惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

U
Unit 42
N
News and Events Feed by Topic
S
Schneier on Security
G
GRAHAM CLULEY
Scott Helme
Scott Helme
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
GbyAI
GbyAI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
C
CERT Recently Published Vulnerability Notes
T
The Exploit Database - CXSecurity.com
C
Cisco Blogs
T
The Blog of Author Tim Ferriss
Cisco Talos Blog
Cisco Talos Blog
P
Privacy & Cybersecurity Law Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 司徒正美
Blog — PlanetScale
Blog — PlanetScale
Project Zero
Project Zero
MyScale Blog
MyScale Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
The Last Watchdog
The Last Watchdog
Vercel News
Vercel News
The Cloudflare Blog
C
Check Point Blog
Help Net Security
Help Net Security
Microsoft Security Blog
Microsoft Security Blog
AI
AI
Simon Willison's Weblog
Simon Willison's Weblog
云风的 BLOG
云风的 BLOG
M
MIT News - Artificial intelligence
Stack Overflow Blog
Stack Overflow Blog
腾讯CDC
NISL@THU
NISL@THU
S
Security @ Cisco Blogs
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
S
SegmentFault 最新的问题
MongoDB | Blog
MongoDB | Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threatpost
AWS News Blog
AWS News Blog
Cloudbric
Cloudbric
N
News and Events Feed by Topic
PCI Perspectives
PCI Perspectives
S
Securelist
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
Vulnerabilities – Threatpost
S
Secure Thoughts

Hunsh's Blog

生成个人的 Github PR List 如何选择合适的加密手段 Nginx SNI Proxy 如何优雅导入 k8s.io/kubernetes Make Go mod and Git to use specify .netrc 多架构镜像的体积优化 使用 buildkit 进行多架构构建并提取产物 如何修改镜像 layer(以 sourcemap-less grafana 为例) acme.sh 自动化 Google CA 申请证书 微信小程序嵌入任意公众号文章 k8s && bazel 项目从 go1.20 升级 go1.21 typecho 迁移到 hexo 实现 hexo 文章和资源在同一目录下 golang mitm 遇到的问题 流式数据专用的 mine-type Golang 正向代理对于 Host 的处理 (RFC 7230) 分享 MacOS 的一些系统fix脚本(dns、sleep) prometheus rate/increase/delta/sum等函数不符合预期或出现小数的原理 [油猴脚本] USTB Everywhere 为校外访问添加访问任意网站的能力
go serve http and https on same port
2023-08-08 · via Hunsh's Blog

想法来自于好多年前就看到的 sslh,其实原理很简单,就是先从 tcp 读头几个 bytes,就可以判断是什么连接了。

http 报文的头是 GET / HTTP/1.1(其他 method 同理),https 报文的第一个字节是 0x16,ssh 报文是 SSH。以下是代码示例,同时监听 http 和 https 在同一个端口。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
package main

import (
"bufio"
"crypto/tls"
"net"
"net/http"
)

type bufferedConn struct {
net.Conn
r *bufio.Reader
}

func (b bufferedConn) Peek(n int) ([]byte, error) {
return b.r.Peek(n)
}

func (b bufferedConn) Read(p []byte) (int, error) {
return b.r.Read(p)
}

// MuxListener is a net.Listener that accepts both TLS and non-TLS connections
type MuxListener struct {
net.Listener
tlsConfig *tls.Config
}

func NewMuxListener(inner net.Listener, tlsConfig *tls.Config) net.Listener {
l := new(MuxListener)
l.Listener = inner
l.tlsConfig = tlsConfig
return l
}

func (l *MuxListener) Accept() (net.Conn, error) {
c, err := l.Listener.Accept()
if err != nil {
return nil, err
}
conn := bufferedConn{Conn: c, r: bufio.NewReaderSize(c, 1)}
p, err := conn.Peek(1)
if err != nil {
return nil, err
}
if p[0] == 22 {
return tls.Server(conn, l.tlsConfig), nil
}
return conn, nil
}

func main() {
ln, err := net.Listen("tcp", ":443")
if err != nil {
panic(err)
}
defer ln.Close()
muxListener := NewMuxListener(ln, &tls.Config{})
(&http.Server{Handler: http.HandlerFunc(nil)}).Serve(muxListener)
}