pages-server/cmd/main.go

154 lines
5 KiB
Go
Raw Permalink Normal View History

2021-12-03 01:12:51 +00:00
package cmd
import (
"bytes"
2021-12-05 17:26:54 +00:00
"context"
2021-12-03 01:12:51 +00:00
"crypto/tls"
2021-12-03 02:34:50 +00:00
"errors"
2021-12-03 01:12:51 +00:00
"fmt"
"net"
2021-12-03 02:05:38 +00:00
"strings"
2021-12-05 17:26:54 +00:00
"time"
2021-12-03 01:12:51 +00:00
"github.com/rs/zerolog"
2021-12-03 02:05:38 +00:00
"github.com/rs/zerolog/log"
2021-12-03 01:12:51 +00:00
"github.com/urfave/cli/v2"
"codeberg.org/codeberg/pages/server"
2021-12-03 03:15:48 +00:00
"codeberg.org/codeberg/pages/server/cache"
2021-12-05 14:21:05 +00:00
"codeberg.org/codeberg/pages/server/certificates"
2021-12-03 03:15:48 +00:00
"codeberg.org/codeberg/pages/server/database"
"codeberg.org/codeberg/pages/server/gitea"
2021-12-03 01:12:51 +00:00
)
// AllowedCorsDomains lists the domains for which Cross-Origin Resource Sharing is allowed.
2021-12-03 02:05:38 +00:00
// TODO: make it a flag
2021-12-03 01:12:51 +00:00
var AllowedCorsDomains = [][]byte{
[]byte("fonts.codeberg.org"),
[]byte("design.codeberg.org"),
}
// BlacklistedPaths specifies forbidden path prefixes for all Codeberg Pages.
2021-12-04 20:59:04 +00:00
// TODO: Make it a flag too
2021-12-03 01:12:51 +00:00
var BlacklistedPaths = [][]byte{
[]byte("/.well-known/acme-challenge/"),
}
// Serve sets up and starts the web server.
func Serve(ctx *cli.Context) error {
verbose := ctx.Bool("verbose")
if !verbose {
zerolog.SetGlobalLevel(zerolog.InfoLevel)
}
2021-12-03 02:05:38 +00:00
giteaRoot := strings.TrimSuffix(ctx.String("gitea-root"), "/")
giteaAPIToken := ctx.String("gitea-api-token")
rawDomain := ctx.String("raw-domain")
2021-12-04 20:17:52 +00:00
mainDomainSuffix := []byte(ctx.String("pages-domain"))
2021-12-03 02:05:38 +00:00
rawInfoPage := ctx.String("raw-info-page")
listeningAddress := fmt.Sprintf("%s:%s", ctx.String("host"), ctx.String("port"))
2021-12-03 02:34:50 +00:00
enableHTTPServer := ctx.Bool("enable-http-server")
2021-12-04 20:21:27 +00:00
acmeAPI := ctx.String("acme-api-endpoint")
2021-12-03 02:05:38 +00:00
acmeMail := ctx.String("acme-email")
2021-12-03 02:34:50 +00:00
acmeUseRateLimits := ctx.Bool("acme-use-rate-limits")
acmeAcceptTerms := ctx.Bool("acme-accept-terms")
acmeEabKID := ctx.String("acme-eab-kid")
acmeEabHmac := ctx.String("acme-eab-hmac")
dnsProvider := ctx.String("dns-provider")
2021-12-05 22:56:06 +00:00
if (!acmeAcceptTerms || dnsProvider == "") && acmeAPI != "https://acme.mock.directory" {
2021-12-03 02:34:50 +00:00
return errors.New("you must set $ACME_ACCEPT_TERMS and $DNS_PROVIDER, unless $ACME_API is set to https://acme.mock.directory")
}
2021-12-03 02:05:38 +00:00
allowedCorsDomains := AllowedCorsDomains
if len(rawDomain) != 0 {
allowedCorsDomains = append(allowedCorsDomains, []byte(rawDomain))
}
2021-12-03 01:12:51 +00:00
// Make sure MainDomain has a trailing dot, and GiteaRoot has no trailing slash
if !bytes.HasPrefix(mainDomainSuffix, []byte{'.'}) {
mainDomainSuffix = append([]byte{'.'}, mainDomainSuffix...)
}
2021-12-05 14:02:44 +00:00
keyCache := cache.NewKeyValueCache()
challengeCache := cache.NewKeyValueCache()
// canonicalDomainCache stores canonical domains
canonicalDomainCache := cache.NewKeyValueCache()
2021-12-05 14:02:44 +00:00
// dnsLookupCache stores DNS lookups for custom domains
dnsLookupCache := cache.NewKeyValueCache()
2021-12-05 14:53:46 +00:00
// branchTimestampCache stores branch timestamps for faster cache checking
branchTimestampCache := cache.NewKeyValueCache()
2021-12-05 14:53:46 +00:00
// fileResponseCache stores responses from the Gitea server
// TODO: make this an MRU cache with a size limit
fileResponseCache := cache.NewKeyValueCache()
2021-12-05 14:02:44 +00:00
giteaClient, err := gitea.NewClient(giteaRoot, giteaAPIToken)
if err != nil {
return fmt.Errorf("could not create new gitea client: %v", err)
}
2021-12-03 01:12:51 +00:00
// Create handler based on settings
2021-12-05 14:02:44 +00:00
handler := server.Handler(mainDomainSuffix, []byte(rawDomain),
giteaClient,
giteaRoot, rawInfoPage,
2021-12-05 14:02:44 +00:00
BlacklistedPaths, allowedCorsDomains,
2021-12-05 14:53:46 +00:00
dnsLookupCache, canonicalDomainCache, branchTimestampCache, fileResponseCache)
2021-12-03 01:12:51 +00:00
fastServer := server.SetupServer(handler)
2021-12-05 16:57:54 +00:00
httpServer := server.SetupHTTPACMEChallengeServer(challengeCache)
2021-12-03 01:12:51 +00:00
// Setup listener and TLS
2021-12-03 02:05:38 +00:00
log.Info().Msgf("Listening on https://%s", listeningAddress)
listener, err := net.Listen("tcp", listeningAddress)
2021-12-03 01:12:51 +00:00
if err != nil {
2021-12-03 02:05:38 +00:00
return fmt.Errorf("couldn't create listener: %s", err)
2021-12-03 01:12:51 +00:00
}
2021-12-03 03:15:48 +00:00
// TODO: make "key-database.pogreb" set via flag
2021-12-05 18:02:26 +00:00
certDB, err := database.New("key-database.pogreb")
2021-12-03 03:15:48 +00:00
if err != nil {
return fmt.Errorf("could not create database: %v", err)
}
2021-12-05 18:02:26 +00:00
defer certDB.Close() //nolint:errcheck // database has no close ... sync behave like it
2021-12-03 03:15:48 +00:00
2021-12-05 14:21:05 +00:00
listener = tls.NewListener(listener, certificates.TLSConfig(mainDomainSuffix,
giteaClient,
dnsProvider,
2021-12-05 14:02:44 +00:00
acmeUseRateLimits,
keyCache, challengeCache, dnsLookupCache, canonicalDomainCache,
2021-12-05 18:02:26 +00:00
certDB))
2021-12-03 03:15:48 +00:00
2021-12-05 15:33:56 +00:00
acmeConfig, err := certificates.SetupAcmeConfig(acmeAPI, acmeMail, acmeEabHmac, acmeEabKID, acmeAcceptTerms)
if err != nil {
return err
}
2021-12-05 22:56:06 +00:00
if err := certificates.SetupCertificates(mainDomainSuffix, dnsProvider, acmeConfig, acmeUseRateLimits, enableHTTPServer, challengeCache, certDB); err != nil {
return err
}
2021-12-05 17:26:54 +00:00
interval := 12 * time.Hour
certMaintainCtx, cancelCertMaintain := context.WithCancel(context.Background())
defer cancelCertMaintain()
2021-12-05 18:02:26 +00:00
go certificates.MaintainCertDB(certMaintainCtx, interval, mainDomainSuffix, dnsProvider, acmeUseRateLimits, certDB)
2021-12-03 02:34:50 +00:00
if enableHTTPServer {
go func() {
log.Info().Timestamp().Msg("Start listening on :80")
err := httpServer.ListenAndServe("[::]:80")
2021-12-03 01:12:51 +00:00
if err != nil {
log.Panic().Err(err).Msg("Couldn't start HTTP fastServer")
2021-12-03 01:12:51 +00:00
}
}()
2021-12-03 01:12:51 +00:00
}
// Start the web fastServer
log.Info().Timestamp().Msgf("Start listening on %s", listener.Addr())
2021-12-03 01:12:51 +00:00
err = fastServer.Serve(listener)
if err != nil {
log.Panic().Err(err).Msg("Couldn't start fastServer")
2021-12-03 01:12:51 +00:00
}
return nil
}