mirror of
https://codeberg.org/Codeberg/pages-server.git
synced 2025-04-25 06:16:58 +00:00
Merge remote-tracking branch 'upstream/main' into issue115
This commit is contained in:
6543
commit
c5040b622d
15 changed files with 241 additions and 115 deletions
34
cmd/flags.go
34
cmd/flags.go
|
|
@ -8,11 +8,13 @@ var (
|
|||
CertStorageFlags = []cli.Flag{
|
||||
&cli.StringFlag{
|
||||
Name: "db-type",
|
||||
Usage: "Specify the database driver. Valid options are \"sqlite3\", \"mysql\" and \"postgres\". Read more at https://xorm.io",
|
||||
Value: "sqlite3",
|
||||
EnvVars: []string{"DB_TYPE"},
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "db-conn",
|
||||
Usage: "Specify the database connection. For \"sqlite3\" it's the filepath. Read more at https://go.dev/doc/tutorial/database-access",
|
||||
Value: "certs.sqlite",
|
||||
EnvVars: []string{"DB_CONN"},
|
||||
},
|
||||
|
|
@ -87,15 +89,21 @@ var (
|
|||
EnvVars: []string{"HOST"},
|
||||
Value: "[::]",
|
||||
},
|
||||
&cli.StringFlag{
|
||||
&cli.UintFlag{
|
||||
Name: "port",
|
||||
Usage: "specifies port of listening address",
|
||||
EnvVars: []string{"PORT"},
|
||||
Value: "443",
|
||||
Usage: "specifies the https port to listen to ssl requests",
|
||||
EnvVars: []string{"PORT", "HTTPS_PORT"},
|
||||
Value: 443,
|
||||
},
|
||||
&cli.UintFlag{
|
||||
Name: "http-port",
|
||||
Usage: "specifies the http port, you also have to enable http server via ENABLE_HTTP_SERVER=true",
|
||||
EnvVars: []string{"HTTP_PORT"},
|
||||
Value: 80,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "enable-http-server",
|
||||
// TODO: desc
|
||||
Name: "enable-http-server",
|
||||
Usage: "start a http server to redirect to https and respond to http acme challenges",
|
||||
EnvVars: []string{"ENABLE_HTTP_SERVER"},
|
||||
},
|
||||
&cli.StringFlag{
|
||||
|
|
@ -132,23 +140,23 @@ var (
|
|||
Value: true,
|
||||
},
|
||||
&cli.BoolFlag{
|
||||
Name: "acme-accept-terms",
|
||||
// TODO: Usage
|
||||
Name: "acme-accept-terms",
|
||||
Usage: "To accept the ACME ToS",
|
||||
EnvVars: []string{"ACME_ACCEPT_TERMS"},
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "acme-eab-kid",
|
||||
// TODO: Usage
|
||||
Name: "acme-eab-kid",
|
||||
Usage: "Register the current account to the ACME server with external binding.",
|
||||
EnvVars: []string{"ACME_EAB_KID"},
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "acme-eab-hmac",
|
||||
// TODO: Usage
|
||||
Name: "acme-eab-hmac",
|
||||
Usage: "Register the current account to the ACME server with external binding.",
|
||||
EnvVars: []string{"ACME_EAB_HMAC"},
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "dns-provider",
|
||||
Usage: "Use DNS-Challenge for main domain\n\nRead more at: https://go-acme.github.io/lego/dns/",
|
||||
Usage: "Use DNS-Challenge for main domain. Read more at: https://go-acme.github.io/lego/dns/",
|
||||
EnvVars: []string{"DNS_PROVIDER"},
|
||||
},
|
||||
&cli.StringFlag{
|
||||
|
|
|
|||
42
cmd/main.go
42
cmd/main.go
|
|
@ -14,7 +14,6 @@ import (
|
|||
"github.com/rs/zerolog/log"
|
||||
"github.com/urfave/cli/v2"
|
||||
|
||||
"codeberg.org/codeberg/pages/server"
|
||||
"codeberg.org/codeberg/pages/server/cache"
|
||||
"codeberg.org/codeberg/pages/server/certificates"
|
||||
"codeberg.org/codeberg/pages/server/gitea"
|
||||
|
|
@ -49,7 +48,9 @@ func Serve(ctx *cli.Context) error {
|
|||
defaultBranches := ctx.StringSlice("pages-branch")
|
||||
mainDomainSuffix := ctx.String("pages-domain")
|
||||
rawInfoPage := ctx.String("raw-info-page")
|
||||
listeningAddress := fmt.Sprintf("%s:%s", ctx.String("host"), ctx.String("port"))
|
||||
listeningHost := ctx.String("host")
|
||||
listeningSSLAddress := fmt.Sprintf("%s:%d", listeningHost, ctx.Uint("port"))
|
||||
listeningHTTPAddress := fmt.Sprintf("%s:%d", listeningHost, ctx.Uint("http-port"))
|
||||
enableHTTPServer := ctx.Bool("enable-http-server")
|
||||
|
||||
allowedCorsDomains := AllowedCorsDomains
|
||||
|
|
@ -96,23 +97,14 @@ func Serve(ctx *cli.Context) error {
|
|||
return err
|
||||
}
|
||||
|
||||
// Create handler based on settings
|
||||
httpsHandler := handler.Handler(mainDomainSuffix, rawDomain,
|
||||
giteaClient,
|
||||
rawInfoPage,
|
||||
BlacklistedPaths, allowedCorsDomains,
|
||||
defaultBranches,
|
||||
dnsLookupCache, canonicalDomainCache)
|
||||
|
||||
httpHandler := server.SetupHTTPACMEChallengeServer(challengeCache)
|
||||
|
||||
// Setup listener and TLS
|
||||
log.Info().Msgf("Listening on https://%s", listeningAddress)
|
||||
listener, err := net.Listen("tcp", listeningAddress)
|
||||
// Create listener for SSL connections
|
||||
log.Info().Msgf("Listening on https://%s", listeningSSLAddress)
|
||||
listener, err := net.Listen("tcp", listeningSSLAddress)
|
||||
if err != nil {
|
||||
return fmt.Errorf("couldn't create listener: %v", err)
|
||||
}
|
||||
|
||||
// Setup listener for SSL connections
|
||||
listener = tls.NewListener(listener, certificates.TLSConfig(mainDomainSuffix,
|
||||
giteaClient,
|
||||
acmeClient,
|
||||
|
|
@ -126,18 +118,30 @@ func Serve(ctx *cli.Context) error {
|
|||
go certificates.MaintainCertDB(certMaintainCtx, interval, acmeClient, mainDomainSuffix, certDB)
|
||||
|
||||
if enableHTTPServer {
|
||||
// Create handler for http->https redirect and http acme challenges
|
||||
httpHandler := certificates.SetupHTTPACMEChallengeServer(challengeCache)
|
||||
|
||||
// Create listener for http and start listening
|
||||
go func() {
|
||||
log.Info().Msg("Start HTTP server listening on :80")
|
||||
err := http.ListenAndServe("[::]:80", httpHandler)
|
||||
log.Info().Msgf("Start HTTP server listening on %s", listeningHTTPAddress)
|
||||
err := http.ListenAndServe(listeningHTTPAddress, httpHandler)
|
||||
if err != nil {
|
||||
log.Panic().Err(err).Msg("Couldn't start HTTP fastServer")
|
||||
}
|
||||
}()
|
||||
}
|
||||
|
||||
// Start the web fastServer
|
||||
// Create ssl handler based on settings
|
||||
sslHandler := handler.Handler(mainDomainSuffix, rawDomain,
|
||||
giteaClient,
|
||||
rawInfoPage,
|
||||
BlacklistedPaths, allowedCorsDomains,
|
||||
defaultBranches,
|
||||
dnsLookupCache, canonicalDomainCache)
|
||||
|
||||
// Start the ssl listener
|
||||
log.Info().Msgf("Start listening on %s", listener.Addr())
|
||||
if err := http.Serve(listener, httpsHandler); err != nil {
|
||||
if err := http.Serve(listener, sslHandler); err != nil {
|
||||
log.Panic().Err(err).Msg("Couldn't start fastServer")
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -43,6 +43,11 @@ func createAcmeClient(ctx *cli.Context, enableHTTPServer bool, challengeCache ca
|
|||
if (!acmeAcceptTerms || dnsProvider == "") && acmeAPI != "https://acme.mock.directory" {
|
||||
return nil, fmt.Errorf("%w: you must set $ACME_ACCEPT_TERMS and $DNS_PROVIDER, unless $ACME_API is set to https://acme.mock.directory", ErrAcmeMissConfig)
|
||||
}
|
||||
if acmeEabHmac != "" && acmeEabKID == "" {
|
||||
return nil, fmt.Errorf("%w: ACME_EAB_HMAC also needs ACME_EAB_KID to be set", ErrAcmeMissConfig)
|
||||
} else if acmeEabHmac == "" && acmeEabKID != "" {
|
||||
return nil, fmt.Errorf("%w: ACME_EAB_KID also needs ACME_EAB_HMAC to be set", ErrAcmeMissConfig)
|
||||
}
|
||||
|
||||
return certificates.NewAcmeClient(
|
||||
acmeAccountConf,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue