package proxy import ( "net" "net/http" "net/http/httputil" "net/url" "github.com/portainer/portainer/api" "github.com/portainer/portainer/api/crypto" ) // AzureAPIBaseURL is the URL where Azure API requests will be proxied. const AzureAPIBaseURL = "https://management.azure.com" // proxyFactory is a factory to create reverse proxies to Docker endpoints type proxyFactory struct { ResourceControlService portainer.ResourceControlService UserService portainer.UserService TeamMembershipService portainer.TeamMembershipService SettingsService portainer.SettingsService RegistryService portainer.RegistryService DockerHubService portainer.DockerHubService SignatureService portainer.DigitalSignatureService ReverseTunnelService portainer.ReverseTunnelService } func (factory *proxyFactory) newHTTPProxy(u *url.URL) http.Handler { u.Scheme = "http" return httputil.NewSingleHostReverseProxy(u) } func newAzureProxy(credentials *portainer.AzureCredentials) (http.Handler, error) { remoteURL, err := url.Parse(AzureAPIBaseURL) if err != nil { return nil, err } proxy := newSingleHostReverseProxyWithHostHeader(remoteURL) proxy.Transport = NewAzureTransport(credentials) return proxy, nil } func (factory *proxyFactory) newDockerHTTPSProxy(u *url.URL, tlsConfig *portainer.TLSConfiguration, endpoint *portainer.Endpoint) (http.Handler, error) { u.Scheme = "https" proxy := factory.createDockerReverseProxy(u, endpoint) config, err := crypto.CreateTLSConfigurationFromDisk(tlsConfig.TLSCACertPath, tlsConfig.TLSCertPath, tlsConfig.TLSKeyPath, tlsConfig.TLSSkipVerify) if err != nil { return nil, err } proxy.Transport.(*proxyTransport).dockerTransport.TLSClientConfig = config return proxy, nil } func (factory *proxyFactory) newDockerHTTPProxy(u *url.URL, endpoint *portainer.Endpoint) http.Handler { u.Scheme = "http" return factory.createDockerReverseProxy(u, endpoint) } func (factory *proxyFactory) createDockerReverseProxy(u *url.URL, endpoint *portainer.Endpoint) *httputil.ReverseProxy { proxy := newSingleHostReverseProxyWithHostHeader(u) enableSignature := false if endpoint.Type == portainer.AgentOnDockerEnvironment { enableSignature = true } transport := &proxyTransport{ enableSignature: enableSignature, ResourceControlService: factory.ResourceControlService, UserService: factory.UserService, TeamMembershipService: factory.TeamMembershipService, SettingsService: factory.SettingsService, RegistryService: factory.RegistryService, DockerHubService: factory.DockerHubService, ReverseTunnelService: factory.ReverseTunnelService, dockerTransport: &http.Transport{}, endpointIdentifier: endpoint.ID, endpointType: endpoint.Type, } if enableSignature { transport.SignatureService = factory.SignatureService } proxy.Transport = transport return proxy } func newSocketTransport(socketPath string) *http.Transport { return &http.Transport{ Dial: func(proto, addr string) (conn net.Conn, err error) { return net.Dial("unix", socketPath) }, } }