admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
920ad8b54bab3866391b34823e8058291c17842c
gluetun/internal/provider/privateinternetaccess/httpclient.go
Quentin McGaw 920ad8b54b chore(errors): review all errors in codebase
2022-02-20 02:58:16 +00:00

53 lines
1.3 KiB
Go
Raw Blame History

package privateinternetaccess
import (
"crypto/tls"
"crypto/x509"
"encoding/base64"
"fmt"
"net"
"net/http"
"time"
"github.com/qdm12/gluetun/internal/constants"
)
func newHTTPClient(serverName string) (client *http.Client, err error) {
certificateBytes, err := base64.StdEncoding.DecodeString(constants.PiaCAStrong)
if err != nil {
return nil, fmt.Errorf("cannot parse X509 certificate: %w", err)
}
certificate, err := x509.ParseCertificate(certificateBytes)
if err != nil {
return nil, fmt.Errorf("cannot parse X509 certificate: %w", err)
}
//nolint:gomnd
transport := &http.Transport{
// Settings taken from http.DefaultTransport
Proxy: http.ProxyFromEnvironment,
DialContext: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).DialContext,
ForceAttemptHTTP2: true,
MaxIdleConns: 100,
IdleConnTimeout: 90 * time.Second,
TLSHandshakeTimeout: 10 * time.Second,
ExpectContinueTimeout: 1 * time.Second,
}
rootCAs := x509.NewCertPool()
rootCAs.AddCert(certificate)
transport.TLSClientConfig = &tls.Config{
RootCAs: rootCAs,
MinVersion: tls.VersionTLS12,
ServerName: serverName,
}
const httpTimeout = 30 * time.Second
return &http.Client{
Transport: transport,
Timeout: httpTimeout,
}, nil
}
Reference in New Issue View Git Blame Copy Permalink