Compare commits
17 Commits
a2613d966c
...
d980cd4e57
Author | SHA1 | Date |
---|---|---|
crapStone | d980cd4e57 | |
crapStone | fa10cfae82 | |
crapStone | de823fbd16 | |
crapStone | 19e1471c71 | |
crapStone | ca4f62a496 | |
crapStone | 558b3f6075 | |
crapStone | 3a1ba2d5ac | |
crapStone | 5954ca83c5 | |
crapStone | e320f34ec1 | |
crapStone | a8f6bbda85 | |
crapStone | 3566fd62b8 | |
crapStone | 50221cf531 | |
crapStone | 687f06e107 | |
crapStone | acd02709c7 | |
Moritz Marquardt | 7071ee9bff | |
Dependency bot | eb08c46dcd | |
crapStone | 56d44609ea |
|
@ -11,7 +11,7 @@ depends_on:
|
|||
steps:
|
||||
# use vendor to cache dependencies
|
||||
vendor:
|
||||
image: golang:1.21
|
||||
image: golang:1.22
|
||||
commands:
|
||||
- go mod vendor
|
||||
|
||||
|
|
4
Justfile
4
Justfile
|
@ -1,13 +1,13 @@
|
|||
CGO_FLAGS := '-extldflags "-static" -linkmode external'
|
||||
TAGS := 'sqlite sqlite_unlock_notify netgo'
|
||||
|
||||
dev:
|
||||
dev *FLAGS:
|
||||
#!/usr/bin/env bash
|
||||
set -euxo pipefail
|
||||
set -a # automatically export all variables
|
||||
source .env-dev
|
||||
set +a
|
||||
go run -tags '{{TAGS}}' .
|
||||
go run -tags '{{TAGS}}' . {{FLAGS}}
|
||||
|
||||
build:
|
||||
CGO_ENABLED=1 go build -tags '{{TAGS}}' -ldflags '-s -w {{CGO_FLAGS}}' -v -o build/codeberg-pages-server ./
|
||||
|
|
15
README.md
15
README.md
|
@ -124,3 +124,18 @@ now these pages should work:
|
|||
- <https://momar.localhost.mock.directory:4430/ci-testing/>
|
||||
- <https://momar.localhost.mock.directory:4430/pag/@master/>
|
||||
- <https://mock-pages.codeberg-test.org:4430/README.md>
|
||||
|
||||
### Profiling
|
||||
|
||||
> This section is just a collection of commands for quick reference. If you want to learn more about profiling read [this](https://go.dev/doc/diagnostics) article or google `golang profiling`.
|
||||
|
||||
First enable profiling by supplying the cli arg `--enable-profiling` or using the environment variable `EENABLE_PROFILING`.
|
||||
|
||||
Get cpu and mem stats:
|
||||
|
||||
```bash
|
||||
go tool pprof -raw -output=cpu.txt 'http://localhost:9999/debug/pprof/profile?seconds=60' &
|
||||
curl -so mem.txt 'http://localhost:9999/debug/pprof/heap?seconds=60'
|
||||
```
|
||||
|
||||
More endpoints are documented here: <https://pkg.go.dev/net/http/pprof>
|
||||
|
|
12
cli/flags.go
12
cli/flags.go
|
@ -139,6 +139,18 @@ var (
|
|||
EnvVars: []string{"CONFIG_FILE"},
|
||||
},
|
||||
|
||||
&cli.BoolFlag{
|
||||
Name: "enable-profiling",
|
||||
Usage: "enables the go http profiling endpoints",
|
||||
EnvVars: []string{"ENABLE_PROFILING"},
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "profiling-address",
|
||||
Usage: "specify ip address and port the profiling server should listen on",
|
||||
EnvVars: []string{"PROFILING_ADDRESS"},
|
||||
Value: "localhost:9999",
|
||||
},
|
||||
|
||||
// ############################
|
||||
// ### ACME Client Settings ###
|
||||
// ############################
|
||||
|
|
|
@ -14,7 +14,7 @@ import (
|
|||
"github.com/go-acme/lego/v4/certificate"
|
||||
"github.com/go-acme/lego/v4/challenge/tlsalpn01"
|
||||
"github.com/go-acme/lego/v4/lego"
|
||||
lru "github.com/hashicorp/golang-lru/v2"
|
||||
"github.com/hashicorp/golang-lru/v2/expirable"
|
||||
"github.com/reugn/equalizer"
|
||||
"github.com/rs/zerolog/log"
|
||||
|
||||
|
@ -37,10 +37,7 @@ func TLSConfig(mainDomainSuffix string,
|
|||
noDNS01 bool,
|
||||
rawDomain string,
|
||||
) *tls.Config {
|
||||
keyCache, err := lru.New[string, *tls.Certificate](32)
|
||||
if err != nil {
|
||||
panic(err) // This should only happen if 32 < 0 at the time of writing, which should be reason enough to panic.
|
||||
}
|
||||
keyCache := expirable.NewLRU[string, *tls.Certificate](32, nil, 24*time.Hour)
|
||||
|
||||
return &tls.Config{
|
||||
// check DNS name & get certificate from Let's Encrypt
|
||||
|
@ -112,13 +109,8 @@ func TLSConfig(mainDomainSuffix string,
|
|||
}
|
||||
|
||||
if tlsCertificate, ok := keyCache.Get(domain); ok {
|
||||
if tlsCertificate.Leaf.NotAfter.Before(time.Now().Add(7 * 24 * time.Hour)) {
|
||||
// if cert is up for renewal remove it from the cache
|
||||
keyCache.Remove(domain)
|
||||
} else {
|
||||
// we can use an existing certificate object
|
||||
return tlsCertificate, nil
|
||||
}
|
||||
// we can use an existing certificate object
|
||||
return tlsCertificate, nil
|
||||
}
|
||||
|
||||
var tlsCertificate *tls.Certificate
|
||||
|
@ -143,7 +135,6 @@ func TLSConfig(mainDomainSuffix string,
|
|||
}
|
||||
}
|
||||
|
||||
log.Error().Interface("cert", tlsCertificate).Msg("AAAAAAAAAAAAAAAAAAAAAAAAAAAAa")
|
||||
keyCache.Add(domain, tlsCertificate)
|
||||
|
||||
return tlsCertificate, nil
|
||||
|
@ -194,13 +185,13 @@ func (c *AcmeClient) retrieveCertFromDB(sni, mainDomainSuffix string, useDnsProv
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tlsCertificate.Leaf, err = leaf(&tlsCertificate)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// TODO: document & put into own function
|
||||
if !strings.EqualFold(sni, mainDomainSuffix) {
|
||||
tlsCertificate.Leaf, err = leaf(&tlsCertificate)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
// renew certificates 7 days before they expire
|
||||
if tlsCertificate.Leaf.NotAfter.Before(time.Now().Add(7 * 24 * time.Hour)) {
|
||||
// TODO: use ValidTill of custom cert struct
|
||||
|
@ -238,10 +229,6 @@ func (c *AcmeClient) obtainCert(acmeClient *lego.Client, domains []string, renew
|
|||
if err != nil {
|
||||
return nil, fmt.Errorf("certificate failed in synchronous request: %w", err)
|
||||
}
|
||||
cert.Leaf, err = leaf(cert)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return cert, nil
|
||||
}
|
||||
defer c.obtainLocks.Delete(name)
|
||||
|
@ -329,10 +316,6 @@ func (c *AcmeClient) obtainCert(acmeClient *lego.Client, domains []string, renew
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tlsCertificate.Leaf, err = leaf(&tlsCertificate)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &tlsCertificate, nil
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
package server
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
_ "net/http/pprof"
|
||||
|
||||
"github.com/rs/zerolog/log"
|
||||
)
|
||||
|
||||
func StartProfilingServer(listeningAddress string) {
|
||||
server := &http.Server{
|
||||
Addr: listeningAddress,
|
||||
Handler: http.DefaultServeMux,
|
||||
}
|
||||
|
||||
log.Info().Msgf("Starting debug server on %s", listeningAddress)
|
||||
|
||||
go func() {
|
||||
log.Fatal().Err(server.ListenAndServe()).Msg("Failed to start debug server")
|
||||
}()
|
||||
}
|
|
@ -3,7 +3,6 @@ package server
|
|||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/http"
|
||||
|
@ -43,9 +42,6 @@ func Serve(ctx *cli.Context) error {
|
|||
}
|
||||
log.Logger = zerolog.New(zerolog.ConsoleWriter{Out: os.Stderr}).With().Timestamp().Logger().Level(logLevel)
|
||||
|
||||
foo, _ := json.Marshal(cfg)
|
||||
log.Trace().RawJSON("config", foo).Msg("starting server with config")
|
||||
|
||||
listeningSSLAddress := fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.Port)
|
||||
listeningHTTPAddress := fmt.Sprintf("%s:%d", cfg.Server.Host, cfg.Server.HttpPort)
|
||||
|
||||
|
@ -130,6 +126,10 @@ func Serve(ctx *cli.Context) error {
|
|||
}()
|
||||
}
|
||||
|
||||
if ctx.IsSet("enable-profiling") {
|
||||
StartProfilingServer(ctx.String("profiling-address"))
|
||||
}
|
||||
|
||||
// Create ssl handler based on settings
|
||||
sslHandler := handler.Handler(cfg.Server, giteaClient, canonicalDomainCache, redirectsCache)
|
||||
|
||||
|
|
Loading…
Reference in New Issue