2021-12-03 01:12:51 +00:00
|
|
|
package cmd
|
|
|
|
|
|
|
|
import (
|
2021-12-05 17:26:54 +00:00
|
|
|
"context"
|
2021-12-03 01:12:51 +00:00
|
|
|
"crypto/tls"
|
|
|
|
"fmt"
|
|
|
|
"net"
|
2022-11-12 19:37:20 +00:00
|
|
|
"net/http"
|
2022-08-12 03:06:26 +00:00
|
|
|
"os"
|
2021-12-03 02:05:38 +00:00
|
|
|
"strings"
|
2021-12-05 17:26:54 +00:00
|
|
|
"time"
|
2021-12-03 01:12:51 +00:00
|
|
|
|
2021-12-10 13:32:14 +00:00
|
|
|
"github.com/rs/zerolog"
|
2021-12-03 02:05:38 +00:00
|
|
|
"github.com/rs/zerolog/log"
|
2021-12-03 01:12:51 +00:00
|
|
|
"github.com/urfave/cli/v2"
|
|
|
|
|
2021-12-03 03:15:48 +00:00
|
|
|
"codeberg.org/codeberg/pages/server/cache"
|
2021-12-05 14:21:05 +00:00
|
|
|
"codeberg.org/codeberg/pages/server/certificates"
|
2022-06-11 21:02:06 +00:00
|
|
|
"codeberg.org/codeberg/pages/server/gitea"
|
2022-11-12 19:43:44 +00:00
|
|
|
"codeberg.org/codeberg/pages/server/handler"
|
2021-12-03 01:12:51 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// AllowedCorsDomains lists the domains for which Cross-Origin Resource Sharing is allowed.
|
2021-12-03 02:05:38 +00:00
|
|
|
// TODO: make it a flag
|
2022-11-12 19:37:20 +00:00
|
|
|
var AllowedCorsDomains = []string{
|
|
|
|
"fonts.codeberg.org",
|
|
|
|
"design.codeberg.org",
|
2021-12-03 01:12:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// BlacklistedPaths specifies forbidden path prefixes for all Codeberg Pages.
|
2021-12-04 20:59:04 +00:00
|
|
|
// TODO: Make it a flag too
|
2022-11-12 19:37:20 +00:00
|
|
|
var BlacklistedPaths = []string{
|
|
|
|
"/.well-known/acme-challenge/",
|
2021-12-03 01:12:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Serve sets up and starts the web server.
|
|
|
|
func Serve(ctx *cli.Context) error {
|
2023-02-10 03:00:14 +00:00
|
|
|
// Initialize the logger.
|
2022-08-12 03:06:26 +00:00
|
|
|
logLevel, err := zerolog.ParseLevel(ctx.String("log-level"))
|
|
|
|
if err != nil {
|
|
|
|
return err
|
2021-12-10 13:32:14 +00:00
|
|
|
}
|
2022-08-12 03:06:26 +00:00
|
|
|
log.Logger = zerolog.New(zerolog.ConsoleWriter{Out: os.Stderr}).With().Timestamp().Logger().Level(logLevel)
|
2021-12-10 13:32:14 +00:00
|
|
|
|
2023-02-11 00:31:56 +00:00
|
|
|
giteaRoot := ctx.String("gitea-root")
|
2021-12-03 02:05:38 +00:00
|
|
|
giteaAPIToken := ctx.String("gitea-api-token")
|
|
|
|
rawDomain := ctx.String("raw-domain")
|
2022-11-12 19:37:20 +00:00
|
|
|
mainDomainSuffix := ctx.String("pages-domain")
|
2021-12-03 02:05:38 +00:00
|
|
|
rawInfoPage := ctx.String("raw-info-page")
|
2023-02-13 20:14:45 +00:00
|
|
|
listeningHost := ctx.String("host")
|
2023-02-14 02:23:28 +00:00
|
|
|
listeningSSLPort := ctx.Uint("port")
|
|
|
|
listeningSSLAddress := fmt.Sprintf("%s:%d", listeningHost, listeningSSLPort)
|
2023-02-13 20:14:45 +00:00
|
|
|
listeningHTTPAddress := fmt.Sprintf("%s:%d", listeningHost, ctx.Uint("http-port"))
|
2021-12-03 02:34:50 +00:00
|
|
|
enableHTTPServer := ctx.Bool("enable-http-server")
|
|
|
|
|
2021-12-03 02:05:38 +00:00
|
|
|
allowedCorsDomains := AllowedCorsDomains
|
2022-11-15 15:15:11 +00:00
|
|
|
if rawDomain != "" {
|
2022-11-12 19:37:20 +00:00
|
|
|
allowedCorsDomains = append(allowedCorsDomains, rawDomain)
|
2021-12-03 02:05:38 +00:00
|
|
|
}
|
|
|
|
|
2023-02-11 00:31:56 +00:00
|
|
|
// Make sure MainDomain has a trailing dot
|
2022-11-12 19:37:20 +00:00
|
|
|
if !strings.HasPrefix(mainDomainSuffix, ".") {
|
|
|
|
mainDomainSuffix = "." + mainDomainSuffix
|
2021-12-03 01:12:51 +00:00
|
|
|
}
|
|
|
|
|
2023-02-10 03:00:14 +00:00
|
|
|
// Init ssl cert database
|
|
|
|
certDB, closeFn, err := openCertDB(ctx)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
defer closeFn()
|
|
|
|
|
2021-12-05 14:02:44 +00:00
|
|
|
keyCache := cache.NewKeyValueCache()
|
|
|
|
challengeCache := cache.NewKeyValueCache()
|
|
|
|
// canonicalDomainCache stores canonical domains
|
2022-03-27 19:54:06 +00:00
|
|
|
canonicalDomainCache := cache.NewKeyValueCache()
|
2021-12-05 14:02:44 +00:00
|
|
|
// dnsLookupCache stores DNS lookups for custom domains
|
2022-03-27 19:54:06 +00:00
|
|
|
dnsLookupCache := cache.NewKeyValueCache()
|
2022-11-12 19:37:20 +00:00
|
|
|
// clientResponseCache stores responses from the Gitea server
|
|
|
|
clientResponseCache := cache.NewKeyValueCache()
|
2021-12-05 14:02:44 +00:00
|
|
|
|
2022-11-12 19:37:20 +00:00
|
|
|
giteaClient, err := gitea.NewClient(giteaRoot, giteaAPIToken, clientResponseCache, ctx.Bool("enable-symlink-support"), ctx.Bool("enable-lfs-support"))
|
2022-06-13 18:07:32 +00:00
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("could not create new gitea client: %v", err)
|
|
|
|
}
|
2022-06-11 21:02:06 +00:00
|
|
|
|
2023-02-11 02:29:08 +00:00
|
|
|
acmeClient, err := createAcmeClient(ctx, enableHTTPServer, challengeCache)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := certificates.SetupMainDomainCertificates(mainDomainSuffix, acmeClient, certDB); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2023-02-13 20:14:45 +00:00
|
|
|
// Create listener for SSL connections
|
2023-02-14 02:23:28 +00:00
|
|
|
log.Info().Msgf("Create TCP listener for SSL on %s", listeningSSLAddress)
|
2023-02-13 20:14:45 +00:00
|
|
|
listener, err := net.Listen("tcp", listeningSSLAddress)
|
2021-12-03 01:12:51 +00:00
|
|
|
if err != nil {
|
2022-08-12 03:06:26 +00:00
|
|
|
return fmt.Errorf("couldn't create listener: %v", err)
|
2021-12-03 01:12:51 +00:00
|
|
|
}
|
|
|
|
|
2023-02-13 20:14:45 +00:00
|
|
|
// Setup listener for SSL connections
|
2021-12-05 14:21:05 +00:00
|
|
|
listener = tls.NewListener(listener, certificates.TLSConfig(mainDomainSuffix,
|
2022-06-11 21:02:06 +00:00
|
|
|
giteaClient,
|
2023-02-11 02:29:08 +00:00
|
|
|
acmeClient,
|
2021-12-05 14:02:44 +00:00
|
|
|
keyCache, challengeCache, dnsLookupCache, canonicalDomainCache,
|
2021-12-05 18:02:26 +00:00
|
|
|
certDB))
|
2021-12-03 03:15:48 +00:00
|
|
|
|
2021-12-05 17:26:54 +00:00
|
|
|
interval := 12 * time.Hour
|
|
|
|
certMaintainCtx, cancelCertMaintain := context.WithCancel(context.Background())
|
|
|
|
defer cancelCertMaintain()
|
2023-02-11 02:29:08 +00:00
|
|
|
go certificates.MaintainCertDB(certMaintainCtx, interval, acmeClient, mainDomainSuffix, certDB)
|
2021-12-05 16:44:10 +00:00
|
|
|
|
2021-12-03 02:34:50 +00:00
|
|
|
if enableHTTPServer {
|
2023-02-13 20:14:45 +00:00
|
|
|
// Create handler for http->https redirect and http acme challenges
|
2023-02-14 02:23:28 +00:00
|
|
|
httpHandler := certificates.SetupHTTPACMEChallengeServer(challengeCache, listeningSSLPort)
|
2023-02-13 20:14:45 +00:00
|
|
|
|
|
|
|
// Create listener for http and start listening
|
2021-12-05 14:45:22 +00:00
|
|
|
go func() {
|
2023-02-13 20:14:45 +00:00
|
|
|
log.Info().Msgf("Start HTTP server listening on %s", listeningHTTPAddress)
|
|
|
|
err := http.ListenAndServe(listeningHTTPAddress, httpHandler)
|
2021-12-03 01:12:51 +00:00
|
|
|
if err != nil {
|
2021-12-05 14:45:22 +00:00
|
|
|
log.Panic().Err(err).Msg("Couldn't start HTTP fastServer")
|
2021-12-03 01:12:51 +00:00
|
|
|
}
|
2021-12-05 14:45:22 +00:00
|
|
|
}()
|
2021-12-03 01:12:51 +00:00
|
|
|
}
|
|
|
|
|
2023-02-13 20:14:45 +00:00
|
|
|
// Create ssl handler based on settings
|
|
|
|
sslHandler := handler.Handler(mainDomainSuffix, rawDomain,
|
|
|
|
giteaClient,
|
|
|
|
rawInfoPage,
|
|
|
|
BlacklistedPaths, allowedCorsDomains,
|
|
|
|
dnsLookupCache, canonicalDomainCache)
|
|
|
|
|
|
|
|
// Start the ssl listener
|
2023-02-14 02:23:28 +00:00
|
|
|
log.Info().Msgf("Start SSL server using TCP listener on %s", listener.Addr())
|
2023-02-13 20:14:45 +00:00
|
|
|
if err := http.Serve(listener, sslHandler); err != nil {
|
2021-12-05 14:45:22 +00:00
|
|
|
log.Panic().Err(err).Msg("Couldn't start fastServer")
|
2021-12-03 01:12:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|