLS12
	case "TLS1.3":
		ver = tls.VersionTLS13
	case "10":
		ver = tls.VersionTLS10
	case "11":
		ver = tls.VersionTLS11
	case "12":
		ver = tls.VersionTLS12
	case "13":
		ver = tls.VersionTLS13
	case "1.0":
		ver = tls.VersionTLS10
	case "1.1":
		ver = tls.VersionTLS11
	case "1.2":
		ver = tls.VersionTLS12
	case "1.3":
		ver = tls.VersionTLS13
	case "":
	default:
		return fmt.Errorf("unknown TLS version %q", s)
	}*/
	*a = TLSVersionArg(tls.VersionTLS13)
	return nil
}

func (a *TLSVersionArg) String() string {
	switch *a {
	case tls.VersionTLS10:
		return "TLS10"
	case tls.VersionTLS11:
		return "TLS11"
	case tls.VersionTLS12:
		return "TLS12"
	case tls.VersionTLS13:
		return "TLS13"
	default:
		return fmt.Sprintf("%#04x", *a)
	}
}

type CLIArgs struct {
	bind_address      string
	auth              string
	verbosity         int
	timeout           time.Duration
	cert, key, cafile string
	list_ciphers      bool
	ciphers           string
	disableHTTP2      bool
	showVersion       bool
	autocert          bool
	autocertWhitelist CSVArg
	autocertDir       string
	autocertACME      string
	autocertEmail     string
	autocertHTTP      string
	passwd            string
	passwdCost        int
	positionalArgs    []string
	proxy             []string
	sourceIPHints     string
	userIPHints       bool
	minTLSVersion     TLSVersionArg
	maxTLSVersion     TLSVersionArg
}

func parse_args() CLIArgs {
	args := CLIArgs{
		minTLSVersion: TLSVersionArg(tls.VersionTLS12),
		maxTLSVersion: TLSVersionArg(tls.VersionTLS13),
	}
	flag.StringVar(&args.bind_address, "bind-address", ":8080", "HTTP proxy listen address. Set empty value to use systemd socket activation.")
	flag.StringVar(&args.auth, "auth", "none://", "auth parameters")
	flag.IntVar(&args.verbosity, "verbosity", 20, "logging verbosity "+
		"(10 - debug, 20 - info, 30 - warning, 40 - error, 50 - critical)")
	flag.DurationVar(&args.timeout, "timeout", 10*time.Second, "timeout for network operations")
	flag.StringVar(&args.cert, "cert", "", "enable TLS and use certificate")
	flag.StringVar(&args.key, "key", "", "key for TLS certificate")
	flag.StringVar(&args.cafile, "cafile", "", "CA file to authenticate clients with certificates")
	flag.BoolVar(&args.list_ciphers, "list-ciphers", false, "list ciphersuites")
	flag.StringVar(&args.ciphers, "ciphers", "", "colon-separated list of enabled ciphers")
	flag.BoolVar(&args.disableHTTP2, "disable-http2", false, "disable HTTP2")
	flag.BoolVar(&args.showVersion, "version", false, "show program version and exit")
	flag.BoolVar(&args.autocert, "autocert", false, "issue TLS certificates automatically")
	flag.Var(&args.autocertWhitelist, "autocert-whitelist", "restrict autocert domains to this comma-separated list")
	flag.StringVar(&args.autocertDir, "autocert-dir", filepath.Join(home, ".dumbproxy", "autocert"), "path to autocert cache")
	flag.StringVar(&args.autocertACME, "autocert-acme", autocert.DefaultACMEDirectory, "custom ACME endpoint")
	flag.StringVar(&args.autocertEmail, "autocert-email", "", "email used for ACME registration")
	flag.StringVar(&args.autocertHTTP, "autocert-http", "", "listen address for HTTP-01 challenges handler of ACME")
	flag.StringVar(&args.passwd, "passwd", "", "update given htpasswd file and add/set password for username. "+
		"Username and password can be passed as positional arguments or requested interactively")
	flag.IntVar(&args.passwdCost, "passwd-cost", bcrypt.MinCost, "bcrypt password cost (for -passwd mode)")
	flag.Func("proxy", "upstream proxy URL. Can be repeated multiple times to chain proxies. Examples: socks5h://127.0.0.1:9050; https://user:password@example.com:443", func(p string) error {
		args.proxy = append(args.proxy, p)
		return nil
	})
	flag.StringVar(&args.sourceIPHints, "ip-hints", "", "a comma-separated list of source addresses to use on dial attempts. \"$lAddr\" gets expanded to local address of connection. Example: \"10.0.0.1,fe80::2,$lAddr,0.0.0.0,::\"")
	flag.BoolVar(&args.userIPHints, "user-ip-hints", false, "allow IP hints to be specified by user in X-Src-IP-Hints header")
	flag.Var(&args.minTLSVersion, "min-tls-version", "minimal TLS version accepted by server")
	flag.Var(&args.maxTLSVersion, "max-tls-version", "maximum TLS version accepted by server")
	flag.Parse()
	args.positionalArgs = flag.Args()
	return args
}

func run() int {
	args := parse_args()

	if args.showVersion {
		fmt.Println(version)
		return 0
	}

	if args.list_ciphers {
		list_ciphers()
		return 0
	}

	if args.passwd != "" {
		if err := passwd(args.passwd, args.passwdCost, args.positionalArgs...); err != nil {
			log.Fatalf("can't set password: %v", err)
		}
		return 0
	}

	logWriter := NewLogWriter(os.Stderr)
	defer logWriter.Close()

	mainLogger := NewCondLogger(log.New(logWriter, "MAIN    : ",
		log.LstdFlags|log.Lshortfile),
		args.verbosity)
	proxyLogger := NewCondLogger(log.New(logWriter, "PROXY   : ",
		log.LstdFlags|log.Lshortfile),
		args.verbosity)
	authLogger := NewCondLogger(log.New(logWriter, "AUTH    : ",
		log.LstdFlags|log.Lshortfile),
		args.verbosity)

	auth, err := NewAuth(args.auth, authLogger)
	if err != nil {
		mainLogger.Critical("Failed to instantiate auth provider: %v", err)
		return 3
	}
	defer auth.Stop()

	var dialer Dialer = NewBoundDialer(new(net.Dialer), args.sourceIPHints)
	for _, proxyURL := range args.proxy {
		newDialer, err := proxyDialerFromURL(proxyURL, dialer)
		if err != nil {
			mainLogger.Critical("Failed to create dialer for proxy %q: %v", proxyURL, err)
			return 3
		}
		dialer = newDialer
	}

	server := http.Server{
		Addr:              args.bind_address,
		Handler:           NewProxyHandler(args.timeout, auth, maybeWrapWithContextDialer(dialer), args.userIPHints, proxyLogger),
		ErrorLog:          log.New(logWriter, "HTTPSRV : ", log.LstdFlags|log.Lshortfile),
		ReadTimeout:       0,
		ReadHeaderTimeout: 0,
		WriteTimeout:      0,
		IdleTimeout:       0,
	}

	if args.disableHTTP2 {
		server.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
	}

	mainLogger.Info("Starting proxy server...")
	var listener net.Listener
	if args.bind_address == "" {
		// socket activation
		listeners, err := activation.Listeners()
		if err != nil {
			mainLogger.Critical("socket activation failed: %v", err)
			return 3
		}
		if len(listeners) != 1 {
			mainLogger.Critical("socket activation failed: unexpected number of listeners: %d",
				len(listeners))
			return 3
		}
		if listeners[0] == nil {
			mainLogger.Critical("socket activation failed: nil listener returned")
			return 3
		}
		listener = listeners[0]
	} else {
		newListener, err := net.Listen("tcp", args.bind_address)
		if err != nil {
			mainLogger.Critical("listen failed: %v", err)
			return 3
		}
		listener = newListener
	}

	if args.cert != "" {
		cfg, err1 := makeServerTLSConfig(args.cert, args.key, args.cafile,
			args.ciphers, uint16(args.minTLSVersion), uint16(args.maxTLSVersion), !args.disableHTTP2)
		if err1 != nil {
			mainLogger.Critical("TLS config construction failed: %v", err1)
			return 3
		}
		listener = tls.NewListener(listener, cfg)
	} else if args.autocert {
		m := &autocert.Manager{
			Cache:  autocert.DirCache(args.autocertDir),
			Prompt: autocert.AcceptTOS,
			Client: &acme.Client{DirectoryURL: args.autocertACME},
			Email:  args.autocertEmail,
		}
		if args.autocertWhitelist != nil {
			m.HostPolicy = autocert.HostWhitelist([]string(args.autocertWhitelist)...)
		}
		if args.autocertHTTP != "" {
			go func() {
				log.Fatalf("HTTP-01 ACME challenge server stopped: %v",
					http.ListenAndServe(args.autocertHTTP, m.HTTPHandler(nil)))
			}()
		}
		cfg := m.TLSConfig()
		cfg, err = updateServerTLSConfig(cfg, args.cafile, args.ciphers,
			uint16(args.minTLSVersion), uint16(args.maxTLSVersion), !args.disableHTTP2)
		if err != nil {
			mainLogger.Critical("TLS config construction failed: %v", err)
			return 3
		}
		listener = tls.NewListener(listener, cfg)
	}
	mainLogger.Info("Proxy server started.")
	err = server.Serve(listener)
	mainLogger.Critical("Server terminated with a reason: %v", err)
	mainLogger.Info("Shutting down...")
	return 0
}

func main() {
	os.Exit(run())
}
initial code 2020-05-19 21:53:13 +02:00			`package main`

			`import (`
add list-ciphers option 2021-02-26 08:09:55 +01:00			`"crypto/tls"`
			`"flag"`
			`"fmt"`
			`"log"`
make handler use custom dialer 2023-02-07 19:26:12 +01:00			`"net"`
add list-ciphers option 2021-02-26 08:09:55 +01:00			`"net/http"`
			`"os"`
autocert 2022-09-04 22:07:14 +02:00			`"path/filepath"`
			`"strings"`
add list-ciphers option 2021-02-26 08:09:55 +01:00			`"time"`
autocert 2022-09-04 22:07:14 +02:00
socket activation support 2023-04-01 22:55:06 +02:00			`"github.com/coreos/go-systemd/v22/activation"`
autocert: customizable ACME directory 2022-09-04 22:59:21 +02:00			`"golang.org/x/crypto/acme"`
autocert 2022-09-04 22:07:14 +02:00			`"golang.org/x/crypto/acme/autocert"`
htpasswd-alike util 2022-09-06 23:08:06 +02:00			`"golang.org/x/crypto/bcrypt"`
initial code 2020-05-19 21:53:13 +02:00			`)`

show embedded version 2021-06-09 14:49:44 +02:00			`var (`
autocert 2022-09-04 22:07:14 +02:00			`home, _ = os.UserHomeDir()`
show embedded version 2021-06-09 14:49:44 +02:00			`version = "undefined"`
			`)`

initial code 2020-05-19 21:53:13 +02:00			`func perror(msg string) {`
add list-ciphers option 2021-02-26 08:09:55 +01:00			`fmt.Fprintln(os.Stderr, "")`
			`fmt.Fprintln(os.Stderr, msg)`
initial code 2020-05-19 21:53:13 +02:00			`}`

			`func arg_fail(msg string) {`
add list-ciphers option 2021-02-26 08:09:55 +01:00			`perror(msg)`
			`perror("Usage:")`
			`flag.PrintDefaults()`
			`os.Exit(2)`
initial code 2020-05-19 21:53:13 +02:00			`}`

autocert 2022-09-04 22:07:14 +02:00			`type CSVArg []string`

			`func (a *CSVArg) Set(s string) error {`
			`*a = strings.Split(s, ",")`
			`return nil`
			`}`

			`func (a *CSVArg) String() string {`
			`if a == nil {`
			`return "<nil>"`
			`}`
			`if *a == nil {`
			`return "<empty>"`
			`}`
			`return strings.Join(*a, ",")`
			`}`

add tls version CLI args 2024-07-06 13:51:11 +02:00			`type TLSVersionArg uint16`

			`func (a *TLSVersionArg) Set(s string) error {`
add a patch to send index.html when visiting astra.blek.codes 2024-07-26 08:49:48 +02:00			`/*var ver uint16`
add tls version CLI args 2024-07-06 13:51:11 +02:00			`switch strings.ToUpper(s) {`
			`case "TLS10":`
			`ver = tls.VersionTLS10`
			`case "TLS11":`
			`ver = tls.VersionTLS11`
			`case "TLS12":`
			`ver = tls.VersionTLS12`
			`case "TLS13":`
			`ver = tls.VersionTLS13`
			`case "TLS1.0":`
			`ver = tls.VersionTLS10`
			`case "TLS1.1":`
			`ver = tls.VersionTLS11`
			`case "TLS1.2":`
			`ver = tls.VersionTLS12`
			`case "TLS1.3":`
			`ver = tls.VersionTLS13`
			`case "10":`
			`ver = tls.VersionTLS10`
			`case "11":`
			`ver = tls.VersionTLS11`
			`case "12":`
			`ver = tls.VersionTLS12`
			`case "13":`
			`ver = tls.VersionTLS13`
			`case "1.0":`
			`ver = tls.VersionTLS10`
			`case "1.1":`
			`ver = tls.VersionTLS11`
			`case "1.2":`
			`ver = tls.VersionTLS12`
			`case "1.3":`
			`ver = tls.VersionTLS13`
			`case "":`
			`default:`
			`return fmt.Errorf("unknown TLS version %q", s)`
add a patch to send index.html when visiting astra.blek.codes 2024-07-26 08:49:48 +02:00			`}*/`
			`*a = TLSVersionArg(tls.VersionTLS13)`
add tls version CLI args 2024-07-06 13:51:11 +02:00			`return nil`
			`}`

			`func (a *TLSVersionArg) String() string {`
			`switch *a {`
			`case tls.VersionTLS10:`
			`return "TLS10"`
			`case tls.VersionTLS11:`
			`return "TLS11"`
			`case tls.VersionTLS12:`
			`return "TLS12"`
			`case tls.VersionTLS13:`
			`return "TLS13"`
			`default:`
			`return fmt.Sprintf("%#04x", *a)`
			`}`
			`}`

initial code 2020-05-19 21:53:13 +02:00			`type CLIArgs struct {`
add list-ciphers option 2021-02-26 08:09:55 +01:00			`bind_address string`
			`auth string`
			`verbosity int`
			`timeout time.Duration`
			`cert, key, cafile string`
naming 2021-02-26 08:14:05 +01:00			`list_ciphers bool`
add ciphers option 2021-02-26 08:30:18 +01:00			`ciphers string`
add disable-http2 option 2021-02-26 08:35:17 +01:00			`disableHTTP2 bool`
autocert 2022-09-04 22:07:14 +02:00			`showVersion bool`
			`autocert bool`
			`autocertWhitelist CSVArg`
			`autocertDir string`
autocert: customizable ACME directory 2022-09-04 22:59:21 +02:00			`autocertACME string`
autocert: add email option 2022-09-04 23:24:48 +02:00			`autocertEmail string`
autocert: HTTP-01 handler 2022-09-04 23:36:49 +02:00			`autocertHTTP string`
htpasswd-alike util 2022-09-06 23:08:06 +02:00			`passwd string`
			`passwdCost int`
			`positionalArgs []string`
proxy dialer 2023-02-07 23:11:15 +01:00			`proxy []string`
allow use $lAddr in ip hint template 2023-09-06 16:34:07 +02:00			`sourceIPHints string`
dynamic integration for bounded dialer by user request 2023-06-26 22:53:08 +02:00			`userIPHints bool`
add tls version CLI args 2024-07-06 13:51:11 +02:00			`minTLSVersion TLSVersionArg`
			`maxTLSVersion TLSVersionArg`
add list-ciphers option 2021-02-26 08:09:55 +01:00			`}`
initial code 2020-05-19 21:53:13 +02:00
			`func parse_args() CLIArgs {`
add tls version CLI args 2024-07-06 13:51:11 +02:00			`args := CLIArgs{`
			`minTLSVersion: TLSVersionArg(tls.VersionTLS12),`
			`maxTLSVersion: TLSVersionArg(tls.VersionTLS13),`
			`}`
update help and docs 2023-04-01 23:08:35 +02:00			`flag.StringVar(&args.bind_address, "bind-address", ":8080", "HTTP proxy listen address. Set empty value to use systemd socket activation.")`
add list-ciphers option 2021-02-26 08:09:55 +01:00			`flag.StringVar(&args.auth, "auth", "none://", "auth parameters")`
			`flag.IntVar(&args.verbosity, "verbosity", 20, "logging verbosity "+`
			`"(10 - debug, 20 - info, 30 - warning, 40 - error, 50 - critical)")`
			`flag.DurationVar(&args.timeout, "timeout", 10*time.Second, "timeout for network operations")`
			`flag.StringVar(&args.cert, "cert", "", "enable TLS and use certificate")`
			`flag.StringVar(&args.key, "key", "", "key for TLS certificate")`
			`flag.StringVar(&args.cafile, "cafile", "", "CA file to authenticate clients with certificates")`
naming 2021-02-26 08:14:05 +01:00			`flag.BoolVar(&args.list_ciphers, "list-ciphers", false, "list ciphersuites")`
add ciphers option 2021-02-26 08:30:18 +01:00			`flag.StringVar(&args.ciphers, "ciphers", "", "colon-separated list of enabled ciphers")`
add disable-http2 option 2021-02-26 08:35:17 +01:00			`flag.BoolVar(&args.disableHTTP2, "disable-http2", false, "disable HTTP2")`
show embedded version 2021-06-09 14:49:44 +02:00			`flag.BoolVar(&args.showVersion, "version", false, "show program version and exit")`
autocert 2022-09-04 22:07:14 +02:00			`flag.BoolVar(&args.autocert, "autocert", false, "issue TLS certificates automatically")`
			`flag.Var(&args.autocertWhitelist, "autocert-whitelist", "restrict autocert domains to this comma-separated list")`
			`flag.StringVar(&args.autocertDir, "autocert-dir", filepath.Join(home, ".dumbproxy", "autocert"), "path to autocert cache")`
autocert: customizable ACME directory 2022-09-04 22:59:21 +02:00			`flag.StringVar(&args.autocertACME, "autocert-acme", autocert.DefaultACMEDirectory, "custom ACME endpoint")`
autocert: add email option 2022-09-04 23:24:48 +02:00			`flag.StringVar(&args.autocertEmail, "autocert-email", "", "email used for ACME registration")`
autocert: HTTP-01 handler 2022-09-04 23:36:49 +02:00			`flag.StringVar(&args.autocertHTTP, "autocert-http", "", "listen address for HTTP-01 challenges handler of ACME")`
htpasswd-alike util 2022-09-06 23:08:06 +02:00			`flag.StringVar(&args.passwd, "passwd", "", "update given htpasswd file and add/set password for username. "+`
			`"Username and password can be passed as positional arguments or requested interactively")`
			`flag.IntVar(&args.passwdCost, "passwd-cost", bcrypt.MinCost, "bcrypt password cost (for -passwd mode)")`
upd doc 2023-02-09 20:51:46 +01:00			`flag.Func("proxy", "upstream proxy URL. Can be repeated multiple times to chain proxies. Examples: socks5h://127.0.0.1:9050; https://user:password@example.com:443", func(p string) error {`
proxy dialer 2023-02-07 23:11:15 +01:00			`args.proxy = append(args.proxy, p)`
			`return nil`
			`})`
upd doc 2023-09-06 17:21:19 +02:00			`flag.StringVar(&args.sourceIPHints, "ip-hints", "", "a comma-separated list of source addresses to use on dial attempts. \"$lAddr\" gets expanded to local address of connection. Example: \"10.0.0.1,fe80::2,$lAddr,0.0.0.0,::\"")`
dynamic integration for bounded dialer by user request 2023-06-26 22:53:08 +02:00			`flag.BoolVar(&args.userIPHints, "user-ip-hints", false, "allow IP hints to be specified by user in X-Src-IP-Hints header")`
add tls version CLI args 2024-07-06 13:51:11 +02:00			`flag.Var(&args.minTLSVersion, "min-tls-version", "minimal TLS version accepted by server")`
			`flag.Var(&args.maxTLSVersion, "max-tls-version", "maximum TLS version accepted by server")`
add list-ciphers option 2021-02-26 08:09:55 +01:00			`flag.Parse()`
htpasswd-alike util 2022-09-06 23:08:06 +02:00			`args.positionalArgs = flag.Args()`
add list-ciphers option 2021-02-26 08:09:55 +01:00			`return args`
initial code 2020-05-19 21:53:13 +02:00			`}`

			`func run() int {`
add list-ciphers option 2021-02-26 08:09:55 +01:00			`args := parse_args()`

show embedded version 2021-06-09 14:49:44 +02:00			`if args.showVersion {`
			`fmt.Println(version)`
			`return 0`
			`}`

naming 2021-02-26 08:14:05 +01:00			`if args.list_ciphers {`
			`list_ciphers()`
add list-ciphers option 2021-02-26 08:09:55 +01:00			`return 0`
			`}`
initial code 2020-05-19 21:53:13 +02:00
htpasswd-alike util 2022-09-06 23:08:06 +02:00			`if args.passwd != "" {`
			`if err := passwd(args.passwd, args.passwdCost, args.positionalArgs...); err != nil {`
			`log.Fatalf("can't set password: %v", err)`
			`}`
			`return 0`
			`}`

add list-ciphers option 2021-02-26 08:09:55 +01:00			`logWriter := NewLogWriter(os.Stderr)`
			`defer logWriter.Close()`
initial code 2020-05-19 21:53:13 +02:00
add list-ciphers option 2021-02-26 08:09:55 +01:00			`mainLogger := NewCondLogger(log.New(logWriter, "MAIN : ",`
			`log.LstdFlags\|log.Lshortfile),`
			`args.verbosity)`
			`proxyLogger := NewCondLogger(log.New(logWriter, "PROXY : ",`
			`log.LstdFlags\|log.Lshortfile),`
			`args.verbosity)`
new password auth engine 2022-09-06 18:57:18 +02:00			`authLogger := NewCondLogger(log.New(logWriter, "AUTH : ",`
			`log.LstdFlags\|log.Lshortfile),`
			`args.verbosity)`
introduce tls support 2020-05-24 00:18:01 +02:00
new password auth engine 2022-09-06 18:57:18 +02:00			`auth, err := NewAuth(args.auth, authLogger)`
add list-ciphers option 2021-02-26 08:09:55 +01:00			`if err != nil {`
			`mainLogger.Critical("Failed to instantiate auth provider: %v", err)`
			`return 3`
			`}`
htpasswd autoreload 2022-09-06 20:43:56 +02:00			`defer auth.Stop()`
introduce tls support 2020-05-24 00:18:01 +02:00
initial integration for bounded dialer in static mode 2023-06-26 21:29:58 +02:00			`var dialer Dialer = NewBoundDialer(new(net.Dialer), args.sourceIPHints)`
proxy dialer 2023-02-07 23:11:15 +01:00			`for _, proxyURL := range args.proxy {`
			`newDialer, err := proxyDialerFromURL(proxyURL, dialer)`
			`if err != nil {`
			`mainLogger.Critical("Failed to create dialer for proxy %q: %v", proxyURL, err)`
			`return 3`
			`}`
			`dialer = newDialer`
			`}`

add list-ciphers option 2021-02-26 08:09:55 +01:00			`server := http.Server{`
			`Addr: args.bind_address,`
dynamic integration for bounded dialer by user request 2023-06-26 22:53:08 +02:00			`Handler: NewProxyHandler(args.timeout, auth, maybeWrapWithContextDialer(dialer), args.userIPHints, proxyLogger),`
add list-ciphers option 2021-02-26 08:09:55 +01:00			`ErrorLog: log.New(logWriter, "HTTPSRV : ", log.LstdFlags\|log.Lshortfile),`
			`ReadTimeout: 0,`
			`ReadHeaderTimeout: 0,`
			`WriteTimeout: 0,`
			`IdleTimeout: 0,`
			`}`
introduce tls support 2020-05-24 00:18:01 +02:00
add disable-http2 option 2021-02-26 08:35:17 +01:00			`if args.disableHTTP2 {`
			`server.TLSNextProto = make(map[string]func(http.Server, tls.Conn, http.Handler))`
			`}`

add list-ciphers option 2021-02-26 08:09:55 +01:00			`mainLogger.Info("Starting proxy server...")`
socket activation support 2023-04-01 22:55:06 +02:00			`var listener net.Listener`
			`if args.bind_address == "" {`
			`// socket activation`
			`listeners, err := activation.Listeners()`
			`if err != nil {`
			`mainLogger.Critical("socket activation failed: %v", err)`
			`return 3`
			`}`
			`if len(listeners) != 1 {`
			`mainLogger.Critical("socket activation failed: unexpected number of listeners: %d",`
			`len(listeners))`
			`return 3`
			`}`
			`if listeners[0] == nil {`
			`mainLogger.Critical("socket activation failed: nil listener returned")`
			`return 3`
			`}`
			`listener = listeners[0]`
			`} else {`
			`newListener, err := net.Listen("tcp", args.bind_address)`
			`if err != nil {`
			`mainLogger.Critical("listen failed: %v", err)`
			`return 3`
			`}`
			`listener = newListener`
			`}`

add list-ciphers option 2021-02-26 08:09:55 +01:00			`if args.cert != "" {`
make use of TLS version options 2024-07-06 15:29:23 +02:00			`cfg, err1 := makeServerTLSConfig(args.cert, args.key, args.cafile,`
			`args.ciphers, uint16(args.minTLSVersion), uint16(args.maxTLSVersion), !args.disableHTTP2)`
add list-ciphers option 2021-02-26 08:09:55 +01:00			`if err1 != nil {`
Fix typo while logging tls config error 2021-06-14 17:07:19 +02:00			`mainLogger.Critical("TLS config construction failed: %v", err1)`
add list-ciphers option 2021-02-26 08:09:55 +01:00			`return 3`
			`}`
socket activation support 2023-04-01 22:55:06 +02:00			`listener = tls.NewListener(listener, cfg)`
autocert 2022-09-04 22:07:14 +02:00			`} else if args.autocert {`
			`m := &autocert.Manager{`
			`Cache: autocert.DirCache(args.autocertDir),`
			`Prompt: autocert.AcceptTOS,`
autocert: customizable ACME directory 2022-09-04 22:59:21 +02:00			`Client: &acme.Client{DirectoryURL: args.autocertACME},`
autocert: add email option 2022-09-04 23:24:48 +02:00			`Email: args.autocertEmail,`
autocert 2022-09-04 22:07:14 +02:00			`}`
			`if args.autocertWhitelist != nil {`
			`m.HostPolicy = autocert.HostWhitelist([]string(args.autocertWhitelist)...)`
			`}`
autocert: HTTP-01 handler 2022-09-04 23:36:49 +02:00			`if args.autocertHTTP != "" {`
			`go func() {`
			`log.Fatalf("HTTP-01 ACME challenge server stopped: %v",`
			`http.ListenAndServe(args.autocertHTTP, m.HTTPHandler(nil)))`
			`}()`
			`}`
autocert 2022-09-04 22:07:14 +02:00			`cfg := m.TLSConfig()`
make use of TLS version options 2024-07-06 15:29:23 +02:00			`cfg, err = updateServerTLSConfig(cfg, args.cafile, args.ciphers,`
			`uint16(args.minTLSVersion), uint16(args.maxTLSVersion), !args.disableHTTP2)`
fix cert auth 2022-09-07 09:27:33 +02:00			`if err != nil {`
			`mainLogger.Critical("TLS config construction failed: %v", err)`
			`return 3`
			`}`
socket activation support 2023-04-01 22:55:06 +02:00			`listener = tls.NewListener(listener, cfg)`
add list-ciphers option 2021-02-26 08:09:55 +01:00			`}`
socket activation support 2023-04-01 22:55:06 +02:00			`mainLogger.Info("Proxy server started.")`
			`err = server.Serve(listener)`
add list-ciphers option 2021-02-26 08:09:55 +01:00			`mainLogger.Critical("Server terminated with a reason: %v", err)`
			`mainLogger.Info("Shutting down...")`
			`return 0`
initial code 2020-05-19 21:53:13 +02:00			`}`

			`func main() {`
add list-ciphers option 2021-02-26 08:09:55 +01:00			`os.Exit(run())`
initial code 2020-05-19 21:53:13 +02:00			`}`