caddyserver · mholt · Mar 10, 2017 · Feb 5, 2017 · Feb 5, 2017 · Feb 14, 2017
diff --git a/caddyhttp/httpserver/graceful.go b/caddyhttp/httpserver/graceful.go
diff --git a/caddyhttp/httpserver/middleware.go b/caddyhttp/httpserver/middleware.go
@@ -6,6 +6,8 @@ import (
 	"os"
 	"path"
 	"time"
+
+	"github.com/mholt/caddy"
 )
 
 func init() {
@@ -18,6 +20,10 @@ type (
 	// passed the next Handler in the chain.
 	Middleware func(Handler) Handler
 
+	// ListenerMiddleware is similar to the Middleware type, except it
+	// chains one net.Listener to the next.
+	ListenerMiddleware func(caddy.Listener) caddy.Listener
+
 	// Handler is like http.Handler except ServeHTTP may return a status
 	// code and/or error.
 	//

diff --git a/caddyhttp/httpserver/plugin.go b/caddyhttp/httpserver/plugin.go
@@ -425,6 +425,9 @@ var directives = []string{
 	"realip", // github.com/captncraig/caddy-realip
 	"git",    // github.com/abiosoft/caddy-git
 
+	// directives that add listener middleware to the stack
+	"proxyprotocol", // github.com/mastercactapus/caddy-proxyprotocol
+
 	// directives that add middleware to the stack
 	"locale", // github.com/simia-tech/caddy-locale
 	"log",

diff --git a/caddyhttp/httpserver/server.go b/caddyhttp/httpserver/server.go
@@ -2,6 +2,7 @@
 package httpserver
 
 import (
+	"context"
 	"crypto/tls"
 	"fmt"
 	"io"
@@ -27,9 +28,8 @@ type Server struct {
 	listener    net.Listener
 	listenerMu  sync.Mutex
 	sites       []*SiteConfig
-	connTimeout time.Duration  // max time to wait for a connection before force stop
-	connWg      sync.WaitGroup // one increment per connection
-	tlsGovChan  chan struct{}  // close to stop the TLS maintenance goroutine
+	connTimeout time.Duration // max time to wait for a connection before force stop
+	tlsGovChan  chan struct{} // close to stop the TLS maintenance goroutine
 	vhosts      *vhostTrie
 }
 
@@ -46,16 +46,6 @@ func NewServer(addr string, group []*SiteConfig) (*Server, error) {
 		connTimeout: GracefulTimeout,
 	}
 	s.Server.Handler = s // this is weird, but whatever
-	s.Server.ConnState = func(c net.Conn, cs http.ConnState) {
-		if cs == http.StateIdle {
-			s.listenerMu.Lock()
-			// server stopped, close idle connection
-			if s.listener == nil {
-				c.Close()
-			}
-			s.listenerMu.Unlock()
-		}
-	}
 
 	// Disable HTTP/2 if desired
 	if !HTTP2 {
@@ -68,14 +58,6 @@ func NewServer(addr string, group []*SiteConfig) (*Server, error) {
 		s.Server.Handler = s.wrapWithSvcHeaders(s.Server.Handler)
 	}
 
-	// We have to bound our wg with one increment
-	// to prevent a "race condition" that is hard-coded
-	// into sync.WaitGroup.Wait() - basically, an add
-	// with a positive delta must be guaranteed to
-	// occur before Wait() is called on the wg.
-	// In a way, this kind of acts as a safety barrier.
-	s.connWg.Add(1)
-
 	// Set up TLS configuration
 	var tlsConfigs []*caddytls.Config
 	for _, site := range group {
@@ -140,9 +122,20 @@ func (s *Server) Listen() (net.Listener, error) {
 		}
 	}
 
+	if tcpLn, ok := ln.(*net.TCPListener); ok {
+		ln = tcpKeepAliveListener{TCPListener: tcpLn}
+	}
+
+	cln := ln.(caddy.Listener)
+	for _, site := range s.sites {
+		for _, m := range site.listenerMiddleware {
+			cln = m(cln)
+		}
+	}
+
 	// Very important to return a concrete caddy.Listener
 	// implementation for graceful restarts.
-	return ln.(*net.TCPListener), nil
+	return cln.(caddy.Listener), nil
 }
 
 // ListenPacket creates udp connection for QUIC if it is enabled,
@@ -163,8 +156,6 @@ func (s *Server) Serve(ln net.Listener) error {
 		ln = tcpKeepAliveListener{TCPListener: tcpLn}
 	}
 
-	ln = newGracefulListener(ln, &s.connWg)
-
 	s.listenerMu.Lock()
 	s.listener = ln
 	s.listenerMu.Unlock()
@@ -306,40 +297,21 @@ func (s *Server) Address() string {
 
 // Stop stops s gracefully (or forcefully after timeout) and
 // closes its listener.
-func (s *Server) Stop() (err error) {
-	s.Server.SetKeepAlivesEnabled(false)
-
-	if runtime.GOOS != "windows" {
-		// force connections to close after timeout
-		done := make(chan struct{})
-		go func() {
-			s.connWg.Done() // decrement our initial increment used as a barrier
-			s.connWg.Wait()
-			close(done)
-		}()
-
-		// Wait for remaining connections to finish or
-		// force them all to close after timeout
-		select {
-		case <-time.After(s.connTimeout):
-		case <-done:
-		}
-	}
+func (s *Server) Stop() error {
+	ctx, cancel := context.WithTimeout(context.Background(), s.connTimeout)
+	defer cancel()
 
-	// Close the listener now; this stops the server without delay
-	s.listenerMu.Lock()
-	if s.listener != nil {
-		err = s.listener.Close()
-		s.listener = nil
+	err := s.Server.Shutdown(ctx)
+	if err != nil {
+		return err
 	}
-	s.listenerMu.Unlock()
 
-	// Closing this signals any TLS governor goroutines to exit
+	// signal any TLS governor goroutines to exit
 	if s.tlsGovChan != nil {
 		close(s.tlsGovChan)
 	}
 
-	return
+	return nil
 }
 
 // sanitizePath collapses any ./ ../ /// madness

diff --git a/caddyhttp/httpserver/siteconfig.go b/caddyhttp/httpserver/siteconfig.go
@@ -25,6 +25,9 @@ type SiteConfig struct {
 	// Compiled middleware stack
 	middlewareChain Handler
 
+	// listener middleware stack
+	listenerMiddleware []ListenerMiddleware
+
 	// Directory from which to serve files
 	Root string
 
@@ -80,6 +83,11 @@ func (s *SiteConfig) AddMiddleware(m Middleware) {
 	s.middleware = append(s.middleware, m)
 }
 
+// AddListenerMiddleware adds a listener middleware to a site's listenerMiddleware stack.
+func (s *SiteConfig) AddListenerMiddleware(l ListenerMiddleware) {
+	s.listenerMiddleware = append(s.listenerMiddleware, l)
+}
+
 // TLSConfig returns s.TLS.
 func (s SiteConfig) TLSConfig() *caddytls.Config {
 	return s.TLS
@@ -99,3 +107,8 @@ func (s SiteConfig) Port() string {
 func (s SiteConfig) Middleware() []Middleware {
 	return s.middleware
 }
+
+// ListenerMiddleware returns s.listenerMiddleware
+func (s SiteConfig) ListenerMiddleware() []ListenerMiddleware {
+	return s.listenerMiddleware
+}