Home Verkennen Help
Inloggen
cloudflare
/
cloudflared
spiegel van https://github.com/cloudflare/cloudflared
Volgen 1
Ster 0
Vork 0
Bestanden Kwesties
Boom: b01cfc90ad
Aftakkingen Labels
cloudflared
/
ingress
/
config.go

config.go 18 KB
Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576 
  1. package ingress
    2. 

  2. 

  3. import (
    4. 

  4. 	"encoding/json"
    5. 

  5. 	"time"
    6. 

  6. 

  7. 	"github.com/urfave/cli/v2"
    8. 

  8. 

  9. 	"github.com/cloudflare/cloudflared/config"
    10. 

  10. 	"github.com/cloudflare/cloudflared/ipaccess"
    11. 

  11. 	"github.com/cloudflare/cloudflared/tlsconfig"
    12. 

  12. )
    13. 

  13. 

  14. var (
    15. 

  15. 	defaultHTTPConnectTimeout        = config.CustomDuration{Duration: 30 * time.Second}
    16. 

  16. 	defaultWarpRoutingConnectTimeout = config.CustomDuration{Duration: 5 * time.Second}
    17. 

  17. 	defaultTLSTimeout                = config.CustomDuration{Duration: 10 * time.Second}
    18. 

  18. 	defaultTCPKeepAlive              = config.CustomDuration{Duration: 30 * time.Second}
    19. 

  19. 	defaultKeepAliveTimeout          = config.CustomDuration{Duration: 90 * time.Second}
    20. 

  20. )
    21. 

  21. 

  22. const (
    23. 

  23. 	defaultProxyAddress           = "127.0.0.1"
    24. 

  24. 	defaultKeepAliveConnections   = 100
    25. 

  25. 	SSHServerFlag                 = "ssh-server"
    26. 

  26. 	Socks5Flag                    = "socks5"
    27. 

  27. 	ProxyConnectTimeoutFlag       = "proxy-connect-timeout"
    28. 

  28. 	ProxyTLSTimeoutFlag           = "proxy-tls-timeout"
    29. 

  29. 	ProxyTCPKeepAliveFlag         = "proxy-tcp-keepalive"
    30. 

  30. 	ProxyNoHappyEyeballsFlag      = "proxy-no-happy-eyeballs"
    31. 

  31. 	ProxyKeepAliveConnectionsFlag = "proxy-keepalive-connections"
    32. 

  32. 	ProxyKeepAliveTimeoutFlag     = "proxy-keepalive-timeout"
    33. 

  33. 	HTTPHostHeaderFlag            = "http-host-header"
    34. 

  34. 	OriginServerNameFlag          = "origin-server-name"
    35. 

  35. 	MatchSNIToHostFlag            = "match-sni-to-host"
    36. 

  36. 	NoTLSVerifyFlag               = "no-tls-verify"
    37. 

  37. 	NoChunkedEncodingFlag         = "no-chunked-encoding"
    38. 

  38. 	ProxyAddressFlag              = "proxy-address"
    39. 

  39. 	ProxyPortFlag                 = "proxy-port"
    40. 

  40. 	Http2OriginFlag               = "http2-origin"
    41. 

  41. )
    42. 

  42. 

  43. const (
    44. 

  44. 	socksProxy = "socks"
    45. 

  45. )
    46. 

  46. 

  47. type WarpRoutingConfig struct {
    48. 

  48. 	ConnectTimeout config.CustomDuration `yaml:"connectTimeout" json:"connectTimeout,omitempty"`
    49. 

  49. 	TCPKeepAlive   config.CustomDuration `yaml:"tcpKeepAlive" json:"tcpKeepAlive,omitempty"`
    50. 

  50. }
    51. 

  51. 

  52. func NewWarpRoutingConfig(raw *config.WarpRoutingConfig) WarpRoutingConfig {
    53. 

  53. 	cfg := WarpRoutingConfig{
    54. 

  54. 		ConnectTimeout: defaultWarpRoutingConnectTimeout,
    55. 

  55. 		TCPKeepAlive:   defaultTCPKeepAlive,
    56. 

  56. 	}
    57. 

  57. 	if raw.ConnectTimeout != nil {
    58. 

  58. 		cfg.ConnectTimeout = *raw.ConnectTimeout
    59. 

  59. 	}
    60. 

  60. 	if raw.TCPKeepAlive != nil {
    61. 

  61. 		cfg.TCPKeepAlive = *raw.TCPKeepAlive
    62. 

  62. 	}
    63. 

  63. 	return cfg
    64. 

  64. }
    65. 

  65. 

  66. func (c *WarpRoutingConfig) RawConfig() config.WarpRoutingConfig {
    67. 

  67. 	raw := config.WarpRoutingConfig{}
    68. 

  68. 	if c.ConnectTimeout.Duration != defaultWarpRoutingConnectTimeout.Duration {
    69. 

  69. 		raw.ConnectTimeout = &c.ConnectTimeout
    70. 

  70. 	}
    71. 

  71. 	if c.TCPKeepAlive.Duration != defaultTCPKeepAlive.Duration {
    72. 

  72. 		raw.TCPKeepAlive = &c.TCPKeepAlive
    73. 

  73. 	}
    74. 

  74. 	return raw
    75. 

  75. }
    76. 

  76. 

  77. // RemoteConfig models ingress settings that can be managed remotely, for example through the dashboard.
    78. 

  78. type RemoteConfig struct {
    79. 

  79. 	Ingress     Ingress
    80. 

  80. 	WarpRouting WarpRoutingConfig
    81. 

  81. }
    82. 

  82. 

  83. type RemoteConfigJSON struct {
    84. 

  84. 	GlobalOriginRequest *config.OriginRequestConfig     `json:"originRequest,omitempty"`
    85. 

  85. 	IngressRules        []config.UnvalidatedIngressRule `json:"ingress"`
    86. 

  86. 	WarpRouting         config.WarpRoutingConfig        `json:"warp-routing"`
    87. 

  87. }
    88. 

  88. 

  89. func (rc *RemoteConfig) UnmarshalJSON(b []byte) error {
    90. 

  90. 	var rawConfig RemoteConfigJSON
    91. 

  91. 

  92. 	if err := json.Unmarshal(b, &rawConfig); err != nil {
    93. 

  93. 		return err
    94. 

  94. 	}
    95. 

  95. 

  96. 	// if nil, just assume the default values.
    97. 

  97. 	globalOriginRequestConfig := rawConfig.GlobalOriginRequest
    98. 

  98. 	if globalOriginRequestConfig == nil {
    99. 

  99. 		globalOriginRequestConfig = &config.OriginRequestConfig{}
    100. 

  100. 	}
    101. 

  101. 

  102. 	ingress, err := validateIngress(rawConfig.IngressRules, originRequestFromConfig(*globalOriginRequestConfig))
    103. 

  103. 	if err != nil {
    104. 

  104. 		return err
    105. 

  105. 	}
    106. 

  106. 

  107. 	rc.Ingress = ingress
    108. 

  108. 	rc.WarpRouting = NewWarpRoutingConfig(&rawConfig.WarpRouting)
    109. 

  109. 

  110. 	return nil
    111. 

  111. }
    112. 

  112. 

  113. func originRequestFromSingleRule(c *cli.Context) OriginRequestConfig {
    114. 

  114. 	var connectTimeout = defaultHTTPConnectTimeout
    115. 

  115. 	var tlsTimeout = defaultTLSTimeout
    116. 

  116. 	var tcpKeepAlive = defaultTCPKeepAlive
    117. 

  117. 	var noHappyEyeballs bool
    118. 

  118. 	var keepAliveConnections = defaultKeepAliveConnections
    119. 

  119. 	var keepAliveTimeout = defaultKeepAliveTimeout
    120. 

  120. 	var httpHostHeader string
    121. 

  121. 	var originServerName string
    122. 

  122. 	var matchSNItoHost bool
    123. 

  123. 	var caPool string
    124. 

  124. 	var noTLSVerify bool
    125. 

  125. 	var disableChunkedEncoding bool
    126. 

  126. 	var bastionMode bool
    127. 

  127. 	var proxyAddress = defaultProxyAddress
    128. 

  128. 	var proxyPort uint
    129. 

  129. 	var proxyType string
    130. 

  130. 	var http2Origin bool
    131. 

  131. 	if flag := ProxyConnectTimeoutFlag; c.IsSet(flag) {
    132. 

  132. 		connectTimeout = config.CustomDuration{Duration: c.Duration(flag)}
    133. 

  133. 	}
    134. 

  134. 	if flag := ProxyTLSTimeoutFlag; c.IsSet(flag) {
    135. 

  135. 		tlsTimeout = config.CustomDuration{Duration: c.Duration(flag)}
    136. 

  136. 	}
    137. 

  137. 	if flag := ProxyTCPKeepAliveFlag; c.IsSet(flag) {
    138. 

  138. 		tcpKeepAlive = config.CustomDuration{Duration: c.Duration(flag)}
    139. 

  139. 	}
    140. 

  140. 	if flag := ProxyNoHappyEyeballsFlag; c.IsSet(flag) {
    141. 

  141. 		noHappyEyeballs = c.Bool(flag)
    142. 

  142. 	}
    143. 

  143. 	if flag := ProxyKeepAliveConnectionsFlag; c.IsSet(flag) {
    144. 

  144. 		keepAliveConnections = c.Int(flag)
    145. 

  145. 	}
    146. 

  146. 	if flag := ProxyKeepAliveTimeoutFlag; c.IsSet(flag) {
    147. 

  147. 		keepAliveTimeout = config.CustomDuration{Duration: c.Duration(flag)}
    148. 

  148. 	}
    149. 

  149. 	if flag := HTTPHostHeaderFlag; c.IsSet(flag) {
    150. 

  150. 		httpHostHeader = c.String(flag)
    151. 

  151. 	}
    152. 

  152. 	if flag := OriginServerNameFlag; c.IsSet(flag) {
    153. 

  153. 		originServerName = c.String(flag)
    154. 

  154. 	}
    155. 

  155. 	if flag := MatchSNIToHostFlag; c.IsSet(flag) {
    156. 

  156. 		matchSNItoHost = c.Bool(flag)
    157. 

  157. 	}
    158. 

  158. 	if flag := tlsconfig.OriginCAPoolFlag; c.IsSet(flag) {
    159. 

  159. 		caPool = c.String(flag)
    160. 

  160. 	}
    161. 

  161. 	if flag := NoTLSVerifyFlag; c.IsSet(flag) {
    162. 

  162. 		noTLSVerify = c.Bool(flag)
    163. 

  163. 	}
    164. 

  164. 	if flag := NoChunkedEncodingFlag; c.IsSet(flag) {
    165. 

  165. 		disableChunkedEncoding = c.Bool(flag)
    166. 

  166. 	}
    167. 

  167. 	if flag := config.BastionFlag; c.IsSet(flag) {
    168. 

  168. 		bastionMode = c.Bool(flag)
    169. 

  169. 	}
    170. 

  170. 	if flag := ProxyAddressFlag; c.IsSet(flag) {
    171. 

  171. 		proxyAddress = c.String(flag)
    172. 

  172. 	}
    173. 

  173. 	if flag := ProxyPortFlag; c.IsSet(flag) {
    174. 

  174. 		// Note TUN-3758 , we use Int because UInt is not supported with altsrc
    175. 

  175. 		proxyPort = uint(c.Int(flag))
    176. 

  176. 	}
    177. 

  177. 	if flag := Http2OriginFlag; c.IsSet(flag) {
    178. 

  178. 		http2Origin = c.Bool(flag)
    179. 

  179. 	}
    180. 

  180. 	if c.IsSet(Socks5Flag) {
    181. 

  181. 		proxyType = socksProxy
    182. 

  182. 	}
    183. 

  183. 

  184. 	return OriginRequestConfig{
    185. 

  185. 		ConnectTimeout:         connectTimeout,
    186. 

  186. 		TLSTimeout:             tlsTimeout,
    187. 

  187. 		TCPKeepAlive:           tcpKeepAlive,
    188. 

  188. 		NoHappyEyeballs:        noHappyEyeballs,
    189. 

  189. 		KeepAliveConnections:   keepAliveConnections,
    190. 

  190. 		KeepAliveTimeout:       keepAliveTimeout,
    191. 

  191. 		HTTPHostHeader:         httpHostHeader,
    192. 

  192. 		OriginServerName:       originServerName,
    193. 

  193. 		MatchSNIToHost:         matchSNItoHost,
    194. 

  194. 		CAPool:                 caPool,
    195. 

  195. 		NoTLSVerify:            noTLSVerify,
    196. 

  196. 		DisableChunkedEncoding: disableChunkedEncoding,
    197. 

  197. 		BastionMode:            bastionMode,
    198. 

  198. 		ProxyAddress:           proxyAddress,
    199. 

  199. 		ProxyPort:              proxyPort,
    200. 

  200. 		ProxyType:              proxyType,
    201. 

  201. 		Http2Origin:            http2Origin,
    202. 

  202. 	}
    203. 

  203. }
    204. 

  204. 

  205. func originRequestFromConfig(c config.OriginRequestConfig) OriginRequestConfig {
    206. 

  206. 	out := OriginRequestConfig{
    207. 

  207. 		ConnectTimeout:       defaultHTTPConnectTimeout,
    208. 

  208. 		TLSTimeout:           defaultTLSTimeout,
    209. 

  209. 		TCPKeepAlive:         defaultTCPKeepAlive,
    210. 

  210. 		KeepAliveConnections: defaultKeepAliveConnections,
    211. 

  211. 		KeepAliveTimeout:     defaultKeepAliveTimeout,
    212. 

  212. 		ProxyAddress:         defaultProxyAddress,
    213. 

  213. 	}
    214. 

  214. 	if c.ConnectTimeout != nil {
    215. 

  215. 		out.ConnectTimeout = *c.ConnectTimeout
    216. 

  216. 	}
    217. 

  217. 	if c.TLSTimeout != nil {
    218. 

  218. 		out.TLSTimeout = *c.TLSTimeout
    219. 

  219. 	}
    220. 

  220. 	if c.TCPKeepAlive != nil {
    221. 

  221. 		out.TCPKeepAlive = *c.TCPKeepAlive
    222. 

  222. 	}
    223. 

  223. 	if c.NoHappyEyeballs != nil {
    224. 

  224. 		out.NoHappyEyeballs = *c.NoHappyEyeballs
    225. 

  225. 	}
    226. 

  226. 	if c.KeepAliveConnections != nil {
    227. 

  227. 		out.KeepAliveConnections = *c.KeepAliveConnections
    228. 

  228. 	}
    229. 

  229. 	if c.KeepAliveTimeout != nil {
    230. 

  230. 		out.KeepAliveTimeout = *c.KeepAliveTimeout
    231. 

  231. 	}
    232. 

  232. 	if c.HTTPHostHeader != nil {
    233. 

  233. 		out.HTTPHostHeader = *c.HTTPHostHeader
    234. 

  234. 	}
    235. 

  235. 	if c.OriginServerName != nil {
    236. 

  236. 		out.OriginServerName = *c.OriginServerName
    237. 

  237. 	}
    238. 

  238. 	if c.MatchSNIToHost != nil {
    239. 

  239. 		out.MatchSNIToHost = *c.MatchSNIToHost
    240. 

  240. 	}
    241. 

  241. 	if c.CAPool != nil {
    242. 

  242. 		out.CAPool = *c.CAPool
    243. 

  243. 	}
    244. 

  244. 	if c.NoTLSVerify != nil {
    245. 

  245. 		out.NoTLSVerify = *c.NoTLSVerify
    246. 

  246. 	}
    247. 

  247. 	if c.DisableChunkedEncoding != nil {
    248. 

  248. 		out.DisableChunkedEncoding = *c.DisableChunkedEncoding
    249. 

  249. 	}
    250. 

  250. 	if c.BastionMode != nil {
    251. 

  251. 		out.BastionMode = *c.BastionMode
    252. 

  252. 	}
    253. 

  253. 	if c.ProxyAddress != nil {
    254. 

  254. 		out.ProxyAddress = *c.ProxyAddress
    255. 

  255. 	}
    256. 

  256. 	if c.ProxyPort != nil {
    257. 

  257. 		out.ProxyPort = *c.ProxyPort
    258. 

  258. 	}
    259. 

  259. 	if c.ProxyType != nil {
    260. 

  260. 		out.ProxyType = *c.ProxyType
    261. 

  261. 	}
    262. 

  262. 	if len(c.IPRules) > 0 {
    263. 

  263. 		for _, r := range c.IPRules {
    264. 

  264. 			rule, err := ipaccess.NewRuleByCIDR(r.Prefix, r.Ports, r.Allow)
    265. 

  265. 			if err == nil {
    266. 

  266. 				out.IPRules = append(out.IPRules, rule)
    267. 

  267. 			}
    268. 

  268. 		}
    269. 

  269. 	}
    270. 

  270. 	if c.Http2Origin != nil {
    271. 

  271. 		out.Http2Origin = *c.Http2Origin
    272. 

  272. 	}
    273. 

  273. 	if c.Access != nil {
    274. 

  274. 		out.Access = *c.Access
    275. 

  275. 	}
    276. 

  276. 	return out
    277. 

  277. }
    278. 

  278. 

  279. // OriginRequestConfig configures how Cloudflared sends requests to origin
    280. 

  280. // services.
    281. 

  281. // Note: To specify a time.Duration in go-yaml, use e.g. "3s" or "24h".
    282. 

  282. type OriginRequestConfig struct {
    283. 

  283. 	// HTTP proxy timeout for establishing a new connection
    284. 

  284. 	ConnectTimeout config.CustomDuration `yaml:"connectTimeout" json:"connectTimeout"`
    285. 

  285. 	// HTTP proxy timeout for completing a TLS handshake
    286. 

  286. 	TLSTimeout config.CustomDuration `yaml:"tlsTimeout" json:"tlsTimeout"`
    287. 

  287. 	// HTTP proxy TCP keepalive duration
    288. 

  288. 	TCPKeepAlive config.CustomDuration `yaml:"tcpKeepAlive" json:"tcpKeepAlive"`
    289. 

  289. 	// HTTP proxy should disable "happy eyeballs" for IPv4/v6 fallback
    290. 

  290. 	NoHappyEyeballs bool `yaml:"noHappyEyeballs" json:"noHappyEyeballs"`
    291. 

  291. 	// HTTP proxy timeout for closing an idle connection
    292. 

  292. 	KeepAliveTimeout config.CustomDuration `yaml:"keepAliveTimeout" json:"keepAliveTimeout"`
    293. 

  293. 	// HTTP proxy maximum keepalive connection pool size
    294. 

  294. 	KeepAliveConnections int `yaml:"keepAliveConnections" json:"keepAliveConnections"`
    295. 

  295. 	// Sets the HTTP Host header for the local webserver.
    296. 

  296. 	HTTPHostHeader string `yaml:"httpHostHeader" json:"httpHostHeader"`
    297. 

  297. 	// Hostname on the origin server certificate.
    298. 

  298. 	OriginServerName string `yaml:"originServerName" json:"originServerName"`
    299. 

  299. 	// Auto configure the Hostname on the origin server certificate.
    300. 

  300. 	MatchSNIToHost bool `yaml:"matchSNItoHost" json:"matchSNItoHost"`
    301. 

  301. 	// Path to the CA for the certificate of your origin.
    302. 

  302. 	// This option should be used only if your certificate is not signed by Cloudflare.
    303. 

  303. 	CAPool string `yaml:"caPool" json:"caPool"`
    304. 

  304. 	// Disables TLS verification of the certificate presented by your origin.
    305. 

  305. 	// Will allow any certificate from the origin to be accepted.
    306. 

  306. 	// Note: The connection from your machine to Cloudflare's Edge is still encrypted.
    307. 

  307. 	NoTLSVerify bool `yaml:"noTLSVerify" json:"noTLSVerify"`
    308. 

  308. 	// Disables chunked transfer encoding.
    309. 

  309. 	// Useful if you are running a WSGI server.
    310. 

  310. 	DisableChunkedEncoding bool `yaml:"disableChunkedEncoding" json:"disableChunkedEncoding"`
    311. 

  311. 	// Runs as jump host
    312. 

  312. 	BastionMode bool `yaml:"bastionMode" json:"bastionMode"`
    313. 

  313. 	// Listen address for the proxy.
    314. 

  314. 	ProxyAddress string `yaml:"proxyAddress" json:"proxyAddress"`
    315. 

  315. 	// Listen port for the proxy.
    316. 

  316. 	ProxyPort uint `yaml:"proxyPort" json:"proxyPort"`
    317. 

  317. 	// What sort of proxy should be started
    318. 

  318. 	ProxyType string `yaml:"proxyType" json:"proxyType"`
    319. 

  319. 	// IP rules for the proxy service
    320. 

  320. 	IPRules []ipaccess.Rule `yaml:"ipRules" json:"ipRules"`
    321. 

  321. 	// Attempt to connect to origin with HTTP/2
    322. 

  322. 	Http2Origin bool `yaml:"http2Origin" json:"http2Origin"`
    323. 

  323. 

  324. 	// Access holds all access related configs
    325. 

  325. 	Access config.AccessConfig `yaml:"access" json:"access,omitempty"`
    326. 

  326. }
    327. 

  327. 

  328. func (defaults *OriginRequestConfig) setConnectTimeout(overrides config.OriginRequestConfig) {
    329. 

  329. 	if val := overrides.ConnectTimeout; val != nil {
    330. 

  330. 		defaults.ConnectTimeout = *val
    331. 

  331. 	}
    332. 

  332. }
    333. 

  333. 

  334. func (defaults *OriginRequestConfig) setTLSTimeout(overrides config.OriginRequestConfig) {
    335. 

  335. 	if val := overrides.TLSTimeout; val != nil {
    336. 

  336. 		defaults.TLSTimeout = *val
    337. 

  337. 	}
    338. 

  338. }
    339. 

  339. 

  340. func (defaults *OriginRequestConfig) setNoHappyEyeballs(overrides config.OriginRequestConfig) {
    341. 

  341. 	if val := overrides.NoHappyEyeballs; val != nil {
    342. 

  342. 		defaults.NoHappyEyeballs = *val
    343. 

  343. 	}
    344. 

  344. }
    345. 

  345. 

  346. func (defaults *OriginRequestConfig) setKeepAliveConnections(overrides config.OriginRequestConfig) {
    347. 

  347. 	if val := overrides.KeepAliveConnections; val != nil {
    348. 

  348. 		defaults.KeepAliveConnections = *val
    349. 

  349. 	}
    350. 

  350. }
    351. 

  351. 

  352. func (defaults *OriginRequestConfig) setKeepAliveTimeout(overrides config.OriginRequestConfig) {
    353. 

  353. 	if val := overrides.KeepAliveTimeout; val != nil {
    354. 

  354. 		defaults.KeepAliveTimeout = *val
    355. 

  355. 	}
    356. 

  356. }
    357. 

  357. 

  358. func (defaults *OriginRequestConfig) setTCPKeepAlive(overrides config.OriginRequestConfig) {
    359. 

  359. 	if val := overrides.TCPKeepAlive; val != nil {
    360. 

  360. 		defaults.TCPKeepAlive = *val
    361. 

  361. 	}
    362. 

  362. }
    363. 

  363. 

  364. func (defaults *OriginRequestConfig) setHTTPHostHeader(overrides config.OriginRequestConfig) {
    365. 

  365. 	if val := overrides.HTTPHostHeader; val != nil {
    366. 

  366. 		defaults.HTTPHostHeader = *val
    367. 

  367. 	}
    368. 

  368. }
    369. 

  369. 

  370. func (defaults *OriginRequestConfig) setOriginServerName(overrides config.OriginRequestConfig) {
    371. 

  371. 	if val := overrides.OriginServerName; val != nil {
    372. 

  372. 		defaults.OriginServerName = *val
    373. 

  373. 	}
    374. 

  374. }
    375. 

  375. 

  376. func (defaults *OriginRequestConfig) setMatchSNIToHost(overrides config.OriginRequestConfig) {
    377. 

  377. 	if val := overrides.MatchSNIToHost; val != nil {
    378. 

  378. 		defaults.MatchSNIToHost = *val
    379. 

  379. 	}
    380. 

  380. }
    381. 

  381. 

  382. func (defaults *OriginRequestConfig) setCAPool(overrides config.OriginRequestConfig) {
    383. 

  383. 	if val := overrides.CAPool; val != nil {
    384. 

  384. 		defaults.CAPool = *val
    385. 

  385. 	}
    386. 

  386. }
    387. 

  387. 

  388. func (defaults *OriginRequestConfig) setNoTLSVerify(overrides config.OriginRequestConfig) {
    389. 

  389. 	if val := overrides.NoTLSVerify; val != nil {
    390. 

  390. 		defaults.NoTLSVerify = *val
    391. 

  391. 	}
    392. 

  392. }
    393. 

  393. 

  394. func (defaults *OriginRequestConfig) setDisableChunkedEncoding(overrides config.OriginRequestConfig) {
    395. 

  395. 	if val := overrides.DisableChunkedEncoding; val != nil {
    396. 

  396. 		defaults.DisableChunkedEncoding = *val
    397. 

  397. 	}
    398. 

  398. }
    399. 

  399. 

  400. func (defaults *OriginRequestConfig) setBastionMode(overrides config.OriginRequestConfig) {
    401. 

  401. 	if val := overrides.BastionMode; val != nil {
    402. 

  402. 		defaults.BastionMode = *val
    403. 

  403. 	}
    404. 

  404. }
    405. 

  405. 

  406. func (defaults *OriginRequestConfig) setProxyPort(overrides config.OriginRequestConfig) {
    407. 

  407. 	if val := overrides.ProxyPort; val != nil {
    408. 

  408. 		defaults.ProxyPort = *val
    409. 

  409. 	}
    410. 

  410. }
    411. 

  411. 

  412. func (defaults *OriginRequestConfig) setProxyAddress(overrides config.OriginRequestConfig) {
    413. 

  413. 	if val := overrides.ProxyAddress; val != nil {
    414. 

  414. 		defaults.ProxyAddress = *val
    415. 

  415. 	}
    416. 

  416. }
    417. 

  417. 

  418. func (defaults *OriginRequestConfig) setProxyType(overrides config.OriginRequestConfig) {
    419. 

  419. 	if val := overrides.ProxyType; val != nil {
    420. 

  420. 		defaults.ProxyType = *val
    421. 

  421. 	}
    422. 

  422. }
    423. 

  423. 

  424. func (defaults *OriginRequestConfig) setIPRules(overrides config.OriginRequestConfig) {
    425. 

  425. 	if val := overrides.IPRules; len(val) > 0 {
    426. 

  426. 		ipAccessRule := make([]ipaccess.Rule, len(overrides.IPRules))
    427. 

  427. 		for i, r := range overrides.IPRules {
    428. 

  428. 			rule, err := ipaccess.NewRuleByCIDR(r.Prefix, r.Ports, r.Allow)
    429. 

  429. 			if err == nil {
    430. 

  430. 				ipAccessRule[i] = rule
    431. 

  431. 			}
    432. 

  432. 		}
    433. 

  433. 		defaults.IPRules = ipAccessRule
    434. 

  434. 	}
    435. 

  435. }
    436. 

  436. 

  437. func (defaults *OriginRequestConfig) setHttp2Origin(overrides config.OriginRequestConfig) {
    438. 

  438. 	if val := overrides.Http2Origin; val != nil {
    439. 

  439. 		defaults.Http2Origin = *val
    440. 

  440. 	}
    441. 

  441. }
    442. 

  442. 

  443. func (defaults *OriginRequestConfig) setAccess(overrides config.OriginRequestConfig) {
    444. 

  444. 	if val := overrides.Access; val != nil {
    445. 

  445. 		defaults.Access = *val
    446. 

  446. 	}
    447. 

  447. }
    448. 

  448. 

  449. // SetConfig gets config for the requests that cloudflared sends to origins.
    450. 

  450. // Each field has a setter method which sets a value for the field by trying to find:
    451. 

  451. //  1. The user config for this rule
    452. 

  452. //  2. The user config for the overall ingress config
    453. 

  453. //  3. Defaults chosen by the cloudflared team
    454. 

  454. //  4. Golang zero values for that type
    455. 

  455. //
    456. 

  456. // If an earlier option isn't set, it will try the next option down.
    457. 

  457. func setConfig(defaults OriginRequestConfig, overrides config.OriginRequestConfig) OriginRequestConfig {
    458. 

  458. 	cfg := defaults
    459. 

  459. 	cfg.setConnectTimeout(overrides)
    460. 

  460. 	cfg.setTLSTimeout(overrides)
    461. 

  461. 	cfg.setNoHappyEyeballs(overrides)
    462. 

  462. 	cfg.setKeepAliveConnections(overrides)
    463. 

  463. 	cfg.setKeepAliveTimeout(overrides)
    464. 

  464. 	cfg.setTCPKeepAlive(overrides)
    465. 

  465. 	cfg.setHTTPHostHeader(overrides)
    466. 

  466. 	cfg.setOriginServerName(overrides)
    467. 

  467. 	cfg.setMatchSNIToHost(overrides)
    468. 

  468. 	cfg.setCAPool(overrides)
    469. 

  469. 	cfg.setNoTLSVerify(overrides)
    470. 

  470. 	cfg.setDisableChunkedEncoding(overrides)
    471. 

  471. 	cfg.setBastionMode(overrides)
    472. 

  472. 	cfg.setProxyPort(overrides)
    473. 

  473. 	cfg.setProxyAddress(overrides)
    474. 

  474. 	cfg.setProxyType(overrides)
    475. 

  475. 	cfg.setIPRules(overrides)
    476. 

  476. 	cfg.setHttp2Origin(overrides)
    477. 

  477. 	cfg.setAccess(overrides)
    478. 

  478. 

  479. 	return cfg
    480. 

  480. }
    481. 

  481. 

  482. func ConvertToRawOriginConfig(c OriginRequestConfig) config.OriginRequestConfig {
    483. 

  483. 	var connectTimeout *config.CustomDuration
    484. 

  484. 	var tlsTimeout *config.CustomDuration
    485. 

  485. 	var tcpKeepAlive *config.CustomDuration
    486. 

  486. 	var keepAliveConnections *int
    487. 

  487. 	var keepAliveTimeout *config.CustomDuration
    488. 

  488. 	var proxyAddress *string
    489. 

  489. 	var access *config.AccessConfig
    490. 

  490. 

  491. 	if c.ConnectTimeout != defaultHTTPConnectTimeout {
    492. 

  492. 		connectTimeout = &c.ConnectTimeout
    493. 

  493. 	}
    494. 

  494. 	if c.TLSTimeout != defaultTLSTimeout {
    495. 

  495. 		tlsTimeout = &c.TLSTimeout
    496. 

  496. 	}
    497. 

  497. 	if c.TCPKeepAlive != defaultTCPKeepAlive {
    498. 

  498. 		tcpKeepAlive = &c.TCPKeepAlive
    499. 

  499. 	}
    500. 

  500. 	if c.KeepAliveConnections != defaultKeepAliveConnections {
    501. 

  501. 		keepAliveConnections = &c.KeepAliveConnections
    502. 

  502. 	}
    503. 

  503. 	if c.KeepAliveTimeout != defaultKeepAliveTimeout {
    504. 

  504. 		keepAliveTimeout = &c.KeepAliveTimeout
    505. 

  505. 	}
    506. 

  506. 	if c.ProxyAddress != defaultProxyAddress {
    507. 

  507. 		proxyAddress = &c.ProxyAddress
    508. 

  508. 	}
    509. 

  509. 	if c.Access.Required {
    510. 

  510. 		access = &c.Access
    511. 

  511. 	}
    512. 

  512. 

  513. 	return config.OriginRequestConfig{
    514. 

  514. 		ConnectTimeout:         connectTimeout,
    515. 

  515. 		TLSTimeout:             tlsTimeout,
    516. 

  516. 		TCPKeepAlive:           tcpKeepAlive,
    517. 

  517. 		NoHappyEyeballs:        defaultBoolToNil(c.NoHappyEyeballs),
    518. 

  518. 		KeepAliveConnections:   keepAliveConnections,
    519. 

  519. 		KeepAliveTimeout:       keepAliveTimeout,
    520. 

  520. 		HTTPHostHeader:         emptyStringToNil(c.HTTPHostHeader),
    521. 

  521. 		OriginServerName:       emptyStringToNil(c.OriginServerName),
    522. 

  522. 		MatchSNIToHost:         defaultBoolToNil(c.MatchSNIToHost),
    523. 

  523. 		CAPool:                 emptyStringToNil(c.CAPool),
    524. 

  524. 		NoTLSVerify:            defaultBoolToNil(c.NoTLSVerify),
    525. 

  525. 		DisableChunkedEncoding: defaultBoolToNil(c.DisableChunkedEncoding),
    526. 

  526. 		BastionMode:            defaultBoolToNil(c.BastionMode),
    527. 

  527. 		ProxyAddress:           proxyAddress,
    528. 

  528. 		ProxyPort:              zeroUIntToNil(c.ProxyPort),
    529. 

  529. 		ProxyType:              emptyStringToNil(c.ProxyType),
    530. 

  530. 		IPRules:                convertToRawIPRules(c.IPRules),
    531. 

  531. 		Http2Origin:            defaultBoolToNil(c.Http2Origin),
    532. 

  532. 		Access:                 access,
    533. 

  533. 	}
    534. 

  534. }
    535. 

  535. 

  536. func convertToRawIPRules(ipRules []ipaccess.Rule) []config.IngressIPRule {
    537. 

  537. 	result := make([]config.IngressIPRule, 0)
    538. 

  538. 	for _, r := range ipRules {
    539. 

  539. 		cidr := r.StringCIDR()
    540. 

  540. 

  541. 		newRule := config.IngressIPRule{
    542. 

  542. 			Prefix: &cidr,
    543. 

  543. 			Ports:  r.Ports(),
    544. 

  544. 			Allow:  r.RulePolicy(),
    545. 

  545. 		}
    546. 

  546. 

  547. 		result = append(result, newRule)
    548. 

  548. 	}
    549. 

  549. 

  550. 	return result
    551. 

  551. }
    552. 

  552. 

  553. func defaultBoolToNil(b bool) *bool {
    554. 

  554. 	if b == false {
    555. 

  555. 		return nil
    556. 

  556. 	}
    557. 

  557. 

  558. 	return &b
    559. 

  559. }
    560. 

  560. 

  561. func emptyStringToNil(s string) *string {
    562. 

  562. 	if s == "" {
    563. 

  563. 		return nil
    564. 

  564. 	}
    565. 

  565. 

  566. 	return &s
    567. 

  567. }
    568. 

  568. 

  569. func zeroUIntToNil(v uint) *uint {
    570. 

  570. 	if v == 0 {
    571. 

  571. 		return nil
    572. 

  572. 	}
    573. 

  573. 

  574. 	return &v
    575. 

  575. }
    576. 

  576.