mirror of
https://github.com/AdguardTeam/AdGuardHome.git
synced 2025-05-05 07:22:54 +03:00
home: refactor tls
This commit is contained in:
Ainar Garipov
parent
93882d6860
commit
a8850059db
9 changed files with 454 additions and 386 deletions
internal/home
|
|
@ -20,6 +20,7 @@ import (
|
|||
"github.com/AdguardTeam/golibs/log"
|
||||
"github.com/AdguardTeam/golibs/timeutil"
|
||||
"github.com/google/renameio/maybe"
|
||||
"golang.org/x/exp/slices"
|
||||
yaml "gopkg.in/yaml.v3"
|
||||
)
|
||||
|
||||
|
|
@ -113,8 +114,8 @@ type configuration struct {
|
|||
// An active session is automatically refreshed once a day.
|
||||
WebSessionTTLHours uint32 `yaml:"web_session_ttl"`
|
||||
|
||||
DNS dnsConfig `yaml:"dns"`
|
||||
TLS tlsConfigSettings `yaml:"tls"`
|
||||
DNS dnsConfig `yaml:"dns"`
|
||||
TLS tlsConfiguration `yaml:"tls"`
|
||||
|
||||
// Filters reflects the filters from [filtering.Config]. It's cloned to the
|
||||
// config used in the filtering module at the startup. Afterwards it's
|
||||
|
|
@ -199,7 +200,8 @@ type dnsConfig struct {
|
|||
UseHTTP3Upstreams bool `yaml:"use_http3_upstreams"`
|
||||
}
|
||||
|
||||
type tlsConfigSettings struct {
|
||||
// tlsConfiguration is the on-disk TLS configuration.
|
||||
type tlsConfiguration struct {
|
||||
Enabled bool `yaml:"enabled" json:"enabled"` // Enabled is the encryption (DoT/DoH/HTTPS) status
|
||||
ServerName string `yaml:"server_name" json:"server_name,omitempty"` // ServerName is the hostname of your HTTPS/TLS server
|
||||
ForceHTTPS bool `yaml:"force_https" json:"force_https"` // ForceHTTPS: if true, forces HTTP->HTTPS redirect
|
||||
|
|
@ -223,6 +225,22 @@ type tlsConfigSettings struct {
|
|||
dnsforward.TLSConfig `yaml:",inline" json:",inline"`
|
||||
}
|
||||
|
||||
// partialClone returns a clone of c with all top-level fields of c and all
|
||||
// exported and YAML-encoded fields of c.TLSConfig cloned.
|
||||
//
|
||||
// TODO(a.garipov): This is better than races, but still not good enough.
|
||||
func (c *tlsConfiguration) partialClone() (cloned *tlsConfiguration) {
|
||||
if c == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
v := *c
|
||||
cloned = &v
|
||||
cloned.OverrideTLSCiphers = slices.Clone(c.OverrideTLSCiphers)
|
||||
|
||||
return cloned
|
||||
}
|
||||
|
||||
// config is the global configuration structure.
|
||||
//
|
||||
// TODO(a.garipov, e.burkov): This global is awful and must be removed.
|
||||
|
|
@ -273,7 +291,7 @@ var config = &configuration{
|
|||
UpstreamTimeout: timeutil.Duration{Duration: dnsforward.DefaultTimeout},
|
||||
UsePrivateRDNS: true,
|
||||
},
|
||||
TLS: tlsConfigSettings{
|
||||
TLS: tlsConfiguration{
|
||||
PortHTTPS: defaultPortHTTPS,
|
||||
PortDNSOverTLS: defaultPortTLS, // needs to be passed through to dnsproxy
|
||||
PortDNSOverQUIC: defaultPortQUIC,
|
||||
|
|
@ -442,7 +460,7 @@ func (c *configuration) write() (err error) {
|
|||
}
|
||||
|
||||
if Context.tls != nil {
|
||||
tlsConf := tlsConfigSettings{}
|
||||
tlsConf := tlsConfiguration{}
|
||||
Context.tls.WriteDiskConfig(&tlsConf)
|
||||
config.TLS = tlsConf
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue