package server import ( "context" "crypto/tls" "encoding/json" "fmt" "net" "net/http" "os" "strings" "time" "github.com/redis/go-redis/v9" "github.com/rs/zerolog" "github.com/rs/zerolog/log" "github.com/urfave/cli/v2" cmd "codeberg.org/codeberg/pages/cli" "codeberg.org/codeberg/pages/config" "codeberg.org/codeberg/pages/server/acme" "codeberg.org/codeberg/pages/server/cache" "codeberg.org/codeberg/pages/server/certificates" "codeberg.org/codeberg/pages/server/gitea" "codeberg.org/codeberg/pages/server/handler" ) // Serve sets up and starts the web server. func Serve(ctx *cli.Context) error { // initialize logger with Trace, overridden later with actual level log.Logger = zerolog.New(zerolog.ConsoleWriter{Out: os.Stderr}).With().Timestamp().Logger().Level(zerolog.TraceLevel) cfg, err := config.ReadConfig(ctx) if err != nil { log.Error().Err(err).Msg("could not read config") } config.MergeConfig(ctx, cfg) // Initialize the logger. logLevel, err := zerolog.ParseLevel(cfg.LogLevel) if err != nil { return err } log.Logger = zerolog.New(zerolog.ConsoleWriter{Out: os.Stderr}).With().Timestamp().Logger().Level(logLevel) foo, _ := json.Marshal(cfg) log.Trace().RawJSON("config", foo).Msg("starting server with config") listeningSSLAddress := fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.Port) listeningHTTPAddress := fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.HttpPort) if cfg.Server.RawDomain != "" { cfg.Server.AllowedCorsDomains = append(cfg.Server.AllowedCorsDomains, cfg.Server.RawDomain) } // Make sure MainDomain has a leading dot if !strings.HasPrefix(cfg.Server.MainDomain, ".") { // TODO make this better cfg.Server.MainDomain = "." + cfg.Server.MainDomain } if len(cfg.Server.PagesBranches) == 0 { return fmt.Errorf("no default branches set (PAGES_BRANCHES)") } // Init ssl cert database certDB, closeFn, err := cmd.OpenCertDB(ctx) if err != nil { return err } defer closeFn() var redisErr error = nil createCache := func(name string) cache.ICache { if cfg.Cache.RedisURL != "" { opts, err := redis.ParseURL(cfg.Cache.RedisURL) if err != nil { redisErr = err return nil } return cache.NewRedisCache(name, opts) } return cache.NewInMemoryCache() } // challengeCache stores the certificate challenges challengeCache := createCache("challenge") // canonicalDomainCache stores canonical domains canonicalDomainCache := createCache("canonicalDomain") // redirectsCache stores redirects in _redirects files redirectsCache := createCache("redirects") // clientResponseCache stores responses from the Gitea server clientResponseCache := createCache("clientResponse") if redisErr != nil { return redisErr } giteaClient, err := gitea.NewClient(cfg.Gitea, clientResponseCache) if err != nil { return fmt.Errorf("could not create new gitea client: %v", err) } acmeClient, err := acme.CreateAcmeClient(cfg.ACME, cfg.Server.HttpServerEnabled, challengeCache) if err != nil { return err } if err := certificates.SetupMainDomainCertificates(cfg.Server.MainDomain, acmeClient, certDB); err != nil { return err } // Create listener for SSL connections log.Info().Msgf("Create TCP listener for SSL on %s", listeningSSLAddress) listener, err := net.Listen("tcp", listeningSSLAddress) if err != nil { return fmt.Errorf("couldn't create listener: %v", err) } // Setup listener for SSL connections listener = tls.NewListener(listener, certificates.TLSConfig( cfg.Server.MainDomain, giteaClient, acmeClient, cfg.Server.PagesBranches[0], challengeCache, canonicalDomainCache, certDB, cfg.ACME.NoDNS01, cfg.Server.RawDomain, )) interval := 12 * time.Hour certMaintainCtx, cancelCertMaintain := context.WithCancel(context.Background()) defer cancelCertMaintain() go certificates.MaintainCertDB(certMaintainCtx, interval, acmeClient, cfg.Server.MainDomain, certDB) if cfg.Server.HttpServerEnabled { // Create handler for http->https redirect and http acme challenges httpHandler := certificates.SetupHTTPACMEChallengeServer(challengeCache, uint(cfg.Server.Port)) // Create listener for http and start listening go func() { log.Info().Msgf("Start HTTP server listening on %s", listeningHTTPAddress) err := http.ListenAndServe(listeningHTTPAddress, httpHandler) if err != nil { log.Error().Err(err).Msg("Couldn't start HTTP server") } }() } // Create ssl handler based on settings sslHandler := handler.Handler(cfg.Server, giteaClient, canonicalDomainCache, redirectsCache) // Start the ssl listener log.Info().Msgf("Start SSL server using TCP listener on %s", listener.Addr()) return http.Serve(listener, sslHandler) }