pages/pages-server
1
0
Fork 0
mirror of https://codeberg.org/Codeberg/pages-server.git synced 2024-11-18 10:29:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

move "http acme server setup" into own func

Browse source
This commit is contained in:
6543 2021-12-05 15:45:22 +01:00
parent b6c4c63fb4
commit 76c867cfca
No known key found for this signature in database
GPG key ID: C99B82E40B027BAE
2 changed files with 34 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
cmd/main.go
View file

@ -6,18 +6,15 @@ import (
"errors" "errors"
"fmt" "fmt"
"net" "net"
"net/http"
"strings" "strings"
"github.com/rs/zerolog/log" "github.com/rs/zerolog/log"
"github.com/urfave/cli/v2" "github.com/urfave/cli/v2"
"github.com/valyala/fasthttp"
"codeberg.org/codeberg/pages/server" "codeberg.org/codeberg/pages/server"
"codeberg.org/codeberg/pages/server/cache" "codeberg.org/codeberg/pages/server/cache"
"codeberg.org/codeberg/pages/server/certificates" "codeberg.org/codeberg/pages/server/certificates"
"codeberg.org/codeberg/pages/server/database" "codeberg.org/codeberg/pages/server/database"
"codeberg.org/codeberg/pages/server/utils"
) )
// AllowedCorsDomains lists the domains for which Cross-Origin Resource Sharing is allowed. // AllowedCorsDomains lists the domains for which Cross-Origin Resource Sharing is allowed.
@ -77,7 +74,8 @@ func Serve(ctx *cli.Context) error {
BlacklistedPaths, allowedCorsDomains, BlacklistedPaths, allowedCorsDomains,
dnsLookupCache, canonicalDomainCache) dnsLookupCache, canonicalDomainCache)
fastServer, err := server.SetupServer(handler) fastServer := server.SetupServer(handler)
httpServer := server.SetupHttpACMEChallengeServer(challengeCache)
// Setup listener and TLS // Setup listener and TLS
log.Info().Msgf("Listening on https://%s", listeningAddress) log.Info().Msgf("Listening on https://%s", listeningAddress)
@ -100,31 +98,20 @@ func Serve(ctx *cli.Context) error {
keyDatabase)) keyDatabase))
certificates.SetupCertificates(mainDomainSuffix, acmeAPI, acmeMail, acmeEabHmac, acmeEabKID, dnsProvider, acmeUseRateLimits, acmeAcceptTerms, enableHTTPServer, challengeCache, keyDatabase) certificates.SetupCertificates(mainDomainSuffix, acmeAPI, acmeMail, acmeEabHmac, acmeEabKID, dnsProvider, acmeUseRateLimits, acmeAcceptTerms, enableHTTPServer, challengeCache, keyDatabase)
if enableHTTPServer { if enableHTTPServer {
go (func() { go func() {
challengePath := []byte("/.well-known/acme-challenge/") err := httpServer.ListenAndServe("[::]:80")
err := fasthttp.ListenAndServe("[::]:80", func(ctx *fasthttp.RequestCtx) {
if bytes.HasPrefix(ctx.Path(), challengePath) {
challenge, ok := challengeCache.Get(string(utils.TrimHostPort(ctx.Host())) + "/" + string(bytes.TrimPrefix(ctx.Path(), challengePath)))
if !ok || challenge == nil {
ctx.SetStatusCode(http.StatusNotFound)
ctx.SetBodyString("no challenge for this token")
}
ctx.SetBodyString(challenge.(string))
} else {
ctx.Redirect("https://"+string(ctx.Host())+string(ctx.RequestURI()), http.StatusMovedPermanently)
}
})
if err != nil { if err != nil {
log.Fatal().Err(err).Msg("Couldn't start HTTP fastServer") log.Panic().Err(err).Msg("Couldn't start HTTP fastServer")
} }
})() }()
} }
// Start the web fastServer // Start the web fastServer
err = fastServer.Serve(listener) err = fastServer.Serve(listener)
if err != nil { if err != nil {
log.Fatal().Err(err).Msg("Couldn't start fastServer") log.Panic().Err(err).Msg("Couldn't start fastServer")
} }
return nil return nil

30
server/setup.go
View file

@ -1,16 +1,21 @@
package server package server
import ( import (
"bytes"
"net/http"
"time" "time"
"github.com/valyala/fasthttp" "github.com/valyala/fasthttp"
"codeberg.org/codeberg/pages/server/cache"
"codeberg.org/codeberg/pages/server/utils"
) )
func SetupServer(handler fasthttp.RequestHandler) (*fasthttp.Server, error) { func SetupServer(handler fasthttp.RequestHandler) *fasthttp.Server {
// Enable compression by wrapping the handler with the compression function provided by FastHTTP // Enable compression by wrapping the handler with the compression function provided by FastHTTP
compressedHandler := fasthttp.CompressHandlerBrotliLevel(handler, fasthttp.CompressBrotliBestSpeed, fasthttp.CompressBestSpeed) compressedHandler := fasthttp.CompressHandlerBrotliLevel(handler, fasthttp.CompressBrotliBestSpeed, fasthttp.CompressBestSpeed)
fastServer := &fasthttp.Server{ return &fasthttp.Server{
Handler: compressedHandler, Handler: compressedHandler,
DisablePreParseMultipartForm: true, DisablePreParseMultipartForm: true,
MaxRequestBodySize: 0, MaxRequestBodySize: 0,
@ -20,6 +25,23 @@ func SetupServer(handler fasthttp.RequestHandler) (*fasthttp.Server, error) {
Concurrency: 1024 * 32, // TODO: adjust bottlenecks for best performance with Gitea! Concurrency: 1024 * 32, // TODO: adjust bottlenecks for best performance with Gitea!
MaxConnsPerIP: 100, MaxConnsPerIP: 100,
} }
}
return fastServer, nil
func SetupHttpACMEChallengeServer(challengeCache cache.SetGetKey) *fasthttp.Server {
challengePath := []byte("/.well-known/acme-challenge/")
return &fasthttp.Server{
Handler: func(ctx *fasthttp.RequestCtx) {
if bytes.HasPrefix(ctx.Path(), challengePath) {
challenge, ok := challengeCache.Get(string(utils.TrimHostPort(ctx.Host())) + "/" + string(bytes.TrimPrefix(ctx.Path(), challengePath)))
if !ok || challenge == nil {
ctx.SetStatusCode(http.StatusNotFound)
ctx.SetBodyString("no challenge for this token")
}
ctx.SetBodyString(challenge.(string))
} else {
ctx.Redirect("https://"+string(ctx.Host())+string(ctx.RequestURI()), http.StatusMovedPermanently)
}
},
}
} }