From ff112b07633827807e9195b3b5a32b507e3618e7 Mon Sep 17 00:00:00 2001 From: thxCode Date: Wed, 16 Aug 2023 10:04:25 +0800 Subject: [PATCH] refactor: clarify tls mode Signed-off-by: thxCode --- pkg/apis/logger.go | 32 ++++++++++++++++++++++---------- pkg/apis/server.go | 18 +++++++++++++++--- 2 files changed, 37 insertions(+), 13 deletions(-) diff --git a/pkg/apis/logger.go b/pkg/apis/logger.go index a5b5152b1..8ea86022c 100644 --- a/pkg/apis/logger.go +++ b/pkg/apis/logger.go @@ -1,16 +1,14 @@ package apis import ( - "bufio" - "bytes" stdlog "log" "strings" "github.com/seal-io/seal/utils/log" ) -func newStdLogger(delegate log.Logger) *stdlog.Logger { - return stdlog.New(logWriter{logger: delegate}, "", stdlog.Lshortfile) +func newStdErrorLogger(delegate log.Logger) *stdlog.Logger { + return stdlog.New(logWriter{logger: delegate}, "", 0) } type logWriter struct { @@ -18,14 +16,28 @@ type logWriter struct { } func (l logWriter) Write(p []byte) (int, error) { - s := bufio.NewScanner(bytes.NewReader(p)) - for s.Scan() { - if strings.HasSuffix(s.Text(), "tls: unknown certificate") { - continue + s := string(p) + + ok := true + + switch { + case strings.HasPrefix(s, "http: TLS handshake error from"): + switch { + case strings.HasSuffix(s, "tls: unknown certificate\n"): + // Ignore self-generated certificate errors from client. + ok = false + case strings.HasSuffix(s, "connection reset by peer\n"): + // Reset TLS handshake errors from client. + ok = false } + case strings.Contains(s, "broken pipe"): + // Terminate by client. + ok = false + } - l.logger.Info(s.Text()) + if ok { + l.logger.Warn(s) } - return len(p), s.Err() + return len(p), nil } diff --git a/pkg/apis/server.go b/pkg/apis/server.go index 5a4d65d92..1619bb158 100644 --- a/pkg/apis/server.go +++ b/pkg/apis/server.go @@ -64,12 +64,15 @@ func (s *Server) Serve(c context.Context, opts ServeOptions) error { // Serve https. g.Go(func(ctx context.Context) error { if opts.TlsMode == TlsModeDisabled { + s.logger.Info("serving in HTTP") + httpHandler <- handler + return nil } h := handler - lg := newStdLogger(s.logger.WithName("https")) + lg := newStdErrorLogger(s.logger.WithName("https")) ls, err := newTcpListener(ctx, opts.BindAddress, 443) if err != nil { @@ -84,6 +87,9 @@ func (s *Server) Serve(c context.Context, opts ServeOptions) error { switch opts.TlsMode { default: // TlsModeSelfGenerated. + s.logger.Info("serving in HTTPs with self-generated keypair", + "cache", opts.TlsCertDir) + mgr := &dynacert.Manager{ Cache: dynacert.DirCache(opts.TlsCertDir), } @@ -91,6 +97,10 @@ func (s *Server) Serve(c context.Context, opts ServeOptions) error { ls = tls.NewListener(ls, tlsConfig) httpHandler <- http.HandlerFunc(redirectHandler) case TlsModeAutoGenerated: + s.logger.InfoS("serving in HTTPs with auto-generated keypair", + "domains", opts.TlsAutoCertDomains, + "cache", opts.TlsCertDir) + mgr := &autocert.Manager{ Prompt: autocert.AcceptTOS, Cache: autocert.DirCache(opts.TlsCertDir), @@ -109,8 +119,10 @@ func (s *Server) Serve(c context.Context, opts ServeOptions) error { return mgr.GetCertificate(i) } ls = tls.NewListener(ls, tlsConfig) - httpHandler <- mgr.HTTPHandler(nil) + httpHandler <- mgr.HTTPHandler(http.HandlerFunc(redirectHandler)) case TlsModeCustomized: + s.logger.Info("serving in HTTPs with custom keypair") + cert, err := tls.LoadX509KeyPair(opts.TlsCertFile, opts.TlsPrivateKeyFile) if err != nil { return err @@ -128,7 +140,7 @@ func (s *Server) Serve(c context.Context, opts ServeOptions) error { // Serve http. g.Go(func(ctx context.Context) error { h := <-httpHandler - lg := newStdLogger(s.logger.WithName("http")) + lg := newStdErrorLogger(s.logger.WithName("http")) ls, err := newTcpListener(ctx, opts.BindAddress, 80) if err != nil {