Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
K
keycloak-proxy
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container registry
Model registry
Operate
Environments
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Janne Mareike Koschinski
keycloak-proxy
Commits
075ddbe2
Commit
075ddbe2
authored
Feb 19, 2016
by
Rohith
Browse files
Options
Downloads
Patches
Plain Diff
- adding the keepalive options
parent
36215832
No related branches found
No related tags found
No related merge requests found
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
config.go
+4
-0
4 additions, 0 deletions
config.go
config_sample.yml
+2
-0
2 additions, 0 deletions
config_sample.yml
doc.go
+2
-0
2 additions, 0 deletions
doc.go
server.go
+31
-7
31 additions, 7 deletions
server.go
utils.go
+0
-18
0 additions, 18 deletions
utils.go
with
39 additions
and
25 deletions
config.go
+
4
−
0
View file @
075ddbe2
...
...
@@ -317,6 +317,10 @@ func getOptions() []cli.Flag {
Name
:
"hostname"
,
Usage
:
"a list of hostname which the service will respond to, defaults to all"
,
},
cli
.
BoolTFlag
{
Name
:
"keepalives"
,
Usage
:
"will disable http keepalive on the requests to the upstream endpoint"
,
},
cli
.
StringFlag
{
Name
:
"tls-cert"
,
Usage
:
"the path to a certificate file used for TLS"
,
...
...
This diff is collapsed.
Click to expand it.
config_sample.yml
+
2
−
0
View file @
075ddbe2
...
...
@@ -26,6 +26,8 @@ redirection_url: http://127.0.0.3000
encryption_key
:
AgXa7xRcoClDEU0ZDSH4X0XhL5Qy2Z2j
# the upstream endpoint which we should proxy request
upstream
:
http://127.0.0.1:80
# keepalive specified wheather you want keepalive on the upstream endpoint
keepalive
:
true
# additional scopes to add to add to the default (openid+email+profile)
scopes
:
-
vpn-user
...
...
This diff is collapsed.
Click to expand it.
doc.go
+
2
−
0
View file @
075ddbe2
...
...
@@ -105,6 +105,8 @@ type Config struct {
MaxSession
time
.
Duration
`json:"max_session" yaml:"max_session"`
// ClaimsMatch is a series of checks, the claims in the token must match those here
ClaimsMatch
map
[
string
]
string
`json:"claims" yaml:"claims"`
// Keepalives specifies wheather we use keepalives on the upstream
Keepalives
bool
`json:"keepalives" yaml:"keepalives"`
// Listen is the binding interface
Listen
string
`json:"listen" yaml:"listen"`
// ProxyProtocol enables proxy protocol
...
...
This diff is collapsed.
Click to expand it.
server.go
+
31
−
7
View file @
075ddbe2
...
...
@@ -29,7 +29,10 @@ import (
log
"github.com/Sirupsen/logrus"
"github.com/gin-gonic/gin"
"net"
"net/http/httputil"
"strings"
"time"
)
// KeycloakProxy is the server component
...
...
@@ -69,19 +72,19 @@ func newKeycloakProxy(cfg *Config) (*KeycloakProxy, error) {
return
nil
,
err
}
// step: initialize the reverse http proxy
reverse
,
err
:=
initializeReverseProxy
(
upstreamURL
)
if
err
!=
nil
{
return
nil
,
err
}
// step: create a proxy service
service
:=
&
KeycloakProxy
{
config
:
cfg
,
proxy
:
reverse
,
upstreamURL
:
upstreamURL
,
}
// step: initialize the reverse http proxy
reverse
,
err
:=
service
.
initializeReverseProxy
(
upstreamURL
)
if
err
!=
nil
{
return
nil
,
err
}
service
.
proxy
=
reverse
// step: initialize the openid client
if
cfg
.
SkipTokenVerification
{
log
.
Infof
(
"TESTING ONLY CONFIG - the verification of the token have been disabled"
)
...
...
@@ -98,6 +101,7 @@ func newKeycloakProxy(cfg *Config) (*KeycloakProxy, error) {
// step: initialize the gin router
router
:=
gin
.
New
()
service
.
router
=
router
// step: load the templates
service
.
initializeTemplates
()
for
_
,
resource
:=
range
cfg
.
Resources
{
...
...
@@ -281,3 +285,23 @@ func (r *KeycloakProxy) tryUpdateConnection(cx *gin.Context) error {
return
nil
}
// initializeReverseProxy create a reverse http proxy from the upstream
func
(
r
*
KeycloakProxy
)
initializeReverseProxy
(
upstream
*
url
.
URL
)
(
reverseProxy
,
error
)
{
proxy
:=
httputil
.
NewSingleHostReverseProxy
(
upstream
)
// step: we don't care about the cert verification here
proxy
.
Transport
=
&
http
.
Transport
{
Dial
:
(
&
net
.
Dialer
{
KeepAlive
:
10
*
time
.
Second
,
Timeout
:
10
*
time
.
Second
,
})
.
Dial
,
TLSClientConfig
:
&
tls
.
Config
{
InsecureSkipVerify
:
true
,
},
DisableKeepAlives
:
!
r
.
config
.
Keepalives
,
TLSHandshakeTimeout
:
10
*
time
.
Second
,
}
return
proxy
,
nil
}
This diff is collapsed.
Click to expand it.
utils.go
+
0
−
18
View file @
075ddbe2
...
...
@@ -24,7 +24,6 @@ import (
"io"
"net"
"net/http"
"net/http/httputil"
"net/url"
"os"
"regexp"
...
...
@@ -162,23 +161,6 @@ func decodeKeyPairs(list []string) (map[string]string, error) {
return
kp
,
nil
}
// initializeReverseProxy create a reverse http proxy from the upstream
func
initializeReverseProxy
(
upstream
*
url
.
URL
)
(
reverseProxy
,
error
)
{
proxy
:=
httputil
.
NewSingleHostReverseProxy
(
upstream
)
// step: we don't care about the cert verification here
proxy
.
Transport
=
&
http
.
Transport
{
//Proxy: http.ProxyFromEnvironment,
Dial
:
(
&
net
.
Dialer
{
Timeout
:
10
*
time
.
Second
,
})
.
Dial
,
TLSClientConfig
:
&
tls
.
Config
{
InsecureSkipVerify
:
true
,
},
}
return
proxy
,
nil
}
// tryDialEndpoint dials the upstream endpoint via plain
func
tryDialEndpoint
(
location
*
url
.
URL
)
(
net
.
Conn
,
error
)
{
// get the dial address
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
