-
Notifications
You must be signed in to change notification settings - Fork 26
/
setup.go
108 lines (92 loc) · 3.22 KB
/
setup.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
package beyond
import (
"crypto/tls"
"flag"
"fmt"
"net/http"
"strings"
"github.com/dghubble/sessions"
"github.com/koding/websocketproxy"
"github.com/sirupsen/logrus"
)
var (
debug = flag.Bool("debug", true, "set debug loglevel")
host = flag.String("beyond-host", "beyond.myorg.net", "hostname of self")
healthPath = flag.String("health-path", "/healthz/ping", "URL of the health endpoint")
healthReply = flag.String("health-reply", "ok", "response body of the health endpoint")
cookieAge = flag.Int("cookie-age", 3600*6, "MaxAge setting in seconds")
cookieDom = flag.String("cookie-domain", ".myorg.net", "session cookie domain")
cookieKey1 = flag.String("cookie-key1", "", `key1 of cookie crypto pair (example: "t8yG1gmeEyeb7pQpw544UeCTyDfPkE6u")`)
cookieKey2 = flag.String("cookie-key2", "", `key2 of cookie crypto pair (example: "Q599vrruZRhLFC144thCRZpyHM7qGDjt")`)
cookieName = flag.String("cookie-name", "beyond", "session cookie name")
fouroFourMessage = flag.String("404-message", "Please contact the application administrators to setup access.", "message to use when backend apps do not respond")
fouroOneCode = flag.Int("401-code", 418, "status to respond when a user needs authentication")
headerPrefix = flag.String("header-prefix", "Beyond", "prefix extra headers with this string")
skipVerify = flag.Bool("insecure-skip-verify", false, "allow TLS backends without valid certificates")
wsCompress = flag.Bool("websocket-compression", false, "allow websocket transport compression (gorilla/experimental)")
store *sessions.CookieStore
tlsConfig = &tls.Config{}
)
// Setup initializes all configured modules
func Setup() error {
if *debug {
logrus.SetLevel(logrus.DebugLevel)
}
if len(*cookieKey1) == 0 {
return fmt.Errorf("missing cookie key")
}
// setup encrypted cookies
store = sessions.NewCookieStore([]byte(*cookieKey1), []byte(*cookieKey2))
store.Config.Domain = *cookieDom
store.Config.MaxAge = *cookieAge
store.Config.HTTPOnly = true
store.Config.SameSite = http.SameSiteNoneMode
store.Config.Secure = true
// setup backend encryption
tlsConfig.InsecureSkipVerify = *skipVerify
http.DefaultTransport = &http.Transport{TLSClientConfig: tlsConfig}
// setup websockets
if websocketproxy.DefaultDialer.TLSClientConfig == nil {
websocketproxy.DefaultDialer.TLSClientConfig = &tls.Config{}
}
websocketproxy.DefaultDialer.TLSClientConfig.InsecureSkipVerify = *skipVerify
websocketproxy.DefaultDialer.EnableCompression = *wsCompress
websocketproxy.DefaultUpgrader.EnableCompression = *wsCompress
websocketproxy.DefaultUpgrader.CheckOrigin = websocketproxyCheckOrigin
dURLs := []string{*dockerBase}
if len(*dockerURLs) > 0 {
dURLs = append(dURLs, strings.Split(*dockerURLs, ",")...)
}
for _, k := range strings.Split(*ghpHost, ",") {
ghpHosts[k] = true
}
err := dockerSetup(dURLs...)
if err == nil {
err = federateSetup()
}
if err == nil {
err = hostMasqSetup(*hostMasq)
}
if err == nil {
err = logSetup()
}
if err == nil {
err = oidcSetup(*oidcIssuer)
}
if err == nil {
err = samlSetup()
}
if err == nil {
err = refreshFence()
}
if err == nil {
err = refreshSites()
}
if err == nil {
err = refreshAllowlist()
}
if err == nil {
err = reproxy()
}
return err
}