support acme http challenge

mrhaoxx · Apr 22, 2024 · 7d81ccc · 7d81ccc
1 parent 0123b4a
commit 7d81ccc
Show file tree

Hide file tree

Showing 5 changed files with 57 additions and 2 deletions.
diff --git a/http/html.go b/http/html.go
@@ -34,6 +34,7 @@ func (rw *NgResponseWriter) ErrorPage(code int, err string) {
  CODE string
  UTC string
  // ELA string
+ TAR string
  }{
  MSG: err,
  CODE: strconv.Itoa(code),
@@ -42,6 +43,7 @@ func (rw *NgResponseWriter) ErrorPage(code int, err string) {
  // CID: strconv.FormatUint(rw.ctx.conn.Id, 10),
  UTC: rw.ctx.starttime.UTC().Format("2006-01-02 15:04:05 UTC"),
  // ELA: time.Since(rw.ctx.starttime).String(),
+ TAR: rw.ctx.Req.Host + rw.ctx.Req.RequestURI,
  })
 }
 

diff --git a/http/html/error.html b/http/html/error.html
@@ -25,7 +25,7 @@
  </div>
 
  <div style="position: fixed; bottom: 0; width: 100%;color: #929292;font-family: monospace; font-weight: lighter;">
- RequestID: {{.RID}} · {{.RIP}} · {{.UTC}}
+ {{.TAR}} · RequestID: {{.RID}} · {{.RIP}} · {{.UTC}}
  </div>
 </body>
 

diff --git a/tcp/detect.go b/tcp/detect.go
@@ -15,6 +15,7 @@ const (
  KeyTLS = "tls"
  KeyTlsSni = "sni"
  KeyUnkownBytes = "unkownheadbytes"
+ KeyHTTPRequest = "http"
 )
 
 func readClientHello(reader io.Reader) (*tls.ClientHelloInfo, error) {
@@ -82,10 +83,11 @@ func (det *Detect) Handle(c *Conn) SerRet {
 }
 
 func DetectHTTP(r io.Reader, c *Conn) string {
- _, err := http.ReadRequest(bufio.NewReader(r))
+ rr, err := http.ReadRequest(bufio.NewReader(r))
  if err != nil {
  return ""
  }
+ c.Store(KeyHTTPRequest, rr)
  return "HTTP1"
 }
 

diff --git a/ui/config.go b/ui/config.go
@@ -11,6 +11,7 @@ type Cfg struct {
 
  IPFilter IpfilterConfig `yaml:"IPFilter,flow"`
  SSH SSHConfig `yaml:"SSH,flow"`
+ ACME ACMEConfig `yaml:"ACME,flow"`
 }
 
 type authConfig struct {
@@ -128,3 +129,8 @@ type SSHConfig struct {
  PrivateKeys []string `yaml:"PrivateKeys,flow"`
  Banner string `yaml:"Banner"`
 }
+
+type ACMEConfig struct {
+ Hosts []string `yaml:"Hosts,flow"`
+ WWWRoot string `yaml:"WWWRoot"`
+}
diff --git a/ui/myservice.go b/ui/myservice.go
@@ -3,6 +3,7 @@ package ui
 import (
  "errors"
  "net"
+ stdhttp "net/http"
  "os"
  "strconv"
  "strings"
@@ -51,6 +52,42 @@ var builtinHttpServices = map[string]http.Service{
  "NgUI": &UI{},
 }
 
+type AcmeWebRoot struct {
+ AllowedHosts []string
+ WWWRoot string
+}
+
+func (a *AcmeWebRoot) Handle(conn *tcp.Conn) tcp.SerRet {
+ _req, ok := conn.Load(tcp.KeyHTTPRequest)
+ if !ok {
+ return tcp.Continue
+ }
+
+ req, ok := _req.(*stdhttp.Request)
+
+ if !ok {
+ return tcp.Continue
+ }
+
+ if !strings.HasPrefix(req.URL.Path, "/.well-known/acme-challenge/") {
+ return tcp.Continue
+ }
+ for _, h := range a.AllowedHosts {
+ if req.Host == h {
+ goto allowed
+ }
+ }
+ return tcp.Continue
+
+allowed:
+ s := stdhttp.FileServer(stdhttp.Dir(a.WWWRoot))
+ stdhttp.Serve(utils.ConnGetSocket(conn.TopConn()), stdhttp.HandlerFunc(func(w stdhttp.ResponseWriter, r *stdhttp.Request) {
+ s.ServeHTTP(w, r)
+ }))
+ return tcp.Close
+
+}
+
 var builtinTcpServices = map[string]tcp.ServiceHandler{
  "tls": TlsMgr,
  "knock": Knock,
@@ -231,6 +268,14 @@ func LoadCfg(cfgs []byte) error {
  os.Exit(-1)
  }
 
+ if len(cfg.ACME.Hosts) > 0 {
+ acmec := AcmeWebRoot{
+ AllowedHosts: cfg.ACME.Hosts,
+ WWWRoot: cfg.ACME.WWWRoot,
+ }
+ builtinTcpServices["acme"] = &acmec
+ }
+
  var prik []gossh.Signer
  if len(cfg.SSH.PrivateKeys) > 0 {
  for _, key := range cfg.SSH.PrivateKeys {