Compare commits
17 Commits
a2613d966c
...
d980cd4e57
Author | SHA1 | Date |
---|---|---|
crapStone | d980cd4e57 | |
crapStone | fa10cfae82 | |
crapStone | de823fbd16 | |
crapStone | 19e1471c71 | |
crapStone | ca4f62a496 | |
crapStone | 558b3f6075 | |
crapStone | 3a1ba2d5ac | |
crapStone | 5954ca83c5 | |
crapStone | e320f34ec1 | |
crapStone | a8f6bbda85 | |
crapStone | 3566fd62b8 | |
crapStone | 50221cf531 | |
crapStone | 687f06e107 | |
crapStone | acd02709c7 | |
Moritz Marquardt | 7071ee9bff | |
Dependency bot | eb08c46dcd | |
crapStone | 56d44609ea |
|
@ -11,7 +11,7 @@ depends_on:
|
||||||
steps:
|
steps:
|
||||||
# use vendor to cache dependencies
|
# use vendor to cache dependencies
|
||||||
vendor:
|
vendor:
|
||||||
image: golang:1.21
|
image: golang:1.22
|
||||||
commands:
|
commands:
|
||||||
- go mod vendor
|
- go mod vendor
|
||||||
|
|
||||||
|
|
4
Justfile
4
Justfile
|
@ -1,13 +1,13 @@
|
||||||
CGO_FLAGS := '-extldflags "-static" -linkmode external'
|
CGO_FLAGS := '-extldflags "-static" -linkmode external'
|
||||||
TAGS := 'sqlite sqlite_unlock_notify netgo'
|
TAGS := 'sqlite sqlite_unlock_notify netgo'
|
||||||
|
|
||||||
dev:
|
dev *FLAGS:
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
set -euxo pipefail
|
set -euxo pipefail
|
||||||
set -a # automatically export all variables
|
set -a # automatically export all variables
|
||||||
source .env-dev
|
source .env-dev
|
||||||
set +a
|
set +a
|
||||||
go run -tags '{{TAGS}}' .
|
go run -tags '{{TAGS}}' . {{FLAGS}}
|
||||||
|
|
||||||
build:
|
build:
|
||||||
CGO_ENABLED=1 go build -tags '{{TAGS}}' -ldflags '-s -w {{CGO_FLAGS}}' -v -o build/codeberg-pages-server ./
|
CGO_ENABLED=1 go build -tags '{{TAGS}}' -ldflags '-s -w {{CGO_FLAGS}}' -v -o build/codeberg-pages-server ./
|
||||||
|
|
15
README.md
15
README.md
|
@ -124,3 +124,18 @@ now these pages should work:
|
||||||
- <https://momar.localhost.mock.directory:4430/ci-testing/>
|
- <https://momar.localhost.mock.directory:4430/ci-testing/>
|
||||||
- <https://momar.localhost.mock.directory:4430/pag/@master/>
|
- <https://momar.localhost.mock.directory:4430/pag/@master/>
|
||||||
- <https://mock-pages.codeberg-test.org:4430/README.md>
|
- <https://mock-pages.codeberg-test.org:4430/README.md>
|
||||||
|
|
||||||
|
### Profiling
|
||||||
|
|
||||||
|
> This section is just a collection of commands for quick reference. If you want to learn more about profiling read [this](https://go.dev/doc/diagnostics) article or google `golang profiling`.
|
||||||
|
|
||||||
|
First enable profiling by supplying the cli arg `--enable-profiling` or using the environment variable `EENABLE_PROFILING`.
|
||||||
|
|
||||||
|
Get cpu and mem stats:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
go tool pprof -raw -output=cpu.txt 'http://localhost:9999/debug/pprof/profile?seconds=60' &
|
||||||
|
curl -so mem.txt 'http://localhost:9999/debug/pprof/heap?seconds=60'
|
||||||
|
```
|
||||||
|
|
||||||
|
More endpoints are documented here: <https://pkg.go.dev/net/http/pprof>
|
||||||
|
|
12
cli/flags.go
12
cli/flags.go
|
@ -139,6 +139,18 @@ var (
|
||||||
EnvVars: []string{"CONFIG_FILE"},
|
EnvVars: []string{"CONFIG_FILE"},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
&cli.BoolFlag{
|
||||||
|
Name: "enable-profiling",
|
||||||
|
Usage: "enables the go http profiling endpoints",
|
||||||
|
EnvVars: []string{"ENABLE_PROFILING"},
|
||||||
|
},
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "profiling-address",
|
||||||
|
Usage: "specify ip address and port the profiling server should listen on",
|
||||||
|
EnvVars: []string{"PROFILING_ADDRESS"},
|
||||||
|
Value: "localhost:9999",
|
||||||
|
},
|
||||||
|
|
||||||
// ############################
|
// ############################
|
||||||
// ### ACME Client Settings ###
|
// ### ACME Client Settings ###
|
||||||
// ############################
|
// ############################
|
||||||
|
|
|
@ -19,11 +19,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1714030708,
|
"lastModified": 1714314149,
|
||||||
"narHash": "sha256-JOGPOxa8N6ySzB7SQBsh0OVz+UXZriyahgvfNHMIY0Y=",
|
"narHash": "sha256-yNAevSKF4krRWacmLUsLK7D7PlfuY3zF0lYnGYNi9vQ=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "b0d52b31f7f4d80f8bf38f0253652125579c35ff",
|
"rev": "cf8cc1201be8bc71b7cbbbdaf349b22f4f99c7ae",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
1
go.mod
1
go.mod
|
@ -10,6 +10,7 @@ require (
|
||||||
github.com/creasty/defaults v1.7.0
|
github.com/creasty/defaults v1.7.0
|
||||||
github.com/go-acme/lego/v4 v4.5.3
|
github.com/go-acme/lego/v4 v4.5.3
|
||||||
github.com/go-sql-driver/mysql v1.6.0
|
github.com/go-sql-driver/mysql v1.6.0
|
||||||
|
github.com/hashicorp/golang-lru/v2 v2.0.7
|
||||||
github.com/joho/godotenv v1.4.0
|
github.com/joho/godotenv v1.4.0
|
||||||
github.com/lib/pq v1.10.7
|
github.com/lib/pq v1.10.7
|
||||||
github.com/mattn/go-sqlite3 v1.14.16
|
github.com/mattn/go-sqlite3 v1.14.16
|
||||||
|
|
2
go.sum
2
go.sum
|
@ -323,6 +323,8 @@ github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09
|
||||||
github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
|
github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
|
||||||
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
|
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
|
||||||
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
|
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
|
||||||
|
github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
|
||||||
|
github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
|
||||||
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
|
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
|
||||||
github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
|
github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
|
||||||
github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
|
github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
|
||||||
|
|
|
@ -14,6 +14,7 @@ import (
|
||||||
"github.com/go-acme/lego/v4/certificate"
|
"github.com/go-acme/lego/v4/certificate"
|
||||||
"github.com/go-acme/lego/v4/challenge/tlsalpn01"
|
"github.com/go-acme/lego/v4/challenge/tlsalpn01"
|
||||||
"github.com/go-acme/lego/v4/lego"
|
"github.com/go-acme/lego/v4/lego"
|
||||||
|
"github.com/hashicorp/golang-lru/v2/expirable"
|
||||||
"github.com/reugn/equalizer"
|
"github.com/reugn/equalizer"
|
||||||
"github.com/rs/zerolog/log"
|
"github.com/rs/zerolog/log"
|
||||||
|
|
||||||
|
@ -31,11 +32,13 @@ func TLSConfig(mainDomainSuffix string,
|
||||||
giteaClient *gitea.Client,
|
giteaClient *gitea.Client,
|
||||||
acmeClient *AcmeClient,
|
acmeClient *AcmeClient,
|
||||||
firstDefaultBranch string,
|
firstDefaultBranch string,
|
||||||
keyCache, challengeCache, dnsLookupCache, canonicalDomainCache cache.ICache,
|
challengeCache, canonicalDomainCache cache.ICache,
|
||||||
certDB database.CertDB,
|
certDB database.CertDB,
|
||||||
noDNS01 bool,
|
noDNS01 bool,
|
||||||
rawDomain string,
|
rawDomain string,
|
||||||
) *tls.Config {
|
) *tls.Config {
|
||||||
|
keyCache := expirable.NewLRU[string, *tls.Certificate](32, nil, 24*time.Hour)
|
||||||
|
|
||||||
return &tls.Config{
|
return &tls.Config{
|
||||||
// check DNS name & get certificate from Let's Encrypt
|
// check DNS name & get certificate from Let's Encrypt
|
||||||
GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||||
|
@ -86,7 +89,7 @@ func TLSConfig(mainDomainSuffix string,
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
var targetRepo, targetBranch string
|
var targetRepo, targetBranch string
|
||||||
targetOwner, targetRepo, targetBranch = dnsutils.GetTargetFromDNS(domain, mainDomainSuffix, firstDefaultBranch, dnsLookupCache)
|
targetOwner, targetRepo, targetBranch = dnsutils.GetTargetFromDNS(domain, mainDomainSuffix, firstDefaultBranch)
|
||||||
if targetOwner == "" {
|
if targetOwner == "" {
|
||||||
// DNS not set up, return main certificate to redirect to the docs
|
// DNS not set up, return main certificate to redirect to the docs
|
||||||
domain = mainDomainSuffix
|
domain = mainDomainSuffix
|
||||||
|
@ -107,7 +110,7 @@ func TLSConfig(mainDomainSuffix string,
|
||||||
|
|
||||||
if tlsCertificate, ok := keyCache.Get(domain); ok {
|
if tlsCertificate, ok := keyCache.Get(domain); ok {
|
||||||
// we can use an existing certificate object
|
// we can use an existing certificate object
|
||||||
return tlsCertificate.(*tls.Certificate), nil
|
return tlsCertificate, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
var tlsCertificate *tls.Certificate
|
var tlsCertificate *tls.Certificate
|
||||||
|
@ -132,9 +135,8 @@ func TLSConfig(mainDomainSuffix string,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := keyCache.Set(domain, tlsCertificate, 15*time.Minute); err != nil {
|
keyCache.Add(domain, tlsCertificate)
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return tlsCertificate, nil
|
return tlsCertificate, nil
|
||||||
},
|
},
|
||||||
NextProtos: []string{
|
NextProtos: []string{
|
||||||
|
@ -186,11 +188,10 @@ func (c *AcmeClient) retrieveCertFromDB(sni, mainDomainSuffix string, useDnsProv
|
||||||
|
|
||||||
// TODO: document & put into own function
|
// TODO: document & put into own function
|
||||||
if !strings.EqualFold(sni, mainDomainSuffix) {
|
if !strings.EqualFold(sni, mainDomainSuffix) {
|
||||||
tlsCertificate.Leaf, err = x509.ParseCertificate(tlsCertificate.Certificate[0])
|
tlsCertificate.Leaf, err = leaf(&tlsCertificate)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("error parsing leaf tlsCert: %w", err)
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// renew certificates 7 days before they expire
|
// renew certificates 7 days before they expire
|
||||||
if tlsCertificate.Leaf.NotAfter.Before(time.Now().Add(7 * 24 * time.Hour)) {
|
if tlsCertificate.Leaf.NotAfter.Before(time.Now().Add(7 * 24 * time.Hour)) {
|
||||||
// TODO: use ValidTill of custom cert struct
|
// TODO: use ValidTill of custom cert struct
|
||||||
|
@ -291,6 +292,7 @@ func (c *AcmeClient) obtainCert(acmeClient *lego.Client, domains []string, renew
|
||||||
}
|
}
|
||||||
leaf, err := leaf(&tlsCertificate)
|
leaf, err := leaf(&tlsCertificate)
|
||||||
if err == nil && leaf.NotAfter.After(time.Now()) {
|
if err == nil && leaf.NotAfter.After(time.Now()) {
|
||||||
|
tlsCertificate.Leaf = leaf
|
||||||
// avoid sending a mock cert instead of a still valid cert, instead abuse CSR field to store time to try again at
|
// avoid sending a mock cert instead of a still valid cert, instead abuse CSR field to store time to try again at
|
||||||
renew.CSR = []byte(strconv.FormatInt(time.Now().Add(6*time.Hour).Unix(), 10))
|
renew.CSR = []byte(strconv.FormatInt(time.Now().Add(6*time.Hour).Unix(), 10))
|
||||||
if err := keyDatabase.Put(name, renew); err != nil {
|
if err := keyDatabase.Put(name, renew); err != nil {
|
||||||
|
@ -388,11 +390,20 @@ func MaintainCertDB(ctx context.Context, interval time.Duration, acmeClient *Acm
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// leaf returns the parsed leaf certificate, either from c.leaf or by parsing
|
// leaf returns the parsed leaf certificate, either from c.Leaf or by parsing
|
||||||
// the corresponding c.Certificate[0].
|
// the corresponding c.Certificate[0].
|
||||||
|
// After successfully parsing the cert c.Leaf gets set to the parsed cert.
|
||||||
func leaf(c *tls.Certificate) (*x509.Certificate, error) {
|
func leaf(c *tls.Certificate) (*x509.Certificate, error) {
|
||||||
if c.Leaf != nil {
|
if c.Leaf != nil {
|
||||||
return c.Leaf, nil
|
return c.Leaf, nil
|
||||||
}
|
}
|
||||||
return x509.ParseCertificate(c.Certificate[0])
|
|
||||||
|
leaf, err := x509.ParseCertificate(c.Certificate[0])
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("tlsCert - failed to parse leaf: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
c.Leaf = leaf
|
||||||
|
|
||||||
|
return leaf, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,22 +5,26 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"codeberg.org/codeberg/pages/server/cache"
|
"github.com/hashicorp/golang-lru/v2/expirable"
|
||||||
)
|
)
|
||||||
|
|
||||||
// lookupCacheTimeout specifies the timeout for the DNS lookup cache.
|
const (
|
||||||
var lookupCacheTimeout = 15 * time.Minute
|
lookupCacheValidity = 30 * time.Second
|
||||||
|
defaultPagesRepo = "pages"
|
||||||
|
)
|
||||||
|
|
||||||
var defaultPagesRepo = "pages"
|
// TODO(#316): refactor to not use global variables
|
||||||
|
var lookupCache *expirable.LRU[string, string] = expirable.NewLRU[string, string](4096, nil, lookupCacheValidity)
|
||||||
|
|
||||||
// GetTargetFromDNS searches for CNAME or TXT entries on the request domain ending with MainDomainSuffix.
|
// GetTargetFromDNS searches for CNAME or TXT entries on the request domain ending with MainDomainSuffix.
|
||||||
// If everything is fine, it returns the target data.
|
// If everything is fine, it returns the target data.
|
||||||
func GetTargetFromDNS(domain, mainDomainSuffix, firstDefaultBranch string, dnsLookupCache cache.ICache) (targetOwner, targetRepo, targetBranch string) {
|
func GetTargetFromDNS(domain, mainDomainSuffix, firstDefaultBranch string) (targetOwner, targetRepo, targetBranch string) {
|
||||||
// Get CNAME or TXT
|
// Get CNAME or TXT
|
||||||
var cname string
|
var cname string
|
||||||
var err error
|
var err error
|
||||||
if cachedName, ok := dnsLookupCache.Get(domain); ok {
|
|
||||||
cname = cachedName.(string)
|
if entry, ok := lookupCache.Get(domain); ok {
|
||||||
|
cname = entry
|
||||||
} else {
|
} else {
|
||||||
cname, err = net.LookupCNAME(domain)
|
cname, err = net.LookupCNAME(domain)
|
||||||
cname = strings.TrimSuffix(cname, ".")
|
cname = strings.TrimSuffix(cname, ".")
|
||||||
|
@ -38,7 +42,7 @@ func GetTargetFromDNS(domain, mainDomainSuffix, firstDefaultBranch string, dnsLo
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
_ = dnsLookupCache.Set(domain, cname, lookupCacheTimeout)
|
_ = lookupCache.Add(domain, cname)
|
||||||
}
|
}
|
||||||
if cname == "" {
|
if cname == "" {
|
||||||
return
|
return
|
||||||
|
|
|
@ -23,7 +23,7 @@ const (
|
||||||
func Handler(
|
func Handler(
|
||||||
cfg config.ServerConfig,
|
cfg config.ServerConfig,
|
||||||
giteaClient *gitea.Client,
|
giteaClient *gitea.Client,
|
||||||
dnsLookupCache, canonicalDomainCache, redirectsCache cache.ICache,
|
canonicalDomainCache, redirectsCache cache.ICache,
|
||||||
) http.HandlerFunc {
|
) http.HandlerFunc {
|
||||||
return func(w http.ResponseWriter, req *http.Request) {
|
return func(w http.ResponseWriter, req *http.Request) {
|
||||||
log.Debug().Msg("\n----------------------------------------------------------")
|
log.Debug().Msg("\n----------------------------------------------------------")
|
||||||
|
@ -108,7 +108,7 @@ func Handler(
|
||||||
trimmedHost,
|
trimmedHost,
|
||||||
pathElements,
|
pathElements,
|
||||||
cfg.PagesBranches[0],
|
cfg.PagesBranches[0],
|
||||||
dnsLookupCache, canonicalDomainCache, redirectsCache)
|
canonicalDomainCache, redirectsCache)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,10 +19,10 @@ func handleCustomDomain(log zerolog.Logger, ctx *context.Context, giteaClient *g
|
||||||
trimmedHost string,
|
trimmedHost string,
|
||||||
pathElements []string,
|
pathElements []string,
|
||||||
firstDefaultBranch string,
|
firstDefaultBranch string,
|
||||||
dnsLookupCache, canonicalDomainCache, redirectsCache cache.ICache,
|
canonicalDomainCache, redirectsCache cache.ICache,
|
||||||
) {
|
) {
|
||||||
// Serve pages from custom domains
|
// Serve pages from custom domains
|
||||||
targetOwner, targetRepo, targetBranch := dns.GetTargetFromDNS(trimmedHost, mainDomainSuffix, firstDefaultBranch, dnsLookupCache)
|
targetOwner, targetRepo, targetBranch := dns.GetTargetFromDNS(trimmedHost, mainDomainSuffix, firstDefaultBranch)
|
||||||
if targetOwner == "" {
|
if targetOwner == "" {
|
||||||
html.ReturnErrorPage(ctx,
|
html.ReturnErrorPage(ctx,
|
||||||
"could not obtain repo owner from custom domain",
|
"could not obtain repo owner from custom domain",
|
||||||
|
@ -53,7 +53,7 @@ func handleCustomDomain(log zerolog.Logger, ctx *context.Context, giteaClient *g
|
||||||
return
|
return
|
||||||
} else if canonicalDomain != trimmedHost {
|
} else if canonicalDomain != trimmedHost {
|
||||||
// only redirect if the target is also a codeberg page!
|
// only redirect if the target is also a codeberg page!
|
||||||
targetOwner, _, _ = dns.GetTargetFromDNS(strings.SplitN(canonicalDomain, "/", 2)[0], mainDomainSuffix, firstDefaultBranch, dnsLookupCache)
|
targetOwner, _, _ = dns.GetTargetFromDNS(strings.SplitN(canonicalDomain, "/", 2)[0], mainDomainSuffix, firstDefaultBranch)
|
||||||
if targetOwner != "" {
|
if targetOwner != "" {
|
||||||
ctx.Redirect("https://"+canonicalDomain+"/"+targetOpt.TargetPath, http.StatusTemporaryRedirect)
|
ctx.Redirect("https://"+canonicalDomain+"/"+targetOpt.TargetPath, http.StatusTemporaryRedirect)
|
||||||
return
|
return
|
||||||
|
|
|
@ -29,7 +29,7 @@ func TestHandlerPerformance(t *testing.T) {
|
||||||
AllowedCorsDomains: []string{"raw.codeberg.org", "fonts.codeberg.org", "design.codeberg.org"},
|
AllowedCorsDomains: []string{"raw.codeberg.org", "fonts.codeberg.org", "design.codeberg.org"},
|
||||||
PagesBranches: []string{"pages"},
|
PagesBranches: []string{"pages"},
|
||||||
}
|
}
|
||||||
testHandler := Handler(serverCfg, giteaClient, cache.NewInMemoryCache(), cache.NewInMemoryCache(), cache.NewInMemoryCache())
|
testHandler := Handler(serverCfg, giteaClient, cache.NewInMemoryCache(), cache.NewInMemoryCache())
|
||||||
|
|
||||||
testCase := func(uri string, status int) {
|
testCase := func(uri string, status int) {
|
||||||
t.Run(uri, func(t *testing.T) {
|
t.Run(uri, func(t *testing.T) {
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
package server
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net/http"
|
||||||
|
_ "net/http/pprof"
|
||||||
|
|
||||||
|
"github.com/rs/zerolog/log"
|
||||||
|
)
|
||||||
|
|
||||||
|
func StartProfilingServer(listeningAddress string) {
|
||||||
|
server := &http.Server{
|
||||||
|
Addr: listeningAddress,
|
||||||
|
Handler: http.DefaultServeMux,
|
||||||
|
}
|
||||||
|
|
||||||
|
log.Info().Msgf("Starting debug server on %s", listeningAddress)
|
||||||
|
|
||||||
|
go func() {
|
||||||
|
log.Fatal().Err(server.ListenAndServe()).Msg("Failed to start debug server")
|
||||||
|
}()
|
||||||
|
}
|
|
@ -3,7 +3,6 @@ package server
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"encoding/json"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
@ -43,9 +42,6 @@ func Serve(ctx *cli.Context) error {
|
||||||
}
|
}
|
||||||
log.Logger = zerolog.New(zerolog.ConsoleWriter{Out: os.Stderr}).With().Timestamp().Logger().Level(logLevel)
|
log.Logger = zerolog.New(zerolog.ConsoleWriter{Out: os.Stderr}).With().Timestamp().Logger().Level(logLevel)
|
||||||
|
|
||||||
foo, _ := json.Marshal(cfg)
|
|
||||||
log.Trace().RawJSON("config", foo).Msg("starting server with config")
|
|
||||||
|
|
||||||
listeningSSLAddress := fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.Port)
|
listeningSSLAddress := fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.Port)
|
||||||
listeningHTTPAddress := fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.HttpPort)
|
listeningHTTPAddress := fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.HttpPort)
|
||||||
|
|
||||||
|
@ -70,12 +66,9 @@ func Serve(ctx *cli.Context) error {
|
||||||
}
|
}
|
||||||
defer closeFn()
|
defer closeFn()
|
||||||
|
|
||||||
keyCache := cache.NewInMemoryCache()
|
|
||||||
challengeCache := cache.NewInMemoryCache()
|
challengeCache := cache.NewInMemoryCache()
|
||||||
// canonicalDomainCache stores canonical domains
|
// canonicalDomainCache stores canonical domains
|
||||||
canonicalDomainCache := cache.NewInMemoryCache()
|
canonicalDomainCache := cache.NewInMemoryCache()
|
||||||
// dnsLookupCache stores DNS lookups for custom domains
|
|
||||||
dnsLookupCache := cache.NewInMemoryCache()
|
|
||||||
// redirectsCache stores redirects in _redirects files
|
// redirectsCache stores redirects in _redirects files
|
||||||
redirectsCache := cache.NewInMemoryCache()
|
redirectsCache := cache.NewInMemoryCache()
|
||||||
// clientResponseCache stores responses from the Gitea server
|
// clientResponseCache stores responses from the Gitea server
|
||||||
|
@ -108,7 +101,7 @@ func Serve(ctx *cli.Context) error {
|
||||||
giteaClient,
|
giteaClient,
|
||||||
acmeClient,
|
acmeClient,
|
||||||
cfg.Server.PagesBranches[0],
|
cfg.Server.PagesBranches[0],
|
||||||
keyCache, challengeCache, dnsLookupCache, canonicalDomainCache,
|
challengeCache, canonicalDomainCache,
|
||||||
certDB,
|
certDB,
|
||||||
cfg.ACME.NoDNS01,
|
cfg.ACME.NoDNS01,
|
||||||
cfg.Server.RawDomain,
|
cfg.Server.RawDomain,
|
||||||
|
@ -133,8 +126,12 @@ func Serve(ctx *cli.Context) error {
|
||||||
}()
|
}()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ctx.IsSet("enable-profiling") {
|
||||||
|
StartProfilingServer(ctx.String("profiling-address"))
|
||||||
|
}
|
||||||
|
|
||||||
// Create ssl handler based on settings
|
// Create ssl handler based on settings
|
||||||
sslHandler := handler.Handler(cfg.Server, giteaClient, dnsLookupCache, canonicalDomainCache, redirectsCache)
|
sslHandler := handler.Handler(cfg.Server, giteaClient, canonicalDomainCache, redirectsCache)
|
||||||
|
|
||||||
// Start the ssl listener
|
// Start the ssl listener
|
||||||
log.Info().Msgf("Start SSL server using TCP listener on %s", listener.Addr())
|
log.Info().Msgf("Start SSL server using TCP listener on %s", listener.Addr())
|
||||||
|
|
Loading…
Reference in New Issue