refactor: clarify tls mode

Signed-off-by: thxCode <[email protected]>
seal-io · Aug 16, 2023 · d895675 · d895675
1 parent 1e00759
commit d895675
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 13 deletions.
diff --git a/pkg/apis/logger.go b/pkg/apis/logger.go
@@ -1,31 +1,43 @@
 package apis
 
 import (
-	"bufio"
-	"bytes"
 	stdlog "log"
 	"strings"
 
 	"github.com/seal-io/seal/utils/log"
 )
 
-func newStdLogger(delegate log.Logger) *stdlog.Logger {
-	return stdlog.New(logWriter{logger: delegate}, "", stdlog.Lshortfile)
+func newStdErrorLogger(delegate log.Logger) *stdlog.Logger {
+	return stdlog.New(logWriter{logger: delegate}, "", 0)
 }
 
 type logWriter struct {
 	logger log.Logger
 }
 
 func (l logWriter) Write(p []byte) (int, error) {
-	s := bufio.NewScanner(bytes.NewReader(p))
-	for s.Scan() {
-		if strings.HasSuffix(s.Text(), "tls: unknown certificate") {
-			continue
+	s := string(p)
+
+	ok := true
+
+	switch {
+	case strings.HasPrefix(s, "http: TLS handshake error from"):
+		switch {
+		case strings.HasSuffix(s, "tls: unknown certificate\n"):
+			// Ignore self-generated certificate errors from client.
+			ok = false
+		case strings.HasSuffix(s, "connection reset by peer\n"):
+			// Reset TLS handshake errors from client.
+			ok = false
 		}
+	case strings.Contains(s, "broken pipe"):
+		// Terminate by client.
+		ok = false
+	}
 
-		l.logger.Info(s.Text())
+	if ok {
+		l.logger.Warn(s)
 	}
 
-	return len(p), s.Err()
+	return len(p), nil
 }
diff --git a/pkg/apis/server.go b/pkg/apis/server.go
@@ -64,12 +64,15 @@ func (s *Server) Serve(c context.Context, opts ServeOptions) error {
 	// Serve https.
 	g.Go(func(ctx context.Context) error {
 		if opts.TlsMode == TlsModeDisabled {
+			s.logger.Info("serving in HTTP")
+
 			httpHandler <- handler
+
 			return nil
 		}
 
 		h := handler
-		lg := newStdLogger(s.logger.WithName("https"))
+		lg := newStdErrorLogger(s.logger.WithName("https"))
 
 		ls, err := newTcpListener(ctx, opts.BindAddress, 443)
 		if err != nil {
@@ -84,13 +87,20 @@ func (s *Server) Serve(c context.Context, opts ServeOptions) error {
 
 		switch opts.TlsMode {
 		default: // TlsModeSelfGenerated.
+			s.logger.Info("serving in HTTPs with self-generated keypair",
+				"cache", opts.TlsCertDir)
+
 			mgr := &dynacert.Manager{
 				Cache: dynacert.DirCache(opts.TlsCertDir),
 			}
 			tlsConfig.GetCertificate = mgr.GetCertificate
 			ls = tls.NewListener(ls, tlsConfig)
 			httpHandler <- http.HandlerFunc(redirectHandler)
 		case TlsModeAutoGenerated:
+			s.logger.InfoS("serving in HTTPs with auto-generated keypair",
+				"domains", opts.TlsAutoCertDomains,
+				"cache", opts.TlsCertDir)
+
 			mgr := &autocert.Manager{
 				Prompt:     autocert.AcceptTOS,
 				Cache:      autocert.DirCache(opts.TlsCertDir),
@@ -109,8 +119,10 @@ func (s *Server) Serve(c context.Context, opts ServeOptions) error {
 				return mgr.GetCertificate(i)
 			}
 			ls = tls.NewListener(ls, tlsConfig)
-			httpHandler <- mgr.HTTPHandler(nil)
+			httpHandler <- mgr.HTTPHandler(http.HandlerFunc(redirectHandler))
 		case TlsModeCustomized:
+			s.logger.Info("serving in HTTPs with custom keypair")
+
 			cert, err := tls.LoadX509KeyPair(opts.TlsCertFile, opts.TlsPrivateKeyFile)
 			if err != nil {
 				return err
@@ -128,7 +140,7 @@ func (s *Server) Serve(c context.Context, opts ServeOptions) error {
 	// Serve http.
 	g.Go(func(ctx context.Context) error {
 		h := <-httpHandler
-		lg := newStdLogger(s.logger.WithName("http"))
+		lg := newStdErrorLogger(s.logger.WithName("http"))
 
 		ls, err := newTcpListener(ctx, opts.BindAddress, 80)
 		if err != nil {