Documentation ¶
Overview ¶
Package app connections to applications over a reverse tunnel and forwards HTTP requests to them.
Index ¶
- Constants
- func HasClientCert(r *http.Request) bool
- func HasFragment(r *http.Request) bool
- func HasName(r *http.Request, proxyPublicAddrs []utils.NetAddr) (string, bool)
- func HasSessionCookie(r *http.Request) bool
- func Match(ctx context.Context, authClient Getter, fn Matcher) ([]types.AppServer, error)
- func MatchOne(ctx context.Context, authClient Getter, fn Matcher) (types.AppServer, error)
- func MetaRedirect(w http.ResponseWriter, redirectURL string) error
- func ResolveFQDN(ctx context.Context, clt Getter, tunnel reversetunnelclient.Tunnel, ...) (types.AppServer, string, error)
- func SetRedirectPageHeaders(h http.Header, nonce string)
- type Getter
- type Handler
- type HandlerConfig
- type Matcher
Constants ¶
const ( // CookieName is the name of the application session cookie. CookieName = "__Host-grv_app_session" // SubjectCookieName is the name of the application session subject cookie. SubjectCookieName = "__Host-grv_app_session_subject" // AuthStateCookieName is the name of the state cookie used during the // initial authentication flow. AuthStateCookieName = "__Host-grv_app_auth_state" )
Variables ¶
This section is empty.
Functions ¶
func HasClientCert ¶
HasClientCert checks if the request has a client certificate.
func HasFragment ¶
HasFragment checks if the request is coming to the fragment authentication endpoint.
func HasName ¶
HasName checks if the client is attempting to connect to a host that is different than the public address of the proxy. If it is, it redirects back to the application launcher in the Web UI.
func HasSessionCookie ¶
HasSessionCookie checks if an application specific cookie exists.
func Match ¶
Match will match a list of applications with the passed in matcher function. Matcher functions that can match on public address and name are available. The resulting list is shuffled before it is returned.
func MatchOne ¶
MatchOne will match a single AppServer with the provided matcher function. If no AppServer are matched, it will return an error.
func MetaRedirect ¶
func MetaRedirect(w http.ResponseWriter, redirectURL string) error
MetaRedirect issues a "meta refresh" redirect.
func ResolveFQDN ¶
func ResolveFQDN(ctx context.Context, clt Getter, tunnel reversetunnelclient.Tunnel, proxyDNSNames []string, fqdn string) (types.AppServer, string, error)
ResolveFQDN makes a best effort attempt to resolve FQDN to an application running a root or leaf cluster.
Note: This function can incorrectly resolve application names. For example, if you have an application named "acme" within both the root and leaf cluster, this method will always return "acme" running within the root cluster. Always supply public address and cluster name to deterministically resolve an application.
func SetRedirectPageHeaders ¶
Types ¶
type Getter ¶
type Getter interface { // GetApplicationServers returns registered application servers. GetApplicationServers(context.Context, string) ([]types.AppServer, error) // GetClusterName returns cluster name GetClusterName(opts ...services.MarshalOption) (types.ClusterName, error) }
Getter returns a list of registered apps and the local cluster name.
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
Handler is an application handler.
func NewHandler ¶
func NewHandler(ctx context.Context, c *HandlerConfig) (*Handler, error)
NewHandler returns a new application handler.
func (*Handler) HandleConnection ¶
HandleConnection handles connections from plain TCP applications.
func (*Handler) HealthCheckAppServer ¶
func (h *Handler) HealthCheckAppServer(ctx context.Context, publicAddr string, clusterName string) error
HealthCheckAppServer establishes a connection to a AppServer that can handle application requests. Can be used to ensure the proxy can handle application requests before they arrive.
type HandlerConfig ¶
type HandlerConfig struct { // Clock is used to control time in tests. Clock clockwork.Clock // AuthClient is a direct client to auth. AuthClient auth.ClientI // AccessPoint is caching client to auth. AccessPoint auth.ProxyAccessPoint // ProxyClient holds connections to leaf clusters. ProxyClient reversetunnelclient.Tunnel // ProxyPublicAddrs contains web proxy public addresses. ProxyPublicAddrs []utils.NetAddr // CipherSuites is the list of TLS cipher suites that have been configured // for this process. CipherSuites []uint16 // WebPublicAddr WebPublicAddr string }
HandlerConfig is the configuration for an application handler.
func (*HandlerConfig) CheckAndSetDefaults ¶
func (c *HandlerConfig) CheckAndSetDefaults() error
CheckAndSetDefaults validates configuration.
type Matcher ¶
Matcher allows matching on different properties of an application.
func MatchHealthy ¶
func MatchHealthy(proxyClient reversetunnelclient.Tunnel, clusterName string) Matcher
MatchHealthy tries to establish a connection with the server using the `dialAppServer` function. The app server is matched if the function call doesn't return any error.
func MatchPublicAddr ¶
MatchPublicAddr matches on the public address of an application.