douyi2664 2019-02-10 22:14
浏览 67

无需使用http.Serve即可激活Go TLS套接字服务器服务

I have the following code and systemd unit files. What I'm trying to do is activate the listener without having to use http.Serve to accept and receive incoming connections. If I change ln, err := tls.Listen("tcp", listen, config) to ln, err := activation.TLSListener(config) the only way I see I can receive data is using http.Serve. The error I get when using ln, err := activation.TLSListeners.(config) is ln.Accept undefined (type []net.Listener has no field or method Accept)

package main

import (
    "crypto/tls"
    "crypto/x509"
    "fmt"
    "io"
    "io/ioutil"
    "log"
    "net"
    "time"

    "github.com/coreos/go-systemd/daemon"
    "github.com/coreos/go-systemd/journal"
    "github.com/coreos/go-systemd/activation"
)

func createServerConfig(ca, crt, key string) (*tls.Config, error) {
    caCertPEM, err := ioutil.ReadFile(ca)
    if err != nil {
        return nil, err
    }

    roots := x509.NewCertPool()
    ok := roots.AppendCertsFromPEM(caCertPEM)
    if !ok {
        panic("failed to parse root certificate")
    }

    cert, err := tls.LoadX509KeyPair(crt, key)
    if err != nil {
        return nil, err
    }
    return &tls.Config{
        Certificates: []tls.Certificate{cert},
        ClientAuth:   tls.RequireAndVerifyClientCert,
        ClientCAs:    roots,
    }, nil
}

const (
    ca  = "/home/ajames/Shortcuts/Link to MainGoFolder/Workspace/servicecode/tls-server/certs/ca-chain.cert.pem"
    crt = "/home/ajames/Shortcuts/Link to MainGoFolder/Workspace/servicecode/tls-server/certs/tls-server2-SAN.pem"
    key = "/home/ajames/Shortcuts/Link to MainGoFolder/Workspace/servicecode/tls-server/certs/tls-server2-SAN.key"
    listen = "127.0.0.1:4433"
)

func main() {

    if journal.Enabled() {
        journal.Print(journal.PriInfo, "all systems ready...")
    }

    p := fmt.Println
    now := time.Now()
    p(now)

    config, err := createServerConfig(ca, crt, key)
    if err != nil {
        log.Fatal("config failed: %s", err.Error())
    }

    ln, err := tls.Listen("tcp", listen, config)
    if err != nil {
        log.Fatal("listen failed: %s", err.Error())
    }
    daemon.SdNotify(false, "READY=1")
    log.Printf("listen on %s", listen)

    go func() {
        interval, err := daemon.SdWatchdogEnabled(false)
        if err != nil || interval == 0 {
            return
        }
        for {
            daemon.SdNotify(false, "WATCHDOG=1")
            time.Sleep(interval / 3)
        }
    }()

    for {
        conn, err := ln.Accept()
        if err != nil {
            log.Fatal("accept failed: %s", err.Error())
            break
        }
        log.Printf("connection open: %s", conn.RemoteAddr())
        //printConnState(conn.(*tls.Conn))

        go func(c net.Conn) {
            wr, _ := io.Copy(c, c)
            c.Close()
            log.Printf("connection close: %s, written: %d", conn.RemoteAddr(), wr)
        }(conn)
    }
}


[Unit]
Description=tls server service
After=network.target tls-server.socket
Requires=tls-server.socket

[Service]
Type=notify
WatchdogSec=30s
StandardInput=socket
StandardError=journal
ExecStart=/usr/local/bin/tls-server
NonBlocking=true
Restart=on-failure

[Install]
WantedBy=multi-user.target


[Unit]
Description=tls server socket
StartLimitIntervalSec=10
PartOf=tls-server.service
After=network.target

[Socket]
ListenStream=127.0.0.1:4433
NoDelay=true
Accept=true
ReusePort=true
MaxConnections=200
Writable=true

[Install]
WantedBy=sockets.target
  • 写回答

1条回答 默认 最新

  • dsfb20227 2019-02-21 06:20
    关注
    I found a solution that works. The answer came from https://www.darkcoding.net/software/systemd-socket-activation-in-go/.

My new code looks like this

package main

import (
    "crypto/tls"
    "crypto/x509"
    "fmt"
    "io"
    "io/ioutil"
    "log"
    "net"
    "os"
    "strconv"
    "time"

    "github.com/coreos/go-systemd/journal"
)

func createServerConfig(ca, crt, key string) (*tls.Config, error) {
    caCertPEM, err := ioutil.ReadFile(ca)
    if err != nil {
        return nil, err
    }`enter code here`

    roots := x509.NewCertPool()
    ok := roots.AppendCertsFromPEM(caCertPEM)
    if !ok {
        panic("failed to parse root certificate")
    }

    cert, err := tls.LoadX509KeyPair(crt, key)
    if err != nil {
        return nil, err
    }
    return &tls.Config{
        Certificates: []tls.Certificate{cert},
        ClientAuth:   tls.RequireAndVerifyClientCert,
        ClientCAs:    roots,
    }, nil
}

const (
    ca          = "/usr/local/bin/certs/ca-chain.cert.pem"
    crt         = "/usr/local/bin/certs/tls-server2-SAN.pem"
    key         = "/usr/local/bin/certs/tls-server2-SAN.key"
    BUFFER_SIZE = 1024`enter code here`
)

func main() {
    if journal.Enabled() {
        journal.Print(journal.PriInfo, "all systems ready...")
    }

    p := fmt.Println
    now := time.Now()
    p(now)

    config, err := createServerConfig(ca, crt, key)
    if err != nil {
        log.Fatal("config failed: %s", err.Error())
    }
    if os.Getenv("LISTEN_PID") == strconv.Itoa(os.Getpid()) {
        // systemd run
        f := os.NewFile(3, "from systemd")
        ln, err := net.FileListener(f)
        if err != nil {
            log.Fatal(err)
        }
        tlsListener := tls.NewListener(ln, config)
        for {
            conn, err := tlsListener.Accept()
            if err != nil {
                log.Fatal("accept failed: %s", err.Error())
                break
            }
            log.Printf("connection open: %s", conn.RemoteAddr())
            //printConnState(conn.(*tls.Conn))
            go func(c net.Conn) {
                wr, _ := io.Copy(c, c)
                c.Close()
                log.Printf("connection close: %s, written: %d", conn.RemoteAddr(), wr)
            }(conn)
        }`enter code here`
    }
}
    评论

报告相同问题?

悬赏问题

  • ¥15 关于#hadoop#的问题
  • ¥15 (标签-Python|关键词-socket)
  • ¥15 keil里为什么main.c定义的函数在it.c调用不了
  • ¥50 切换TabTip键盘的输入法
  • ¥15 可否在不同线程中调用封装数据库操作的类
  • ¥15 微带串馈天线阵列每个阵元宽度计算
  • ¥15 keil的map文件中Image component sizes各项意思
  • ¥20 求个正点原子stm32f407开发版的贪吃蛇游戏
  • ¥15 划分vlan后,链路不通了?
  • ¥20 求各位懂行的人,注册表能不能看到usb使用得具体信息,干了什么,传输了什么数据