2018-02-05 21:05:59 +00:00
|
|
|
package server // import "github.com/docker/docker/api/server"
|
2013-04-11 02:48:21 +00:00
|
|
|
|
|
|
|
|
import (
|
2018-04-19 22:30:59 +00:00
|
|
|
"context"
|
2015-05-07 16:49:07 +00:00
|
|
|
"crypto/tls"
|
2013-06-18 18:59:56 +00:00
|
|
|
"net"
|
2013-04-11 02:48:21 +00:00
|
|
|
"net/http"
|
2013-04-19 13:24:37 +00:00
|
|
|
"strings"
|
set ReadHeaderTimeout to address G112: Potential Slowloris Attack (gosec)
After discussing in the maintainers meeting, we concluded that Slowloris attacks
are not a real risk other than potentially having some additional goroutines
lingering around, so setting a long timeout to satisfy the linter, and to at
least have "some" timeout.
libnetwork/diagnostic/server.go:96:10: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
srv := &http.Server{
Addr: net.JoinHostPort(ip, strconv.Itoa(port)),
Handler: s,
}
api/server/server.go:60:10: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
srv: &http.Server{
Addr: addr,
},
daemon/metrics_unix.go:34:13: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
if err := http.Serve(l, mux); err != nil && !strings.Contains(err.Error(), "use of closed network connection") {
^
cmd/dockerd/metrics.go:27:13: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
if err := http.Serve(l, mux); err != nil && !strings.Contains(err.Error(), "use of closed network connection") {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-22 10:13:28 +00:00
|
|
|
"time"
|
2014-03-28 22:59:29 +00:00
|
|
|
|
errdefs: move GetHTTPErrorStatusCode to api/server/httpstatus
This reverts the changes made in 2a9c987e5a72549775ffa4dc31595ceff4f06a78, which
moved the GetHTTPErrorStatusCode() utility to the errdefs package.
While it seemed to make sense at the time to have the errdefs package provide
conversion both from HTTP status codes errdefs and the reverse, a side-effect
of the move was that the errdefs package now had a dependency on various external
modules, to handle conversio of errors coming from those sub-systems, such as;
- github.com/containerd/containerd
- github.com/docker/distribution
- google.golang.org/grpc
This patch moves the conversion from (errdef-) errors to HTTP status-codes to a
api/server/httpstatus package, which is only used by the API server, and should
not be needed by client-code using the errdefs package.
The MakeErrorHandler() utility was moved to the API server itself, as that's the
only place it's used. While the same applies to the GetHTTPErrorStatusCode func,
I opted for keeping that in its own package for a slightly cleaner interface.
Why not move it into the api/server/httputils package?
The api/server/httputils package is also imported in the client package, which
uses the httputils.ParseForm() and httputils.HijackConnection() functions as
part of the TestTLSCloseWriter() test. While this is only used in tests, I
wanted to avoid introducing the indirect depdencencies outside of the api/server
code.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-21 10:27:39 +00:00
|
|
|
"github.com/docker/docker/api/server/httpstatus"
|
2015-09-23 23:42:08 +00:00
|
|
|
"github.com/docker/docker/api/server/httputils"
|
2016-04-08 23:22:39 +00:00
|
|
|
"github.com/docker/docker/api/server/middleware"
|
2015-09-23 23:42:08 +00:00
|
|
|
"github.com/docker/docker/api/server/router"
|
2017-04-08 18:43:42 +00:00
|
|
|
"github.com/docker/docker/api/server/router/debug"
|
2016-12-22 21:51:47 +00:00
|
|
|
"github.com/docker/docker/dockerversion"
|
2015-09-29 21:32:07 +00:00
|
|
|
"github.com/gorilla/mux"
|
2017-07-26 21:42:13 +00:00
|
|
|
"github.com/sirupsen/logrus"
|
2013-04-11 02:48:21 +00:00
|
|
|
)
|
|
|
|
|
|
2015-09-25 10:19:17 +00:00
|
|
|
// versionMatcher defines a variable matcher to be parsed by the router
|
|
|
|
|
// when a request is about to be served.
|
|
|
|
|
const versionMatcher = "/v{version:[0-9.]+}"
|
|
|
|
|
|
2015-07-21 05:15:44 +00:00
|
|
|
// Config provides the configuration for the API server
|
|
|
|
|
type Config struct {
|
2016-04-08 23:22:39 +00:00
|
|
|
CorsHeaders string
|
|
|
|
|
Version string
|
|
|
|
|
SocketGroup string
|
|
|
|
|
TLSConfig *tls.Config
|
2022-06-05 19:25:02 +00:00
|
|
|
// Hosts is a list of addresses for the API to listen on.
|
|
|
|
|
Hosts []string
|
2015-04-16 19:48:04 +00:00
|
|
|
}
|
|
|
|
|
|
2015-07-21 05:15:44 +00:00
|
|
|
// Server contains instance details for the server
|
2015-04-17 21:32:18 +00:00
|
|
|
type Server struct {
|
2019-09-04 20:47:16 +00:00
|
|
|
cfg *Config
|
|
|
|
|
servers []*HTTPServer
|
|
|
|
|
routers []router.Router
|
|
|
|
|
middlewares []middleware.Middleware
|
2015-04-17 21:32:18 +00:00
|
|
|
}
|
|
|
|
|
|
2015-07-21 05:15:44 +00:00
|
|
|
// New returns a new instance of the server based on the specified configuration.
|
2015-10-05 16:32:08 +00:00
|
|
|
// It allocates resources which will be needed for ServeAPI(ports, unix-sockets).
|
2016-02-11 18:30:23 +00:00
|
|
|
func New(cfg *Config) *Server {
|
|
|
|
|
return &Server{
|
2015-11-25 19:05:31 +00:00
|
|
|
cfg: cfg,
|
2015-04-17 21:32:18 +00:00
|
|
|
}
|
2016-02-11 18:30:23 +00:00
|
|
|
}
|
|
|
|
|
|
2016-04-08 23:22:39 +00:00
|
|
|
// UseMiddleware appends a new middleware to the request chain.
|
|
|
|
|
// This needs to be called before the API routes are configured.
|
|
|
|
|
func (s *Server) UseMiddleware(m middleware.Middleware) {
|
|
|
|
|
s.middlewares = append(s.middlewares, m)
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-11 18:30:23 +00:00
|
|
|
// Accept sets a listener the server accepts connections into.
|
|
|
|
|
func (s *Server) Accept(addr string, listeners ...net.Listener) {
|
|
|
|
|
for _, listener := range listeners {
|
|
|
|
|
httpServer := &HTTPServer{
|
|
|
|
|
srv: &http.Server{
|
set ReadHeaderTimeout to address G112: Potential Slowloris Attack (gosec)
After discussing in the maintainers meeting, we concluded that Slowloris attacks
are not a real risk other than potentially having some additional goroutines
lingering around, so setting a long timeout to satisfy the linter, and to at
least have "some" timeout.
libnetwork/diagnostic/server.go:96:10: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
srv := &http.Server{
Addr: net.JoinHostPort(ip, strconv.Itoa(port)),
Handler: s,
}
api/server/server.go:60:10: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
srv: &http.Server{
Addr: addr,
},
daemon/metrics_unix.go:34:13: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
if err := http.Serve(l, mux); err != nil && !strings.Contains(err.Error(), "use of closed network connection") {
^
cmd/dockerd/metrics.go:27:13: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
if err := http.Serve(l, mux); err != nil && !strings.Contains(err.Error(), "use of closed network connection") {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-22 10:13:28 +00:00
|
|
|
Addr: addr,
|
|
|
|
|
ReadHeaderTimeout: 5 * time.Minute, // "G112: Potential Slowloris Attack (gosec)"; not a real concern for our use, so setting a long timeout.
|
2016-02-11 18:30:23 +00:00
|
|
|
},
|
|
|
|
|
l: listener,
|
2015-10-05 16:32:08 +00:00
|
|
|
}
|
2016-02-11 18:30:23 +00:00
|
|
|
s.servers = append(s.servers, httpServer)
|
2015-10-05 16:32:08 +00:00
|
|
|
}
|
2015-04-17 21:32:18 +00:00
|
|
|
}
|
|
|
|
|
|
2015-07-21 05:15:44 +00:00
|
|
|
// Close closes servers and thus stop receiving requests
|
2015-04-27 21:11:29 +00:00
|
|
|
func (s *Server) Close() {
|
|
|
|
|
for _, srv := range s.servers {
|
|
|
|
|
if err := srv.Close(); err != nil {
|
|
|
|
|
logrus.Error(err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-10 23:35:10 +00:00
|
|
|
// serveAPI loops through all initialized servers and spawns goroutine
|
2016-10-05 04:20:31 +00:00
|
|
|
// with Serve method for each. It sets createMux() as Handler also.
|
2015-12-10 23:35:10 +00:00
|
|
|
func (s *Server) serveAPI() error {
|
2015-10-05 16:32:08 +00:00
|
|
|
var chErrors = make(chan error, len(s.servers))
|
|
|
|
|
for _, srv := range s.servers {
|
2019-09-04 20:47:16 +00:00
|
|
|
srv.srv.Handler = s.createMux()
|
2015-10-05 16:32:08 +00:00
|
|
|
go func(srv *HTTPServer) {
|
|
|
|
|
var err error
|
2015-10-05 23:17:25 +00:00
|
|
|
logrus.Infof("API listen on %s", srv.l.Addr())
|
2015-10-05 16:32:08 +00:00
|
|
|
if err = srv.Serve(); err != nil && strings.Contains(err.Error(), "use of closed network connection") {
|
|
|
|
|
err = nil
|
|
|
|
|
}
|
|
|
|
|
chErrors <- err
|
|
|
|
|
}(srv)
|
2015-04-17 21:32:18 +00:00
|
|
|
}
|
|
|
|
|
|
2017-05-14 23:12:28 +00:00
|
|
|
for range s.servers {
|
2015-04-17 21:32:18 +00:00
|
|
|
err := <-chErrors
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-21 05:15:44 +00:00
|
|
|
// HTTPServer contains an instance of http server and the listener.
|
2016-11-18 07:51:36 +00:00
|
|
|
// srv *http.Server, contains configuration to create an http server and a mux router with all api end points.
|
2015-07-21 05:15:44 +00:00
|
|
|
// l net.Listener, is a TCP or Socket listener that dispatches incoming request to the router.
|
|
|
|
|
type HTTPServer struct {
|
2014-11-07 20:21:19 +00:00
|
|
|
srv *http.Server
|
|
|
|
|
l net.Listener
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-21 05:15:44 +00:00
|
|
|
// Serve starts listening for inbound requests.
|
|
|
|
|
func (s *HTTPServer) Serve() error {
|
2014-11-07 20:21:19 +00:00
|
|
|
return s.srv.Serve(s.l)
|
|
|
|
|
}
|
2015-07-21 05:15:44 +00:00
|
|
|
|
|
|
|
|
// Close closes the HTTPServer from listening for the inbound requests.
|
|
|
|
|
func (s *HTTPServer) Close() error {
|
2014-11-07 20:21:19 +00:00
|
|
|
return s.l.Close()
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-23 23:42:08 +00:00
|
|
|
func (s *Server) makeHTTPHandler(handler httputils.APIFunc) http.HandlerFunc {
|
2013-07-13 14:59:07 +00:00
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
2015-08-31 14:55:51 +00:00
|
|
|
// Define the context that we'll pass around to share info
|
|
|
|
|
// like the docker-request-id.
|
|
|
|
|
//
|
|
|
|
|
// The 'context' will be used for global data that should
|
|
|
|
|
// apply to all requests. Data that is specific to the
|
|
|
|
|
// immediate function being called should still be passed
|
|
|
|
|
// as 'args' on the function call.
|
2018-05-17 14:29:52 +00:00
|
|
|
|
|
|
|
|
// use intermediate variable to prevent "should not use basic type
|
|
|
|
|
// string as key in context.WithValue" golint errors
|
2018-11-27 22:13:43 +00:00
|
|
|
ctx := context.WithValue(r.Context(), dockerversion.UAStringKey{}, r.Header.Get("User-Agent"))
|
|
|
|
|
r = r.WithContext(ctx)
|
2016-08-12 02:50:22 +00:00
|
|
|
handlerFunc := s.handlerWithGlobalMiddlewares(handler)
|
2015-06-04 13:30:14 +00:00
|
|
|
|
2015-10-14 17:31:09 +00:00
|
|
|
vars := mux.Vars(r)
|
|
|
|
|
if vars == nil {
|
|
|
|
|
vars = make(map[string]string)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := handlerFunc(ctx, w, r, vars); err != nil {
|
errdefs: move GetHTTPErrorStatusCode to api/server/httpstatus
This reverts the changes made in 2a9c987e5a72549775ffa4dc31595ceff4f06a78, which
moved the GetHTTPErrorStatusCode() utility to the errdefs package.
While it seemed to make sense at the time to have the errdefs package provide
conversion both from HTTP status codes errdefs and the reverse, a side-effect
of the move was that the errdefs package now had a dependency on various external
modules, to handle conversio of errors coming from those sub-systems, such as;
- github.com/containerd/containerd
- github.com/docker/distribution
- google.golang.org/grpc
This patch moves the conversion from (errdef-) errors to HTTP status-codes to a
api/server/httpstatus package, which is only used by the API server, and should
not be needed by client-code using the errdefs package.
The MakeErrorHandler() utility was moved to the API server itself, as that's the
only place it's used. While the same applies to the GetHTTPErrorStatusCode func,
I opted for keeping that in its own package for a slightly cleaner interface.
Why not move it into the api/server/httputils package?
The api/server/httputils package is also imported in the client package, which
uses the httputils.ParseForm() and httputils.HijackConnection() functions as
part of the TestTLSCloseWriter() test. While this is only used in tests, I
wanted to avoid introducing the indirect depdencencies outside of the api/server
code.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-21 10:27:39 +00:00
|
|
|
statusCode := httpstatus.FromError(err)
|
2017-04-05 23:59:32 +00:00
|
|
|
if statusCode >= 500 {
|
|
|
|
|
logrus.Errorf("Handler for %s %s returned error: %v", r.Method, r.URL.Path, err)
|
2017-02-06 15:49:16 +00:00
|
|
|
}
|
errdefs: move GetHTTPErrorStatusCode to api/server/httpstatus
This reverts the changes made in 2a9c987e5a72549775ffa4dc31595ceff4f06a78, which
moved the GetHTTPErrorStatusCode() utility to the errdefs package.
While it seemed to make sense at the time to have the errdefs package provide
conversion both from HTTP status codes errdefs and the reverse, a side-effect
of the move was that the errdefs package now had a dependency on various external
modules, to handle conversio of errors coming from those sub-systems, such as;
- github.com/containerd/containerd
- github.com/docker/distribution
- google.golang.org/grpc
This patch moves the conversion from (errdef-) errors to HTTP status-codes to a
api/server/httpstatus package, which is only used by the API server, and should
not be needed by client-code using the errdefs package.
The MakeErrorHandler() utility was moved to the API server itself, as that's the
only place it's used. While the same applies to the GetHTTPErrorStatusCode func,
I opted for keeping that in its own package for a slightly cleaner interface.
Why not move it into the api/server/httputils package?
The api/server/httputils package is also imported in the client package, which
uses the httputils.ParseForm() and httputils.HijackConnection() functions as
part of the TestTLSCloseWriter() test. While this is only used in tests, I
wanted to avoid introducing the indirect depdencencies outside of the api/server
code.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-21 10:27:39 +00:00
|
|
|
makeErrorHandler(err)(w, r)
|
2013-07-13 14:59:07 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-16 18:58:24 +00:00
|
|
|
// InitRouter initializes the list of routers for the server.
|
2018-06-26 12:35:43 +00:00
|
|
|
// This method also enables the Go profiler.
|
2017-04-08 18:43:42 +00:00
|
|
|
func (s *Server) InitRouter(routers ...router.Router) {
|
2016-10-13 16:34:19 +00:00
|
|
|
s.routers = append(s.routers, routers...)
|
2015-09-23 23:42:08 +00:00
|
|
|
}
|
|
|
|
|
|
2017-07-19 14:20:13 +00:00
|
|
|
type pageNotFoundError struct{}
|
|
|
|
|
|
|
|
|
|
func (pageNotFoundError) Error() string {
|
|
|
|
|
return "page not found"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (pageNotFoundError) NotFound() {}
|
|
|
|
|
|
2015-12-10 23:35:10 +00:00
|
|
|
// createMux initializes the main router the server uses.
|
|
|
|
|
func (s *Server) createMux() *mux.Router {
|
2015-09-23 23:42:08 +00:00
|
|
|
m := mux.NewRouter()
|
2013-06-21 01:18:36 +00:00
|
|
|
|
2016-06-11 20:16:55 +00:00
|
|
|
logrus.Debug("Registering routers")
|
2015-09-25 10:19:17 +00:00
|
|
|
for _, apiRouter := range s.routers {
|
|
|
|
|
for _, r := range apiRouter.Routes() {
|
2015-09-23 23:42:08 +00:00
|
|
|
f := s.makeHTTPHandler(r.Handler())
|
2015-09-25 10:19:17 +00:00
|
|
|
|
|
|
|
|
logrus.Debugf("Registering %s, %s", r.Method(), r.Path())
|
|
|
|
|
m.Path(versionMatcher + r.Path()).Methods(r.Method()).Handler(f)
|
|
|
|
|
m.Path(r.Path()).Methods(r.Method()).Handler(f)
|
2013-04-29 15:46:41 +00:00
|
|
|
}
|
2013-05-07 23:33:12 +00:00
|
|
|
}
|
2013-07-05 17:55:15 +00:00
|
|
|
|
2017-04-08 18:43:42 +00:00
|
|
|
debugRouter := debug.NewRouter()
|
|
|
|
|
s.routers = append(s.routers, debugRouter)
|
|
|
|
|
for _, r := range debugRouter.Routes() {
|
|
|
|
|
f := s.makeHTTPHandler(r.Handler())
|
|
|
|
|
m.Path("/debug" + r.Path()).Handler(f)
|
|
|
|
|
}
|
|
|
|
|
|
errdefs: move GetHTTPErrorStatusCode to api/server/httpstatus
This reverts the changes made in 2a9c987e5a72549775ffa4dc31595ceff4f06a78, which
moved the GetHTTPErrorStatusCode() utility to the errdefs package.
While it seemed to make sense at the time to have the errdefs package provide
conversion both from HTTP status codes errdefs and the reverse, a side-effect
of the move was that the errdefs package now had a dependency on various external
modules, to handle conversio of errors coming from those sub-systems, such as;
- github.com/containerd/containerd
- github.com/docker/distribution
- google.golang.org/grpc
This patch moves the conversion from (errdef-) errors to HTTP status-codes to a
api/server/httpstatus package, which is only used by the API server, and should
not be needed by client-code using the errdefs package.
The MakeErrorHandler() utility was moved to the API server itself, as that's the
only place it's used. While the same applies to the GetHTTPErrorStatusCode func,
I opted for keeping that in its own package for a slightly cleaner interface.
Why not move it into the api/server/httputils package?
The api/server/httputils package is also imported in the client package, which
uses the httputils.ParseForm() and httputils.HijackConnection() functions as
part of the TestTLSCloseWriter() test. While this is only used in tests, I
wanted to avoid introducing the indirect depdencencies outside of the api/server
code.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-21 10:27:39 +00:00
|
|
|
notFoundHandler := makeErrorHandler(pageNotFoundError{})
|
2016-05-21 11:56:04 +00:00
|
|
|
m.HandleFunc(versionMatcher+"/{path:.*}", notFoundHandler)
|
|
|
|
|
m.NotFoundHandler = notFoundHandler
|
2018-11-27 22:10:36 +00:00
|
|
|
m.MethodNotAllowedHandler = notFoundHandler
|
2016-05-21 11:56:04 +00:00
|
|
|
|
2015-09-23 23:42:08 +00:00
|
|
|
return m
|
|
|
|
|
}
|
2015-12-10 23:35:10 +00:00
|
|
|
|
|
|
|
|
// Wait blocks the server goroutine until it exits.
|
|
|
|
|
// It sends an error message if there is any error during
|
|
|
|
|
// the API execution.
|
|
|
|
|
func (s *Server) Wait(waitChan chan error) {
|
|
|
|
|
if err := s.serveAPI(); err != nil {
|
|
|
|
|
logrus.Errorf("ServeAPI error: %v", err)
|
|
|
|
|
waitChan <- err
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
waitChan <- nil
|
|
|
|
|
}
|
