gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2024-09-20 23:36:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2396 from gravitl/remove-stun

Browse source 
remove stun
This commit is contained in:
Alex Feiszli 2023-06-28 14:59:20 -04:00 committed by GitHub
parent ae92499a32 5857ff45d4
commit 0046baee1a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 1 additions and 176 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
compose/docker-compose.yml
View file

@ -12,7 +12,7 @@ services:
- sqldata:/root/data - sqldata:/root/data
environment: environment:
# config-dependant vars # config-dependant vars
- STUN_LIST=stun.${NM_DOMAIN}:${STUN_PORT},stun1.netmaker.io:3478,stun2.netmaker.io:3478,stun1.l.google.com:19302,stun2.l.google.com:19302 - STUN_LIST=stun1.netmaker.io:3478,stun2.netmaker.io:3478,stun1.l.google.com:19302,stun2.l.google.com:19302
# The domain/host IP indicating the mq broker address # The domain/host IP indicating the mq broker address
- BROKER_ENDPOINT=wss://broker.${NM_DOMAIN} - BROKER_ENDPOINT=wss://broker.${NM_DOMAIN}
# The base domain of netmaker # The base domain of netmaker
@ -26,8 +26,6 @@ services:
- TURN_SERVER_HOST=turn.${NM_DOMAIN} - TURN_SERVER_HOST=turn.${NM_DOMAIN}
# domain of the turn api server # domain of the turn api server
- TURN_SERVER_API_HOST=https://turnapi.${NM_DOMAIN} - TURN_SERVER_API_HOST=https://turnapi.${NM_DOMAIN}
ports:
- "3478:3478/udp"
netmaker-ui: netmaker-ui:
container_name: netmaker-ui container_name: netmaker-ui

6
docker/Caddyfile
View file

@ -26,12 +26,6 @@ https://api.{$NM_DOMAIN} {
reverse_proxy http://netmaker:8081 reverse_proxy http://netmaker:8081
} }
# STUN
https://stun.{$NM_DOMAIN} {
tls /root/certs/fullchain.pem /root/certs/privkey.pem
reverse_proxy netmaker:3478
}
# TURN # TURN
https://turn.{$NM_DOMAIN} { https://turn.{$NM_DOMAIN} {
tls /root/certs/fullchain.pem /root/certs/privkey.pem tls /root/certs/fullchain.pem /root/certs/privkey.pem

6
docker/Caddyfile-EE
View file

@ -44,12 +44,6 @@ https://api.{$NM_DOMAIN} {
reverse_proxy http://netmaker:8081 reverse_proxy http://netmaker:8081
} }
# STUN
https://stun.{$NM_DOMAIN} {
tls /root/certs/fullchain.pem /root/certs/privkey.pem
reverse_proxy netmaker:3478
}
# TURN # TURN
https://turn.{$NM_DOMAIN} { https://turn.{$NM_DOMAIN} {
tls /root/certs/fullchain.pem /root/certs/privkey.pem tls /root/certs/fullchain.pem /root/certs/privkey.pem

5
main.go
View file

@ -26,7 +26,6 @@ import (
"github.com/gravitl/netmaker/netclient/ncutils" "github.com/gravitl/netmaker/netclient/ncutils"
"github.com/gravitl/netmaker/servercfg" "github.com/gravitl/netmaker/servercfg"
"github.com/gravitl/netmaker/serverctl" "github.com/gravitl/netmaker/serverctl"
stunserver "github.com/gravitl/netmaker/stun-server"
"golang.org/x/exp/slog" "golang.org/x/exp/slog"
) )
@ -149,10 +148,6 @@ func startControllers(wg *sync.WaitGroup, ctx context.Context) {
logger.Log(0, "No Server Mode selected, so nothing is being served! Set Rest mode (REST_BACKEND) or MessageQueue (MESSAGEQUEUE_BACKEND) to 'true'.") logger.Log(0, "No Server Mode selected, so nothing is being served! Set Rest mode (REST_BACKEND) or MessageQueue (MESSAGEQUEUE_BACKEND) to 'true'.")
} }
// starts the stun server
wg.Add(1)
go stunserver.Start(wg, ctx)
wg.Add(1) wg.Add(1)
go logic.StartHookManager(ctx, wg) go logic.StartHookManager(ctx, wg)
} }

1
scripts/nm-certs.sh
View file

@ -31,7 +31,6 @@ CERTBOT_PARAMS=$(cat <<EOF
certonly --standalone \ certonly --standalone \
--non-interactive --agree-tos \ --non-interactive --agree-tos \
-m $NM_EMAIL \ -m $NM_EMAIL \
-d stun.$NM_DOMAIN \
-d api.$NM_DOMAIN \ -d api.$NM_DOMAIN \
-d broker.$NM_DOMAIN \ -d broker.$NM_DOMAIN \
-d dashboard.$NM_DOMAIN \ -d dashboard.$NM_DOMAIN \

1
scripts/nm-upgrade-0-17-1-to-0-19-0.sh
View file

@ -259,7 +259,6 @@ collect_server_settings() {
esac esac
done done
STUN_DOMAIN="stun.$SERVER_NAME"
TURN_DOMAIN="turn.$SERVER_NAME" TURN_DOMAIN="turn.$SERVER_NAME"
TURNAPI_DOMAIN="turnapi.$SERVER_NAME" TURNAPI_DOMAIN="turnapi.$SERVER_NAME"
echo "-----------------------------------------------------" echo "-----------------------------------------------------"

154
stun-server/stun-server.go
View file

@ -1,154 +0,0 @@
package stunserver
import (
"context"
"fmt"
"net"
"strings"
"sync"
"github.com/gravitl/netmaker/logger"
"github.com/gravitl/netmaker/servercfg"
"github.com/pkg/errors"
"gortc.io/stun"
)
// Server is RFC 5389 basic server implementation.
//
// Current implementation is UDP only and not utilizes FINGERPRINT mechanism,
// nor ALTERNATE-SERVER, nor credentials mechanisms. It does not support
// backwards compatibility with RFC 3489.
type Server struct {
Addr string
}
var (
software = stun.NewSoftware("netmaker-stun")
errNotSTUNMessage = errors.New("not stun message")
)
func basicProcess(addr net.Addr, b []byte, req, res *stun.Message) error {
if !stun.IsMessage(b) {
return errNotSTUNMessage
}
if _, err := req.Write(b); err != nil {
return errors.Wrap(err, "failed to read message")
}
var (
ip net.IP
port int
)
switch a := addr.(type) {
case *net.UDPAddr:
ip = a.IP
port = a.Port
default:
panic(fmt.Sprintf("unknown addr: %v", addr))
}
return res.Build(req,
stun.BindingSuccess,
software,
&stun.XORMappedAddress{
IP: ip,
Port: port,
},
stun.Fingerprint,
)
}
func (s *Server) serveConn(c net.PacketConn, res, req *stun.Message, ctx context.Context) error {
if c == nil {
return nil
}
go func(ctx context.Context) {
<-ctx.Done()
if c != nil {
// kill connection on server shutdown
c.Close()
}
}(ctx)
buf := make([]byte, 1024)
n, addr, err := c.ReadFrom(buf) // this be blocky af
if err != nil {
if !strings.Contains(err.Error(), "use of closed network connection") {
logger.Log(1, "STUN read error:", err.Error())
}
return nil
}
if _, err = req.Write(buf[:n]); err != nil {
logger.Log(1, "STUN write error:", err.Error())
return err
}
if err = basicProcess(addr, buf[:n], req, res); err != nil {
if err == errNotSTUNMessage {
return nil
}
logger.Log(1, "STUN process error:", err.Error())
return nil
}
_, err = c.WriteTo(res.Raw, addr)
if err != nil {
logger.Log(1, "STUN response write error", err.Error())
}
return err
}
// Serve reads packets from connections and responds to BINDING requests.
func (s *Server) serve(c net.PacketConn, ctx context.Context) error {
var (
res = new(stun.Message)
req = new(stun.Message)
)
for {
select {
case <-ctx.Done():
logger.Log(0, "shut down STUN server")
return nil
default:
if err := s.serveConn(c, res, req, ctx); err != nil {
logger.Log(1, "serve: %v", err.Error())
continue
}
res.Reset()
req.Reset()
}
}
}
// listenUDPAndServe listens on laddr and process incoming packets.
func listenUDPAndServe(ctx context.Context, serverNet, laddr string) error {
c, err := net.ListenPacket(serverNet, laddr)
if err != nil {
return err
}
s := &Server{
Addr: laddr,
}
return s.serve(c, ctx)
}
func normalize(address string) string {
if len(address) == 0 {
address = "0.0.0.0"
}
if !strings.Contains(address, ":") {
address = fmt.Sprintf("%s:%d", address, stun.DefaultPort)
}
return address
}
// Start - starts the stun server
func Start(wg *sync.WaitGroup, ctx context.Context) {
defer wg.Done()
normalized := normalize(fmt.Sprintf("0.0.0.0:%d", servercfg.GetStunPort()))
logger.Log(0, "netmaker-stun listening on", normalized, "via udp")
if err := listenUDPAndServe(ctx, "udp", normalized); err != nil {
if strings.Contains(err.Error(), "closed network connection") {
logger.Log(0, "shutdown STUN server")
} else {
logger.Log(0, "server: ", err.Error())
}
}
}