Merge pull request #47 from mysteriumnetwork/feature/close-ports

By default, bind API only on 127.0.0.1

README.md

@@ -143,6 +143,13 @@ OR
 docker exec -it openvpn wget -q -O - "https://ipinfo.io/"
 ```
 
+## Metrics of traffic
+After your bind API with e.g. `--proxy.api-bind=127.0.0.1:8000```, Prometheus metrics are available on http://127.0.0.1:8000/metrics:
+- `proxy_request_data` - Proxy request data in bytes (Counter);
+- `proxy_request_duration` - Proxy request duration in seconds (Histogram);
+- `proxy_number_of_live_connections` - Number of currently live connections (Gauge);
+- `proxy_number_of_processed_connections` - Number of incoming connections which were successfully assigned and processed (Counter);
+
 ## Forward non-standard ports to OpenVPN forwarder
 By default, OpenVPN forwarder listen ':8443' port and sends traffic to the standard port only
  - `:80` for HTTP traffic

api/api.go

@@ -18,10 +18,13 @@
 package api
 
 import (
+	"net"
 	"net/http"
 	"time"
 
+	log "github.com/cihub/seelog"
 	"github.com/gin-gonic/gin"
+
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 )
 
@@ -39,7 +42,7 @@ type domainTracker interface {
 }
 
 // NewServer returns new instance of API server
-func NewServer(addr string, storage stickySaver, dt domainTracker) *http.Server {
+func NewServer(addr string, storage stickySaver, dt domainTracker) *apiServer {
 	gin.SetMode(gin.ReleaseMode)
 	ginEngine := gin.Default()
 
@@ -56,11 +59,30 @@ func NewServer(addr string, storage stickySaver, dt domainTracker) *http.Server
 		})
 	}
 
-	return &http.Server{
-		Handler: ginEngine,
-		Addr:    addr,
+	return &apiServer{
+		httpServer: &http.Server{
+			Handler: ginEngine,
+			Addr:    addr,
+
+			ReadTimeout:  30 * time.Second,
+			WriteTimeout: 30 * time.Second,
+		},
+	}
+}
+
+type apiServer struct {
+	httpServer *http.Server
+}
 
-		ReadTimeout:  30 * time.Second,
-		WriteTimeout: 30 * time.Second,
+// ListenAndServe starts API server.
+func (s *apiServer) ListenAndServe() error {
+	ln, err := net.Listen("tcp4", s.httpServer.Addr)
+	if err != nil {
+		return err
 	}
+	defer ln.Close()
+
+	log.Infof("Serving API on %s", ln.Addr().String())
+
+	return s.httpServer.Serve(ln)
 }

main.go

@@ -36,9 +36,9 @@ import (
 )
 
 var logLevel = flag.String("log.level", log.InfoStr, "Set the logging level (trace, debug, info, warn, error, critical)")
-var proxyAddr = flag.String("proxy.bind", ":8443", "Proxy address for incoming connections")
+var proxyAddr = flag.String("proxy.bind", ":8443", `Proxy address for incoming connections, by default "0.0.0.0:8443`)
 var proxyAllow = FlagArray("proxy.allow", `Proxy allows connection from these addresses only (separated by comma - "10.13.0.1,10.13.0.0/16")`)
-var proxyAPIAddr = flag.String("proxy.api-bind", ":8000", "HTTP proxy API address")
+var proxyAPIAddr = flag.String("proxy.api-bind", "127.0.0.1:8000", `HTTP proxy API address, by default "127.0.0.1:8000")`)
 var upstreamConfigs = FlagUpstreamConfig()
 var proxyMapPort = FlagArray(
 	"proxy.port-map",
@@ -56,6 +56,8 @@ func main() {
 	flag.Parse()
 	setLoggerFormat(*logLevel)
 
+	var wg sync.WaitGroup
+
 	sm, err := proxy.NewStickyMapper(*stickyStoragePath)
 	if err != nil {
 		_ = log.Criticalf("Failed to create sticky mapper, %v", err)
@@ -68,7 +70,15 @@ func main() {
 	}
 
 	apiServer := api.NewServer(*proxyAPIAddr, sm, domainTracer)
-	go apiServer.ListenAndServe()
+	wg.Add(1)
+	go func() {
+		if err := apiServer.ListenAndServe(); err != nil {
+			_ = log.Criticalf("Failed to start API: %v", err)
+			os.Exit(1)
+		}
+
+		wg.Done()
+	}()
 
 	var dialer netproxy.Dialer
 	for _, upstreamConfig := range upstreamConfigs.configs {
@@ -124,14 +134,11 @@ func main() {
 	}
 
 	proxyServer := proxy.NewServer(allowedSubnets, allowedIPs, dialer, sm, domainTracer, portMap, metricService.ProxyHandlerMiddleware)
-
-	var wg sync.WaitGroup
 	for p := range portMap {
 		wg.Add(1)
 		go func(p string) {
-			log.Infof("Serving HTTPS proxy on %s", p)
 			if err := proxyServer.ListenAndServe(":" + p); err != nil {
-				_ = log.Criticalf("Failed to listen http requests: %v", err)
+				_ = log.Criticalf("Failed to start HTTPS proxy: %v", err)
 				os.Exit(1)
 			}
 			wg.Done()

metrics/service.go

@@ -52,7 +52,7 @@ func NewMetricsService() (*service, error) {
 
 	proxyNumberOfProcessedConnections := prometheus.NewCounterVec(prometheus.CounterOpts{
 		Name: "proxy_number_of_processed_connections",
-		Help: "Number of incmming connections which were succesfully assigned and processed",
+		Help: "Number of incoming connections which were successfully assigned and processed",
 	}, []string{"request_type"})
 
 	if err := prometheus.Register(proxyNumberOfProcessedConnections); err != nil {

proxy/server.go

@@ -80,13 +80,14 @@ func NewServer(
 
 // ListenAndServe starts proxy server.
 func (s *proxyServer) ListenAndServe(addr string) error {
-	ln, err := net.Listen("tcp", addr)
+	ln, err := net.Listen("tcp4", addr)
 	if err != nil {
 		return errors.Wrap(err, "failed to listen http connections")
 	}
 
-	m := cmux.New(ln)
+	log.Infof("Serving HTTPS proxy on %s", ln.Addr().String())
 
+	m := cmux.New(ln)
 	httpsL := m.Match(cmux.TLS())
 	httpL := m.Match(cmux.HTTP1Fast())