205 lines
5.7 KiB
Go
205 lines
5.7 KiB
Go
package http
|
|
|
|
import (
|
|
"context"
|
|
"crypto/tls"
|
|
"fmt"
|
|
"net"
|
|
"net/http"
|
|
"os"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/urfave/negroni"
|
|
"local-ip.sh/utils"
|
|
)
|
|
|
|
var flyRegion = os.Getenv("FLY_REGION")
|
|
|
|
func loggingMiddleware(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
|
|
start := time.Now()
|
|
next(w, r)
|
|
response := w.(negroni.ResponseWriter)
|
|
logEvent := utils.Logger.Debug()
|
|
if flyRegion != "" {
|
|
logEvent.Str("FLY_REGION", flyRegion)
|
|
}
|
|
logEvent.Msgf("%s %s %d %s", r.Method, r.URL.Path, response.Status(), time.Since(start))
|
|
}
|
|
|
|
func newHttpMux() http.Handler {
|
|
mux := http.NewServeMux()
|
|
|
|
mux.HandleFunc("GET /server.key", func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Type", "application/octet-stream")
|
|
http.ServeFile(w, r, "./.lego/certs/wildcard/server.key")
|
|
})
|
|
mux.HandleFunc("GET /server.pem", func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Type", "application/x-x509-ca-cert")
|
|
http.ServeFile(w, r, "./.lego/certs/wildcard/server.pem")
|
|
})
|
|
mux.HandleFunc("GET /og.png", func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Type", "image/png; charset=utf-8")
|
|
w.Header().Set("Cache-Control", "public, max-age=3600")
|
|
http.ServeFile(w, r, "./http/static/og.png")
|
|
})
|
|
mux.HandleFunc("GET /favicon.ico", func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Type", "image/x-icon; charset=utf-8")
|
|
w.Header().Set("Cache-Control", "public, max-age=3600")
|
|
http.ServeFile(w, r, "./http/static/favicon.ico")
|
|
})
|
|
mux.HandleFunc("GET /styles.css", func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Content-Type", "text/css; charset=utf-8")
|
|
http.ServeFile(w, r, "./http/static/styles.css")
|
|
})
|
|
mux.HandleFunc("GET /", func(w http.ResponseWriter, r *http.Request) {
|
|
if r.URL.Path != "/" {
|
|
http.Error(w, "Not Found", http.StatusNotFound)
|
|
return
|
|
}
|
|
|
|
w.Header().Set("Content-Type", "text/html; charset=utf-8")
|
|
http.ServeFile(w, r, "./http/static/index.html")
|
|
})
|
|
|
|
n := negroni.New(negroni.HandlerFunc(loggingMiddleware))
|
|
n.UseHandler(mux)
|
|
return n
|
|
}
|
|
|
|
func serveHttp() *http.Server {
|
|
config := utils.GetConfig()
|
|
httpServer := &http.Server{
|
|
Addr: fmt.Sprintf(":%d", config.HttpPort),
|
|
Handler: newHttpMux(),
|
|
}
|
|
utils.Logger.Info().Str("http_address", httpServer.Addr).Msg("Starting up HTTP server")
|
|
go func() {
|
|
err := httpServer.ListenAndServe()
|
|
if err != http.ErrServerClosed {
|
|
utils.Logger.Fatal().Err(err).Msg("Unexpected error received from HTTP server")
|
|
}
|
|
}()
|
|
return httpServer
|
|
}
|
|
|
|
func waitForCertificate(ready chan bool) {
|
|
for {
|
|
_, err := os.Stat("./.lego/certs/root/output.json")
|
|
if err != nil {
|
|
if strings.Contains(err.Error(), "no such file or directory") {
|
|
time.Sleep(1 * time.Second)
|
|
continue
|
|
}
|
|
utils.Logger.Fatal().Err(err).Msg("Unexpected error while looking for ./.lego/certs/root/output.json")
|
|
}
|
|
break
|
|
}
|
|
|
|
ready <- true
|
|
}
|
|
|
|
func killServer(httpServer *http.Server) {
|
|
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
|
|
defer cancel()
|
|
err := httpServer.Shutdown(ctx)
|
|
if err != nil {
|
|
utils.Logger.Fatal().Err(err).Msg("Unexpected error when shutting down HTTP server")
|
|
}
|
|
|
|
utils.Logger.Debug().Msg("HTTP server shut down correctly")
|
|
}
|
|
|
|
func redirectHttpToHttps() {
|
|
config := utils.GetConfig()
|
|
httpServer := &http.Server{
|
|
Addr: fmt.Sprintf(":%d", config.HttpPort),
|
|
Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
url := r.URL
|
|
host := r.Host
|
|
|
|
// Strip the port from the host if present
|
|
if strings.Contains(host, ":") {
|
|
hostWithoutPort, _, err := net.SplitHostPort(host)
|
|
if err != nil {
|
|
utils.Logger.Error().Err(err).Msg("Failed to split host and port")
|
|
} else {
|
|
host = hostWithoutPort
|
|
}
|
|
}
|
|
// Add the HTTPS port only if it's not 443
|
|
if config.HttpsPort != 443 {
|
|
host = net.JoinHostPort(host, strconv.FormatUint(uint64(config.HttpsPort), 10))
|
|
}
|
|
|
|
url.Host = host
|
|
url.Scheme = "https"
|
|
http.Redirect(w, r, url.String(), http.StatusMovedPermanently)
|
|
}),
|
|
}
|
|
utils.Logger.Info().Str("http_address", httpServer.Addr).Msg("Redirecting HTTP traffic to HTTPS")
|
|
go httpServer.ListenAndServe()
|
|
}
|
|
|
|
type CertificateReloader struct {
|
|
CertificateFilePath string
|
|
KeyFilePath string
|
|
certificate *tls.Certificate
|
|
lastUpdatedAt time.Time
|
|
}
|
|
|
|
func (cr *CertificateReloader) GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error) {
|
|
stat, err := os.Stat(cr.KeyFilePath)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed checking key file modification time: %w", err)
|
|
}
|
|
|
|
if cr.certificate == nil || stat.ModTime().After(cr.lastUpdatedAt) {
|
|
pair, err := tls.LoadX509KeyPair(cr.CertificateFilePath, cr.KeyFilePath)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed loading tls key pair: %w", err)
|
|
}
|
|
|
|
cr.certificate = &pair
|
|
cr.lastUpdatedAt = stat.ModTime()
|
|
}
|
|
|
|
return cr.certificate, nil
|
|
}
|
|
|
|
var certificateReloader = &CertificateReloader{
|
|
CertificateFilePath: "./.lego/certs/root/server.pem",
|
|
KeyFilePath: "./.lego/certs/root/server.key",
|
|
}
|
|
|
|
func serveHttps() {
|
|
config := utils.GetConfig()
|
|
mux := newHttpMux()
|
|
httpsServer := &http.Server{
|
|
Addr: fmt.Sprintf(":%d", config.HttpsPort),
|
|
Handler: mux,
|
|
TLSConfig: &tls.Config{GetCertificate: certificateReloader.GetCertificate},
|
|
}
|
|
utils.Logger.Info().Str("https_address", httpsServer.Addr).Msg("Starting up HTTPS server")
|
|
go func() {
|
|
err := httpsServer.ListenAndServeTLS("", "")
|
|
if err != http.ErrServerClosed {
|
|
utils.Logger.Fatal().Err(err).Msg("Unexpected error received from HTTPS server")
|
|
}
|
|
}()
|
|
}
|
|
|
|
func ServeHttp() {
|
|
httpServer := serveHttp()
|
|
|
|
ready := make(chan bool, 1)
|
|
go waitForCertificate(ready)
|
|
<-ready
|
|
|
|
killServer(httpServer)
|
|
|
|
serveHttps()
|
|
redirectHttpToHttps()
|
|
}
|