Commit 5300eaa4 authored by Jacob Vosmaer's avatar Jacob Vosmaer

Add Unix socket support for authBackend

parent bf2a3ced
...@@ -16,6 +16,8 @@ auth request to GitLab Rails app) -> git-upload-pack ...@@ -16,6 +16,8 @@ auth request to GitLab Rails app) -> git-upload-pack
Options: Options:
-authBackend string -authBackend string
Authentication/authorization backend (default "http://localhost:8080") Authentication/authorization backend (default "http://localhost:8080")
-authSocket string
Optional: Unix domain socket to dial authBackend at
-listenAddr string -listenAddr string
Listen address for HTTP server (default "localhost:8181") Listen address for HTTP server (default "localhost:8181")
-listenNetwork string -listenNetwork string
......
...@@ -67,8 +67,8 @@ var gitServices = [...]gitService{ ...@@ -67,8 +67,8 @@ var gitServices = [...]gitService{
gitService{"GET", "/repository/archive.tar.bz2", handleGetArchive, "tar.bz2"}, gitService{"GET", "/repository/archive.tar.bz2", handleGetArchive, "tar.bz2"},
} }
func newGitHandler(authBackend string) *gitHandler { func newGitHandler(authBackend string, authTransport http.RoundTripper) *gitHandler {
return &gitHandler{&http.Client{}, authBackend} return &gitHandler{&http.Client{Transport: authTransport}, authBackend}
} }
func (h *gitHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { func (h *gitHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
......
...@@ -23,6 +23,7 @@ import ( ...@@ -23,6 +23,7 @@ import (
_ "net/http/pprof" _ "net/http/pprof"
"os" "os"
"syscall" "syscall"
"time"
) )
var Version string // Set at build time in the Makefile var Version string // Set at build time in the Makefile
...@@ -33,6 +34,7 @@ func main() { ...@@ -33,6 +34,7 @@ func main() {
listenNetwork := flag.String("listenNetwork", "tcp", "Listen 'network' (tcp, tcp4, tcp6, unix)") listenNetwork := flag.String("listenNetwork", "tcp", "Listen 'network' (tcp, tcp4, tcp6, unix)")
listenUmask := flag.Int("listenUmask", 022, "Umask for Unix socket, default: 022") listenUmask := flag.Int("listenUmask", 022, "Umask for Unix socket, default: 022")
authBackend := flag.String("authBackend", "http://localhost:8080", "Authentication/authorization backend") authBackend := flag.String("authBackend", "http://localhost:8080", "Authentication/authorization backend")
authSocket := flag.String("authSocket", "", "Optional: Unix domain socket to dial authBackend at")
pprofListenAddr := flag.String("pprofListenAddr", "", "pprof listening address, e.g. 'localhost:6060'") pprofListenAddr := flag.String("pprofListenAddr", "", "pprof listening address, e.g. 'localhost:6060'")
flag.Usage = func() { flag.Usage = func() {
fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0]) fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0])
...@@ -64,6 +66,20 @@ func main() { ...@@ -64,6 +66,20 @@ func main() {
log.Fatal(err) log.Fatal(err)
} }
var authTransport http.RoundTripper
if *authSocket != "" {
dialer := &net.Dialer{
// The values below are taken from http.DefaultTransport
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}
authTransport = &http.Transport{
Dial: func(_, _ string) (net.Conn, error) {
return dialer.Dial("unix", *authSocket)
},
}
}
// The profiler will only be activated by HTTP requests. HTTP // The profiler will only be activated by HTTP requests. HTTP
// requests can only reach the profiler if we start a listener. So by // requests can only reach the profiler if we start a listener. So by
// having no profiler HTTP listener by default, the profiler is // having no profiler HTTP listener by default, the profiler is
...@@ -77,6 +93,6 @@ func main() { ...@@ -77,6 +93,6 @@ func main() {
// Because net/http/pprof installs itself in the DefaultServeMux // Because net/http/pprof installs itself in the DefaultServeMux
// we create a fresh one for the Git server. // we create a fresh one for the Git server.
serveMux := http.NewServeMux() serveMux := http.NewServeMux()
serveMux.Handle("/", newGitHandler(*authBackend)) serveMux.Handle("/", newGitHandler(*authBackend, authTransport))
log.Fatal(http.Serve(listener, serveMux)) log.Fatal(http.Serve(listener, serveMux))
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment