mirror of
https://github.com/gravitl/netmaker.git
synced 2024-09-20 23:36:18 +08:00
commit
0046baee1a
|
@ -12,7 +12,7 @@ services:
|
||||||
- sqldata:/root/data
|
- sqldata:/root/data
|
||||||
environment:
|
environment:
|
||||||
# config-dependant vars
|
# config-dependant vars
|
||||||
- STUN_LIST=stun.${NM_DOMAIN}:${STUN_PORT},stun1.netmaker.io:3478,stun2.netmaker.io:3478,stun1.l.google.com:19302,stun2.l.google.com:19302
|
- STUN_LIST=stun1.netmaker.io:3478,stun2.netmaker.io:3478,stun1.l.google.com:19302,stun2.l.google.com:19302
|
||||||
# The domain/host IP indicating the mq broker address
|
# The domain/host IP indicating the mq broker address
|
||||||
- BROKER_ENDPOINT=wss://broker.${NM_DOMAIN}
|
- BROKER_ENDPOINT=wss://broker.${NM_DOMAIN}
|
||||||
# The base domain of netmaker
|
# The base domain of netmaker
|
||||||
|
@ -26,8 +26,6 @@ services:
|
||||||
- TURN_SERVER_HOST=turn.${NM_DOMAIN}
|
- TURN_SERVER_HOST=turn.${NM_DOMAIN}
|
||||||
# domain of the turn api server
|
# domain of the turn api server
|
||||||
- TURN_SERVER_API_HOST=https://turnapi.${NM_DOMAIN}
|
- TURN_SERVER_API_HOST=https://turnapi.${NM_DOMAIN}
|
||||||
ports:
|
|
||||||
- "3478:3478/udp"
|
|
||||||
|
|
||||||
netmaker-ui:
|
netmaker-ui:
|
||||||
container_name: netmaker-ui
|
container_name: netmaker-ui
|
||||||
|
|
|
@ -26,12 +26,6 @@ https://api.{$NM_DOMAIN} {
|
||||||
reverse_proxy http://netmaker:8081
|
reverse_proxy http://netmaker:8081
|
||||||
}
|
}
|
||||||
|
|
||||||
# STUN
|
|
||||||
https://stun.{$NM_DOMAIN} {
|
|
||||||
tls /root/certs/fullchain.pem /root/certs/privkey.pem
|
|
||||||
reverse_proxy netmaker:3478
|
|
||||||
}
|
|
||||||
|
|
||||||
# TURN
|
# TURN
|
||||||
https://turn.{$NM_DOMAIN} {
|
https://turn.{$NM_DOMAIN} {
|
||||||
tls /root/certs/fullchain.pem /root/certs/privkey.pem
|
tls /root/certs/fullchain.pem /root/certs/privkey.pem
|
||||||
|
|
|
@ -44,12 +44,6 @@ https://api.{$NM_DOMAIN} {
|
||||||
reverse_proxy http://netmaker:8081
|
reverse_proxy http://netmaker:8081
|
||||||
}
|
}
|
||||||
|
|
||||||
# STUN
|
|
||||||
https://stun.{$NM_DOMAIN} {
|
|
||||||
tls /root/certs/fullchain.pem /root/certs/privkey.pem
|
|
||||||
reverse_proxy netmaker:3478
|
|
||||||
}
|
|
||||||
|
|
||||||
# TURN
|
# TURN
|
||||||
https://turn.{$NM_DOMAIN} {
|
https://turn.{$NM_DOMAIN} {
|
||||||
tls /root/certs/fullchain.pem /root/certs/privkey.pem
|
tls /root/certs/fullchain.pem /root/certs/privkey.pem
|
||||||
|
|
5
main.go
5
main.go
|
@ -26,7 +26,6 @@ import (
|
||||||
"github.com/gravitl/netmaker/netclient/ncutils"
|
"github.com/gravitl/netmaker/netclient/ncutils"
|
||||||
"github.com/gravitl/netmaker/servercfg"
|
"github.com/gravitl/netmaker/servercfg"
|
||||||
"github.com/gravitl/netmaker/serverctl"
|
"github.com/gravitl/netmaker/serverctl"
|
||||||
stunserver "github.com/gravitl/netmaker/stun-server"
|
|
||||||
"golang.org/x/exp/slog"
|
"golang.org/x/exp/slog"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -149,10 +148,6 @@ func startControllers(wg *sync.WaitGroup, ctx context.Context) {
|
||||||
logger.Log(0, "No Server Mode selected, so nothing is being served! Set Rest mode (REST_BACKEND) or MessageQueue (MESSAGEQUEUE_BACKEND) to 'true'.")
|
logger.Log(0, "No Server Mode selected, so nothing is being served! Set Rest mode (REST_BACKEND) or MessageQueue (MESSAGEQUEUE_BACKEND) to 'true'.")
|
||||||
}
|
}
|
||||||
|
|
||||||
// starts the stun server
|
|
||||||
wg.Add(1)
|
|
||||||
go stunserver.Start(wg, ctx)
|
|
||||||
|
|
||||||
wg.Add(1)
|
wg.Add(1)
|
||||||
go logic.StartHookManager(ctx, wg)
|
go logic.StartHookManager(ctx, wg)
|
||||||
}
|
}
|
||||||
|
|
|
@ -31,7 +31,6 @@ CERTBOT_PARAMS=$(cat <<EOF
|
||||||
certonly --standalone \
|
certonly --standalone \
|
||||||
--non-interactive --agree-tos \
|
--non-interactive --agree-tos \
|
||||||
-m $NM_EMAIL \
|
-m $NM_EMAIL \
|
||||||
-d stun.$NM_DOMAIN \
|
|
||||||
-d api.$NM_DOMAIN \
|
-d api.$NM_DOMAIN \
|
||||||
-d broker.$NM_DOMAIN \
|
-d broker.$NM_DOMAIN \
|
||||||
-d dashboard.$NM_DOMAIN \
|
-d dashboard.$NM_DOMAIN \
|
||||||
|
|
|
@ -259,7 +259,6 @@ collect_server_settings() {
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
|
||||||
STUN_DOMAIN="stun.$SERVER_NAME"
|
|
||||||
TURN_DOMAIN="turn.$SERVER_NAME"
|
TURN_DOMAIN="turn.$SERVER_NAME"
|
||||||
TURNAPI_DOMAIN="turnapi.$SERVER_NAME"
|
TURNAPI_DOMAIN="turnapi.$SERVER_NAME"
|
||||||
echo "-----------------------------------------------------"
|
echo "-----------------------------------------------------"
|
||||||
|
|
|
@ -1,154 +0,0 @@
|
||||||
package stunserver
|
|
||||||
|
|
||||||
import (
|
|
||||||
"context"
|
|
||||||
"fmt"
|
|
||||||
"net"
|
|
||||||
"strings"
|
|
||||||
"sync"
|
|
||||||
|
|
||||||
"github.com/gravitl/netmaker/logger"
|
|
||||||
"github.com/gravitl/netmaker/servercfg"
|
|
||||||
"github.com/pkg/errors"
|
|
||||||
"gortc.io/stun"
|
|
||||||
)
|
|
||||||
|
|
||||||
// Server is RFC 5389 basic server implementation.
|
|
||||||
//
|
|
||||||
// Current implementation is UDP only and not utilizes FINGERPRINT mechanism,
|
|
||||||
// nor ALTERNATE-SERVER, nor credentials mechanisms. It does not support
|
|
||||||
// backwards compatibility with RFC 3489.
|
|
||||||
type Server struct {
|
|
||||||
Addr string
|
|
||||||
}
|
|
||||||
|
|
||||||
var (
|
|
||||||
software = stun.NewSoftware("netmaker-stun")
|
|
||||||
errNotSTUNMessage = errors.New("not stun message")
|
|
||||||
)
|
|
||||||
|
|
||||||
func basicProcess(addr net.Addr, b []byte, req, res *stun.Message) error {
|
|
||||||
if !stun.IsMessage(b) {
|
|
||||||
return errNotSTUNMessage
|
|
||||||
}
|
|
||||||
if _, err := req.Write(b); err != nil {
|
|
||||||
return errors.Wrap(err, "failed to read message")
|
|
||||||
}
|
|
||||||
var (
|
|
||||||
ip net.IP
|
|
||||||
port int
|
|
||||||
)
|
|
||||||
switch a := addr.(type) {
|
|
||||||
case *net.UDPAddr:
|
|
||||||
ip = a.IP
|
|
||||||
port = a.Port
|
|
||||||
default:
|
|
||||||
panic(fmt.Sprintf("unknown addr: %v", addr))
|
|
||||||
}
|
|
||||||
return res.Build(req,
|
|
||||||
stun.BindingSuccess,
|
|
||||||
software,
|
|
||||||
&stun.XORMappedAddress{
|
|
||||||
IP: ip,
|
|
||||||
Port: port,
|
|
||||||
},
|
|
||||||
stun.Fingerprint,
|
|
||||||
)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *Server) serveConn(c net.PacketConn, res, req *stun.Message, ctx context.Context) error {
|
|
||||||
if c == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
go func(ctx context.Context) {
|
|
||||||
<-ctx.Done()
|
|
||||||
if c != nil {
|
|
||||||
// kill connection on server shutdown
|
|
||||||
c.Close()
|
|
||||||
}
|
|
||||||
}(ctx)
|
|
||||||
|
|
||||||
buf := make([]byte, 1024)
|
|
||||||
n, addr, err := c.ReadFrom(buf) // this be blocky af
|
|
||||||
if err != nil {
|
|
||||||
if !strings.Contains(err.Error(), "use of closed network connection") {
|
|
||||||
logger.Log(1, "STUN read error:", err.Error())
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
if _, err = req.Write(buf[:n]); err != nil {
|
|
||||||
logger.Log(1, "STUN write error:", err.Error())
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
if err = basicProcess(addr, buf[:n], req, res); err != nil {
|
|
||||||
if err == errNotSTUNMessage {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
logger.Log(1, "STUN process error:", err.Error())
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
_, err = c.WriteTo(res.Raw, addr)
|
|
||||||
if err != nil {
|
|
||||||
logger.Log(1, "STUN response write error", err.Error())
|
|
||||||
}
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Serve reads packets from connections and responds to BINDING requests.
|
|
||||||
func (s *Server) serve(c net.PacketConn, ctx context.Context) error {
|
|
||||||
var (
|
|
||||||
res = new(stun.Message)
|
|
||||||
req = new(stun.Message)
|
|
||||||
)
|
|
||||||
for {
|
|
||||||
select {
|
|
||||||
case <-ctx.Done():
|
|
||||||
logger.Log(0, "shut down STUN server")
|
|
||||||
return nil
|
|
||||||
default:
|
|
||||||
if err := s.serveConn(c, res, req, ctx); err != nil {
|
|
||||||
logger.Log(1, "serve: %v", err.Error())
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
res.Reset()
|
|
||||||
req.Reset()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// listenUDPAndServe listens on laddr and process incoming packets.
|
|
||||||
func listenUDPAndServe(ctx context.Context, serverNet, laddr string) error {
|
|
||||||
c, err := net.ListenPacket(serverNet, laddr)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
s := &Server{
|
|
||||||
Addr: laddr,
|
|
||||||
}
|
|
||||||
return s.serve(c, ctx)
|
|
||||||
}
|
|
||||||
|
|
||||||
func normalize(address string) string {
|
|
||||||
if len(address) == 0 {
|
|
||||||
address = "0.0.0.0"
|
|
||||||
}
|
|
||||||
if !strings.Contains(address, ":") {
|
|
||||||
address = fmt.Sprintf("%s:%d", address, stun.DefaultPort)
|
|
||||||
}
|
|
||||||
return address
|
|
||||||
}
|
|
||||||
|
|
||||||
// Start - starts the stun server
|
|
||||||
func Start(wg *sync.WaitGroup, ctx context.Context) {
|
|
||||||
defer wg.Done()
|
|
||||||
normalized := normalize(fmt.Sprintf("0.0.0.0:%d", servercfg.GetStunPort()))
|
|
||||||
logger.Log(0, "netmaker-stun listening on", normalized, "via udp")
|
|
||||||
if err := listenUDPAndServe(ctx, "udp", normalized); err != nil {
|
|
||||||
if strings.Contains(err.Error(), "closed network connection") {
|
|
||||||
logger.Log(0, "shutdown STUN server")
|
|
||||||
} else {
|
|
||||||
logger.Log(0, "server: ", err.Error())
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in a new issue