mirror of
https://github.com/google/nomulus.git
synced 2025-05-01 20:47:52 +02:00
4a5b317016
Opened two ports (30010 and 30011 by default) that handles HTTP(S) GET requests. the HTTP request is redirected to the corresponding HTTPS site, whereas the HTTPS request is redirected to a site that supports web WHOIS. The GCLB currently exposes port 80, but not port 443 on its TCP proxy load balancer (see https://cloud.google.com/load-balancing/docs/choosing-load-balancer). As a result, the HTTP traffic has to be routed by the HTTP load balancer, which requires a separate HTTP health check (as opposed to the TCP health check that the TCP proxy LB uses). This CL also added support for HTTP health check. There is not a strong case for adding an end-to-end test for WebWhoisProtocolsModule (like those for EppProtocolModule, etc) as it just assembles standard HTTP codecs used for an HTTP server, plus the WebWhoisRedirectHandler, which is tested. The end-to-end test would just be testing if the Netty provided HTTP handlers correctly parse raw HTTP messages. Sever other small improvement is also included: [1] Use setInt other than set when setting content length in HTTP headers. I don't think it is necessary, but it is nevertheless a better practice to use a more specialized setter. [2] Do not write metrics when running locally. [3] Rename the qualifier @EppCertificates to @ServerSertificate as it now provides the certificate used in HTTPS traffic as well. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=206944843
139 lines
5.1 KiB
Java
139 lines
5.1 KiB
Java
// Copyright 2018 The Nomulus Authors. All Rights Reserved.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package google.registry.proxy;
|
|
|
|
import com.google.common.collect.ImmutableList;
|
|
import dagger.Module;
|
|
import dagger.Provides;
|
|
import dagger.multibindings.IntoSet;
|
|
import google.registry.proxy.CertificateModule.ServerCertificates;
|
|
import google.registry.proxy.Protocol.FrontendProtocol;
|
|
import google.registry.proxy.handler.SslServerInitializer;
|
|
import google.registry.proxy.handler.WebWhoisRedirectHandler;
|
|
import io.netty.channel.ChannelHandler;
|
|
import io.netty.channel.socket.nio.NioSocketChannel;
|
|
import io.netty.handler.codec.http.HttpServerCodec;
|
|
import io.netty.handler.codec.http.HttpServerExpectContinueHandler;
|
|
import io.netty.handler.ssl.SslProvider;
|
|
import java.security.PrivateKey;
|
|
import java.security.cert.X509Certificate;
|
|
import javax.inject.Provider;
|
|
import javax.inject.Qualifier;
|
|
import javax.inject.Singleton;
|
|
|
|
/** A module that provides the {@link FrontendProtocol}s to redirect HTTP(S) web WHOIS requests. */
|
|
@Module
|
|
public class WebWhoisProtocolsModule {
|
|
|
|
/** Dagger qualifier to provide HTTP whois protocol related handlers and other bindings. */
|
|
@Qualifier
|
|
@interface HttpWhoisProtocol {}
|
|
|
|
/** Dagger qualifier to provide HTTPS whois protocol related handlers and other bindings. */
|
|
@Qualifier
|
|
@interface HttpsWhoisProtocol {}
|
|
|
|
private static final String HTTP_PROTOCOL_NAME = "whois_http";
|
|
private static final String HTTPS_PROTOCOL_NAME = "whois_https";
|
|
|
|
@Singleton
|
|
@Provides
|
|
@IntoSet
|
|
static FrontendProtocol provideHttpWhoisProtocol(
|
|
@HttpWhoisProtocol int httpWhoisPort,
|
|
@HttpWhoisProtocol ImmutableList<Provider<? extends ChannelHandler>> handlerProviders) {
|
|
return google.registry.proxy.Protocol.frontendBuilder()
|
|
.name(HTTP_PROTOCOL_NAME)
|
|
.port(httpWhoisPort)
|
|
.hasBackend(false)
|
|
.handlerProviders(handlerProviders)
|
|
.build();
|
|
}
|
|
|
|
@Singleton
|
|
@Provides
|
|
@IntoSet
|
|
static FrontendProtocol provideHttpsWhoisProtocol(
|
|
@HttpsWhoisProtocol int httpsWhoisPort,
|
|
@HttpsWhoisProtocol ImmutableList<Provider<? extends ChannelHandler>> handlerProviders) {
|
|
return google.registry.proxy.Protocol.frontendBuilder()
|
|
.name(HTTPS_PROTOCOL_NAME)
|
|
.port(httpsWhoisPort)
|
|
.hasBackend(false)
|
|
.handlerProviders(handlerProviders)
|
|
.build();
|
|
}
|
|
|
|
@Provides
|
|
@HttpWhoisProtocol
|
|
static ImmutableList<Provider<? extends ChannelHandler>> providerHttpWhoisHandlerProviders(
|
|
Provider<HttpServerCodec> httpServerCodecProvider,
|
|
Provider<HttpServerExpectContinueHandler> httpServerExpectContinueHandlerProvider,
|
|
@HttpWhoisProtocol Provider<WebWhoisRedirectHandler> webWhoisRedirectHandlerProvides) {
|
|
return ImmutableList.of(
|
|
httpServerCodecProvider,
|
|
httpServerExpectContinueHandlerProvider,
|
|
webWhoisRedirectHandlerProvides);
|
|
};
|
|
|
|
@Provides
|
|
@HttpsWhoisProtocol
|
|
static ImmutableList<Provider<? extends ChannelHandler>> providerHttpsWhoisHandlerProviders(
|
|
@HttpsWhoisProtocol
|
|
Provider<SslServerInitializer<NioSocketChannel>> sslServerInitializerProvider,
|
|
Provider<HttpServerCodec> httpServerCodecProvider,
|
|
Provider<HttpServerExpectContinueHandler> httpServerExpectContinueHandlerProvider,
|
|
@HttpsWhoisProtocol Provider<WebWhoisRedirectHandler> webWhoisRedirectHandlerProvides) {
|
|
return ImmutableList.of(
|
|
sslServerInitializerProvider,
|
|
httpServerCodecProvider,
|
|
httpServerExpectContinueHandlerProvider,
|
|
webWhoisRedirectHandlerProvides);
|
|
};
|
|
|
|
@Provides
|
|
static HttpServerCodec provideHttpServerCodec() {
|
|
return new HttpServerCodec();
|
|
}
|
|
|
|
@Provides
|
|
@HttpWhoisProtocol
|
|
static WebWhoisRedirectHandler provideHttpRedirectHandler(
|
|
google.registry.proxy.ProxyConfig config) {
|
|
return new WebWhoisRedirectHandler(false, config.webWhois.redirectHost);
|
|
}
|
|
|
|
@Provides
|
|
@HttpsWhoisProtocol
|
|
static WebWhoisRedirectHandler provideHttpsRedirectHandler(
|
|
google.registry.proxy.ProxyConfig config) {
|
|
return new WebWhoisRedirectHandler(true, config.webWhois.redirectHost);
|
|
}
|
|
|
|
@Provides
|
|
static HttpServerExpectContinueHandler provideHttpServerExpectContinueHandler() {
|
|
return new HttpServerExpectContinueHandler();
|
|
}
|
|
|
|
@Singleton
|
|
@Provides
|
|
@HttpsWhoisProtocol
|
|
static SslServerInitializer<NioSocketChannel> provideSslServerInitializer(
|
|
SslProvider sslProvider,
|
|
@ServerCertificates PrivateKey privateKey,
|
|
@ServerCertificates X509Certificate... certificates) {
|
|
return new SslServerInitializer<>(false, sslProvider, privateKey, certificates);
|
|
}
|
|
}
|