Merge pull request #4 from getwtxt/tls-conn-and-name-resolv

TLS Support, Name Resolution Support

5 files changed, 79 insertions, 13 deletions

diff --git a/getwtxt.yml b/getwtxt.yml
index 6d17b95..d9f5c90 100644
--- a/getwtxt.yml
+++ b/getwtxt.yml
@@ -19,9 +19,24 @@
 ##  Changing the following options requires a restart.     ##
 #############################################################
 
+# Set to true if getwtxt will be behind a reverse
+# proxy server, such as Caddy or nginx
+BehindProxy: true
+
 # This is the port that getwtxt will bind to.
+# If BehindProxy is false, you should probably
+# set this to 80 or 443
 ListenPort: 9001
 
+# Determines whether we're using SSL/TLS. If so,
+# you should set the Cert and Key files.
+# Don't use TLS if you're setting up getwtxt
+# behind a reverse proxy - just let the proxy
+# handle the connection.
+UseTLS: false
+TLSCert: "/etc/ssl/getwtxt.pem"
+TLSKey: "/etc/ssl/private/getwtxt.pem"
+
 # The type of database you want to use. Currently,
 # the following are supported:
 #   leveldb (default)
diff --git a/svc/conf.go b/svc/conf.go
index 90cac6a..538b701 100644
--- a/svc/conf.go
+++ b/svc/conf.go
@@ -15,6 +15,7 @@ import (
 // this struct.
 type Configuration struct {
 	Mu            sync.RWMutex
+	IsProxied     bool          `yaml:"BehindProxy"`
 	Port          int           `yaml:"ListenPort"`
 	LogFile       string        `yaml:"LogFile"`
 	DBType        string        `yaml:"DatabaseType"`
@@ -24,6 +25,7 @@ type Configuration struct {
 	CacheInterval time.Duration `yaml:"StatusFetchInterval"`
 	DBInterval    time.Duration `yaml:"DatabasePushInterval"`
 	Instance      `yaml:"Instance"`
+	TLS
 }
 
 // Instance refers to meta data about
@@ -37,6 +39,14 @@ type Instance struct {
 	Desc  string `yaml:"Instance.Description"`
 }
 
+// TLS holds the tls config from the
+// config file
+type TLS struct {
+	Use  bool   `yaml:"UseTLS"`
+	Cert string `yaml:"TLSCert"`
+	Key  string `yaml:"TLSKey"`
+}
+
 // Called on start-up. Initializes everything
 // related to configuration values.
 func initConfig() {
@@ -87,6 +97,10 @@ func initLogging() {
 // Default values should a config file
 // not be available.
 func setConfigDefaults() {
+	viper.SetDefault("BehindProxy", true)
+	viper.SetDefault("UseTLS", false)
+	viper.SetDefault("TLSCert", "cert.pem")
+	viper.SetDefault("TLSKey", "key.pem")
 	viper.SetDefault("ListenPort", 9001)
 	viper.SetDefault("LogFile", "getwtxt.log")
 	viper.SetDefault("DatabasePath", "getwtxt.db")
@@ -132,6 +146,7 @@ func parseConfigFlag() {
 func bindConfig() {
 	confObj.Mu.Lock()
 
+	confObj.IsProxied = viper.GetBool("BehindProxy")
 	confObj.Port = viper.GetInt("ListenPort")
 	confObj.LogFile = viper.GetString("LogFile")
 	confObj.DBType = strings.ToLower(viper.GetString("DatabaseType"))
@@ -148,6 +163,12 @@ func bindConfig() {
 	confObj.Instance.Mail = viper.GetString("Instance.Email")
 	confObj.Instance.Desc = viper.GetString("Instance.Description")
 
+	confObj.TLS.Use = viper.GetBool("UseTLS")
+	if confObj.TLS.Use {
+		confObj.TLS.Cert = viper.GetString("TLSCert")
+		confObj.TLS.Key = viper.GetString("TLSKey")
+	}
+
 	if *flagDBType != "" {
 		confObj.DBType = *flagDBType
 	}
@@ -157,7 +178,24 @@ func bindConfig() {
 	if *flagAssets != "" {
 		confObj.AssetsDir = *flagAssets
 	}
+	confObj.Mu.Unlock()
+
+	announceConfig()
+
+}
 
+func announceConfig() {
+	confObj.Mu.RLock()
+	if confObj.IsProxied {
+		log.Printf("Behind reverse proxy, not using host matching\n")
+	} else {
+		log.Printf("Matching host: %v\n", confObj.Instance.URL)
+	}
+	if confObj.TLS.Use {
+		log.Printf("Using TLS\n")
+		log.Printf("Cert: %v\n", confObj.TLS.Cert)
+		log.Printf("Key: %v\n", confObj.TLS.Key)
+	}
 	if confObj.StdoutLogging {
 		log.Printf("Logging to: stdout\n")
 	} else {
@@ -166,6 +204,5 @@ func bindConfig() {
 	log.Printf("Using %v database: %v\n", confObj.DBType, confObj.DBPath)
 	log.Printf("Database push interval: %v\n", confObj.DBInterval)
 	log.Printf("User status fetch interval: %v\n", confObj.CacheInterval)
-
-	confObj.Mu.Unlock()
+	confObj.Mu.RUnlock()
 }
diff --git a/svc/handlers.go b/svc/handlers.go
index d3b8d8a..73ef869 100644
--- a/svc/handlers.go
+++ b/svc/handlers.go
@@ -21,7 +21,7 @@ func sendStaticEtag(w http.ResponseWriter, isCSS bool) {
 	if isCSS {
 		etag := getEtag(staticCache.cssMod)
 		w.Header().Set("ETag", "\""+etag+"\"")
-		w.Header().Set("Content-Time", txtutf8)
+		w.Header().Set("Content-Time", cssutf8)
 		return
 	}
 	etag := getEtag(staticCache.indexMod)
diff --git a/svc/init.go b/svc/init.go
index d7419de..fe83145 100644
--- a/svc/init.go
+++ b/svc/init.go
@@ -19,9 +19,9 @@ var (
 	flagHelp     *bool   = pflag.BoolP("help", "h", false, "Display the quick-help screen.")
 	flagMan      *bool   = pflag.BoolP("manual", "m", false, "Display the configuration manual.")
 	flagConfFile *string = pflag.StringP("config", "c", "", "The name/path of the configuration file you wish to use.")
-	flagAssets   *string = pflag.StringP("assets", "a", "", "The location of the getwtxt assets directory")
-	flagDBPath   *string = pflag.StringP("db", "d", "", "Path to the getwtxt database")
-	flagDBType   *string = pflag.StringP("dbtype", "t", "", "Type of database being used")
+	flagAssets   *string = pflag.StringP("assets", "a", "", "The location of the getwtxt assets directory.")
+	flagDBPath   *string = pflag.StringP("db", "d", "", "Path to the getwtxt database.")
+	flagDBType   *string = pflag.StringP("dbtype", "t", "", "Type of database being used.")
 )
 
 // Holds the global configuration
diff --git a/svc/svc.go b/svc/svc.go
index 6284239..1748bf0 100644
--- a/svc/svc.go
+++ b/svc/svc.go
@@ -12,28 +12,42 @@ import (
 
 // Start is the initialization function for getwtxt
 func Start() {
+	before := time.Now()
 	initSvc()
 
 	// StrictSlash(true) allows /api and /api/
 	// to serve the same content without duplicating
 	// handlers/paths
 	index := mux.NewRouter().StrictSlash(true)
-	api := index.PathPrefix("/api").Subrouter()
-
-	setIndexRouting(index)
-	setEndpointRouting(api)
 
 	confObj.Mu.RLock()
 	portnum := fmt.Sprintf(":%v", confObj.Port)
+	if !confObj.IsProxied {
+		index.Host(confObj.Instance.URL)
+	}
+	TLS := confObj.TLS.Use
+	TLSCert := confObj.TLS.Cert
+	TLSKey := confObj.TLS.Key
 	confObj.Mu.RUnlock()
 
-	server := newServer(portnum, index)
+	setIndexRouting(index)
+	api := index.PathPrefix("/api").Subrouter()
+	setEndpointRouting(api)
 
+	server := newServer(portnum, index)
 	log.Printf("*** Listening on %v\n", portnum)
-	log.Printf("*** getwtxt %v Started :: %v ::\n\n", Vers, time.Now().Format(time.RFC3339))
-	errLog("", server.ListenAndServe())
+	log.Printf("*** getwtxt %v Startup finished at %v, took %v\n\n", Vers, time.Now().Format(time.RFC3339), time.Since(before))
+	if TLS {
+		errLog("", server.ListenAndServeTLS(TLSCert, TLSKey))
+	} else {
+		errLog("", server.ListenAndServe())
+	}
 
 	closeLog <- true
+	killTickers()
+	killDB()
+	close(dbChan)
+	close(closeLog)
 }
 
 func newServer(port string, index *mux.Router) *http.Server {