From 76c867cfcaacbe3c2ee900d286e3e68bf00bc84c Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Sun, 5 Dec 2021 15:45:22 +0100 Subject: [PATCH] move "http acme server setup" into own func --- cmd/main.go | 29 ++++++++--------------------- server/setup.go | 30 ++++++++++++++++++++++++++---- 2 files changed, 34 insertions(+), 25 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index 246d0d7..8aa56e0 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -6,18 +6,15 @@ import ( "errors" "fmt" "net" - "net/http" "strings" "github.com/rs/zerolog/log" "github.com/urfave/cli/v2" - "github.com/valyala/fasthttp" "codeberg.org/codeberg/pages/server" "codeberg.org/codeberg/pages/server/cache" "codeberg.org/codeberg/pages/server/certificates" "codeberg.org/codeberg/pages/server/database" - "codeberg.org/codeberg/pages/server/utils" ) // AllowedCorsDomains lists the domains for which Cross-Origin Resource Sharing is allowed. @@ -77,7 +74,8 @@ func Serve(ctx *cli.Context) error { BlacklistedPaths, allowedCorsDomains, dnsLookupCache, canonicalDomainCache) - fastServer, err := server.SetupServer(handler) + fastServer := server.SetupServer(handler) + httpServer := server.SetupHttpACMEChallengeServer(challengeCache) // Setup listener and TLS log.Info().Msgf("Listening on https://%s", listeningAddress) @@ -100,31 +98,20 @@ func Serve(ctx *cli.Context) error { keyDatabase)) certificates.SetupCertificates(mainDomainSuffix, acmeAPI, acmeMail, acmeEabHmac, acmeEabKID, dnsProvider, acmeUseRateLimits, acmeAcceptTerms, enableHTTPServer, challengeCache, keyDatabase) + if enableHTTPServer { - go (func() { - challengePath := []byte("/.well-known/acme-challenge/") - err := fasthttp.ListenAndServe("[::]:80", func(ctx *fasthttp.RequestCtx) { - if bytes.HasPrefix(ctx.Path(), challengePath) { - challenge, ok := challengeCache.Get(string(utils.TrimHostPort(ctx.Host())) + "/" + string(bytes.TrimPrefix(ctx.Path(), challengePath))) - if !ok || challenge == nil { - ctx.SetStatusCode(http.StatusNotFound) - ctx.SetBodyString("no challenge for this token") - } - ctx.SetBodyString(challenge.(string)) - } else { - ctx.Redirect("https://"+string(ctx.Host())+string(ctx.RequestURI()), http.StatusMovedPermanently) - } - }) + go func() { + err := httpServer.ListenAndServe("[::]:80") if err != nil { - log.Fatal().Err(err).Msg("Couldn't start HTTP fastServer") + log.Panic().Err(err).Msg("Couldn't start HTTP fastServer") } - })() + }() } // Start the web fastServer err = fastServer.Serve(listener) if err != nil { - log.Fatal().Err(err).Msg("Couldn't start fastServer") + log.Panic().Err(err).Msg("Couldn't start fastServer") } return nil diff --git a/server/setup.go b/server/setup.go index 6986c7c..546aba1 100644 --- a/server/setup.go +++ b/server/setup.go @@ -1,16 +1,21 @@ package server import ( + "bytes" + "net/http" "time" "github.com/valyala/fasthttp" + + "codeberg.org/codeberg/pages/server/cache" + "codeberg.org/codeberg/pages/server/utils" ) -func SetupServer(handler fasthttp.RequestHandler) (*fasthttp.Server, error) { +func SetupServer(handler fasthttp.RequestHandler) *fasthttp.Server { // Enable compression by wrapping the handler with the compression function provided by FastHTTP compressedHandler := fasthttp.CompressHandlerBrotliLevel(handler, fasthttp.CompressBrotliBestSpeed, fasthttp.CompressBestSpeed) - fastServer := &fasthttp.Server{ + return &fasthttp.Server{ Handler: compressedHandler, DisablePreParseMultipartForm: true, MaxRequestBodySize: 0, @@ -20,6 +25,23 @@ func SetupServer(handler fasthttp.RequestHandler) (*fasthttp.Server, error) { Concurrency: 1024 * 32, // TODO: adjust bottlenecks for best performance with Gitea! MaxConnsPerIP: 100, } - - return fastServer, nil +} + +func SetupHttpACMEChallengeServer(challengeCache cache.SetGetKey) *fasthttp.Server { + challengePath := []byte("/.well-known/acme-challenge/") + + return &fasthttp.Server{ + Handler: func(ctx *fasthttp.RequestCtx) { + if bytes.HasPrefix(ctx.Path(), challengePath) { + challenge, ok := challengeCache.Get(string(utils.TrimHostPort(ctx.Host())) + "/" + string(bytes.TrimPrefix(ctx.Path(), challengePath))) + if !ok || challenge == nil { + ctx.SetStatusCode(http.StatusNotFound) + ctx.SetBodyString("no challenge for this token") + } + ctx.SetBodyString(challenge.(string)) + } else { + ctx.Redirect("https://"+string(ctx.Host())+string(ctx.RequestURI()), http.StatusMovedPermanently) + } + }, + } }