pages-server/cmd/main.go

139 lines
4.0 KiB
Go
Raw Normal View History

2021-12-03 01:12:51 +00:00
package cmd
import (
2021-12-05 17:26:54 +00:00
"context"
2021-12-03 01:12:51 +00:00
"crypto/tls"
"fmt"
"net"
"net/http"
"os"
2021-12-03 02:05:38 +00:00
"strings"
2021-12-05 17:26:54 +00:00
"time"
2021-12-03 01:12:51 +00:00
"github.com/rs/zerolog"
2021-12-03 02:05:38 +00:00
"github.com/rs/zerolog/log"
2021-12-03 01:12:51 +00:00
"github.com/urfave/cli/v2"
"codeberg.org/codeberg/pages/server"
2021-12-03 03:15:48 +00:00
"codeberg.org/codeberg/pages/server/cache"
2021-12-05 14:21:05 +00:00
"codeberg.org/codeberg/pages/server/certificates"
"codeberg.org/codeberg/pages/server/gitea"
"codeberg.org/codeberg/pages/server/handler"
2021-12-03 01:12:51 +00:00
)
// AllowedCorsDomains lists the domains for which Cross-Origin Resource Sharing is allowed.
2021-12-03 02:05:38 +00:00
// TODO: make it a flag
var AllowedCorsDomains = []string{
"fonts.codeberg.org",
"design.codeberg.org",
2021-12-03 01:12:51 +00:00
}
// BlacklistedPaths specifies forbidden path prefixes for all Codeberg Pages.
2021-12-04 20:59:04 +00:00
// TODO: Make it a flag too
var BlacklistedPaths = []string{
"/.well-known/acme-challenge/",
2021-12-03 01:12:51 +00:00
}
// Serve sets up and starts the web server.
func Serve(ctx *cli.Context) error {
// Initialize the logger.
logLevel, err := zerolog.ParseLevel(ctx.String("log-level"))
if err != nil {
return err
}
log.Logger = zerolog.New(zerolog.ConsoleWriter{Out: os.Stderr}).With().Timestamp().Logger().Level(logLevel)
giteaRoot := ctx.String("gitea-root")
2021-12-03 02:05:38 +00:00
giteaAPIToken := ctx.String("gitea-api-token")
rawDomain := ctx.String("raw-domain")
mainDomainSuffix := ctx.String("pages-domain")
2021-12-03 02:05:38 +00:00
rawInfoPage := ctx.String("raw-info-page")
listeningAddress := fmt.Sprintf("%s:%s", ctx.String("host"), ctx.String("port"))
2021-12-03 02:34:50 +00:00
enableHTTPServer := ctx.Bool("enable-http-server")
2021-12-03 02:05:38 +00:00
allowedCorsDomains := AllowedCorsDomains
if rawDomain != "" {
allowedCorsDomains = append(allowedCorsDomains, rawDomain)
2021-12-03 02:05:38 +00:00
}
// Make sure MainDomain has a trailing dot
if !strings.HasPrefix(mainDomainSuffix, ".") {
mainDomainSuffix = "." + mainDomainSuffix
2021-12-03 01:12:51 +00:00
}
// Init ssl cert database
certDB, closeFn, err := openCertDB(ctx)
if err != nil {
return err
}
defer closeFn()
2021-12-05 14:02:44 +00:00
keyCache := cache.NewKeyValueCache()
challengeCache := cache.NewKeyValueCache()
// canonicalDomainCache stores canonical domains
canonicalDomainCache := cache.NewKeyValueCache()
2021-12-05 14:02:44 +00:00
// dnsLookupCache stores DNS lookups for custom domains
dnsLookupCache := cache.NewKeyValueCache()
// clientResponseCache stores responses from the Gitea server
clientResponseCache := cache.NewKeyValueCache()
2021-12-05 14:02:44 +00:00
giteaClient, err := gitea.NewClient(giteaRoot, giteaAPIToken, clientResponseCache, ctx.Bool("enable-symlink-support"), ctx.Bool("enable-lfs-support"))
if err != nil {
return fmt.Errorf("could not create new gitea client: %v", err)
}
acmeClient, err := createAcmeClient(ctx, enableHTTPServer, challengeCache)
if err != nil {
return err
}
if err := certificates.SetupMainDomainCertificates(mainDomainSuffix, acmeClient, certDB); err != nil {
return err
}
2021-12-03 01:12:51 +00:00
// Create handler based on settings
httpsHandler := handler.Handler(mainDomainSuffix, rawDomain,
giteaClient,
rawInfoPage,
2021-12-05 14:02:44 +00:00
BlacklistedPaths, allowedCorsDomains,
dnsLookupCache, canonicalDomainCache)
2021-12-03 01:12:51 +00:00
httpHandler := server.SetupHTTPACMEChallengeServer(challengeCache)
2021-12-03 01:12:51 +00:00
// Setup listener and TLS
2021-12-03 02:05:38 +00:00
log.Info().Msgf("Listening on https://%s", listeningAddress)
listener, err := net.Listen("tcp", listeningAddress)
2021-12-03 01:12:51 +00:00
if err != nil {
return fmt.Errorf("couldn't create listener: %v", err)
2021-12-03 01:12:51 +00:00
}
2021-12-05 14:21:05 +00:00
listener = tls.NewListener(listener, certificates.TLSConfig(mainDomainSuffix,
giteaClient,
acmeClient,
2021-12-05 14:02:44 +00:00
keyCache, challengeCache, dnsLookupCache, canonicalDomainCache,
2021-12-05 18:02:26 +00:00
certDB))
2021-12-03 03:15:48 +00:00
2021-12-05 17:26:54 +00:00
interval := 12 * time.Hour
certMaintainCtx, cancelCertMaintain := context.WithCancel(context.Background())
defer cancelCertMaintain()
go certificates.MaintainCertDB(certMaintainCtx, interval, acmeClient, mainDomainSuffix, certDB)
2021-12-03 02:34:50 +00:00
if enableHTTPServer {
go func() {
log.Info().Msg("Start HTTP server listening on :80")
err := http.ListenAndServe("[::]:80", httpHandler)
2021-12-03 01:12:51 +00:00
if err != nil {
log.Panic().Err(err).Msg("Couldn't start HTTP fastServer")
2021-12-03 01:12:51 +00:00
}
}()
2021-12-03 01:12:51 +00:00
}
// Start the web fastServer
log.Info().Msgf("Start listening on %s", listener.Addr())
if err := http.Serve(listener, httpsHandler); err != nil {
log.Panic().Err(err).Msg("Couldn't start fastServer")
2021-12-03 01:12:51 +00:00
}
return nil
}