From 31c992e6eaa8f4afe90ec95c5c778412fb887146 Mon Sep 17 00:00:00 2001 From: Ben Morrison Date: Mon, 16 Mar 2020 02:42:35 -0400 Subject: removed experimental host matching and tls support --- README.md | 12 +++++------- getwtxt.yml | 17 +---------------- svc/conf.go | 31 ------------------------------- svc/svc.go | 31 +++---------------------------- 4 files changed, 9 insertions(+), 82 deletions(-) diff --git a/README.md b/README.md index 7ea08e6..be4c751 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ twtxt registry written in Go! [twtxt](https://github.com/buckket/twtxt) is a decentralized microblogging platform -"for hackers" based on text files. The user is "followed" and "mentioned" by referencing +for hackers based on text files. The user is "followed" and "mentioned" by referencing the URL to their `twtxt.txt` file and a nickname. Registries are designed to aggregate several users' statuses into a single location, facilitating the discovery of new users to follow and allowing the search of statuses @@ -21,15 +21,13 @@ for tags and key words. ## Features  [![GitHub release](https://img.shields.io/github/release/getwtxt/getwtxt.svg)](https://github.com/getwtxt/getwtxt/releases/latest) -* Easy to set up and maintain +* Easy to set up * Uses an in-memory cache to serve requests * Pushes to a database at a configurable interval for persistent storage * `leveldb (default)` * `sqlite3` * More database support is in development -* Run directly facing the internet or behind `Caddy` / `nginx` -* Optional `TLS` support -* Optional hostname matching (serve requests for eg. `twtxt.example.com` without a reverse proxy) +* Easily run behind `nginx`, `Caddy` or another HTTP server. ## Public Instances @@ -132,7 +130,7 @@ the template. ### Proxying Though getwtxt will run perfectly fine facing the internet directly, it does not -understand virtual hosts, nor does it use TLS (yet). You'll probably want to proxy it behind +understand virtual hosts, nor does it use TLS. You'll probably want to proxy it behind `Caddy` or `nginx` for this reason. `Caddy` is ludicrously easy to set up, and automatically handles `TLS` certificates. Here's the config: @@ -144,7 +142,7 @@ proxy / example.com:9001 If you're using `nginx`, here's a skeleton config to get you started. Don't forget to change the 5 instances of `twtxt.example.com` to the (sub)domain you'll be using to access the registry, -generate SSL/TLS certificates using `letsencrypt`, and change the port in `proxy_pass` to whichever +generate SSL/TLS certificates using LetsEncrypt, and change the port in `proxy_pass` to whichever port you specified when modifying the configuration file. Currently, it's set to the default port `9001` ```nginx diff --git a/getwtxt.yml b/getwtxt.yml index 817040d..5fd4edb 100644 --- a/getwtxt.yml +++ b/getwtxt.yml @@ -16,27 +16,14 @@ ############################################################# ############################################################# -## Changing the following options requires a restart. ## +## Changing the following option requires a restart. ## ############################################################# -# Set to true if getwtxt will be behind a reverse -# proxy server, such as Caddy or nginx -BehindProxy: true - # This is the port that getwtxt will bind to. # If BehindProxy is false, you should probably # set this to 80 or 443 ListenPort: 9001 -# Determines whether we're using SSL/TLS. If so, -# you should set the Cert and Key files. -# Don't use TLS if you're setting up getwtxt -# behind a reverse proxy - just let the proxy -# handle the connection. -UseTLS: false -TLSCert: "/etc/ssl/getwtxt.pem" -TLSKey: "/etc/ssl/private/getwtxt.pem" - ############################################################# ## The following options may be changed at any time. ## ## getwtxt will automatically reload the config when ## @@ -102,5 +89,3 @@ Instance: # This is shown at the top of the default web page # below your instance's name. Description: "A fast, resilient twtxt registry server written in Go!" - - diff --git a/svc/conf.go b/svc/conf.go index f3797c6..ae52219 100644 --- a/svc/conf.go +++ b/svc/conf.go @@ -36,7 +36,6 @@ var reqLog *log.Logger // this struct. type Configuration struct { Mu sync.RWMutex - IsProxied bool `yaml:"BehindProxy"` Port int `yaml:"ListenPort"` MsgLog string `yaml:"MessageLog"` ReqLog string `yaml:"RequestLog"` @@ -47,7 +46,6 @@ type Configuration struct { CacheInterval time.Duration `yaml:"StatusFetchInterval"` DBInterval time.Duration `yaml:"DatabasePushInterval"` Instance `yaml:"Instance"` - TLS } // Instance refers to meta data about @@ -61,14 +59,6 @@ type Instance struct { Desc string `yaml:"Instance.Description"` } -// TLS holds the tls config from the -// config file -type TLS struct { - Use bool `yaml:"UseTLS"` - Cert string `yaml:"TLSCert"` - Key string `yaml:"TLSKey"` -} - // Called on start-up. Initializes everything // related to configuration values. func initConfig() { @@ -125,10 +115,6 @@ func initLogging() { // Default values should a config file // not be available. func setConfigDefaults() { - viper.SetDefault("BehindProxy", true) - viper.SetDefault("UseTLS", false) - viper.SetDefault("TLSCert", "cert.pem") - viper.SetDefault("TLSKey", "key.pem") viper.SetDefault("ListenPort", 9001) viper.SetDefault("MessageLog", "logs/message.log") viper.SetDefault("RequestLog", "logs/request.log") @@ -175,7 +161,6 @@ func parseConfigFlag() { func bindConfig() { confObj.Mu.Lock() - confObj.IsProxied = viper.GetBool("BehindProxy") confObj.Port = viper.GetInt("ListenPort") confObj.MsgLog = viper.GetString("MessageLog") confObj.ReqLog = viper.GetString("RequestLog") @@ -193,12 +178,6 @@ func bindConfig() { confObj.Instance.Mail = viper.GetString("Instance.Email") confObj.Instance.Desc = viper.GetString("Instance.Description") - confObj.TLS.Use = viper.GetBool("UseTLS") - if confObj.TLS.Use { - confObj.TLS.Cert = viper.GetString("TLSCert") - confObj.TLS.Key = viper.GetString("TLSKey") - } - if *flagDBType != "" { confObj.DBType = *flagDBType } @@ -219,16 +198,6 @@ func announceConfig() { confObj.Mu.RLock() defer confObj.Mu.RUnlock() - if confObj.IsProxied { - log.Printf("Behind reverse proxy, not using host matching\n") - } else { - log.Printf("Matching host: %v\n", confObj.Instance.URL) - } - if confObj.TLS.Use { - log.Printf("Using TLS\n") - log.Printf("Cert: %v\n", confObj.TLS.Cert) - log.Printf("Key: %v\n", confObj.TLS.Key) - } if confObj.StdoutLogging { log.Printf("Logging to: stdout\n") } else { diff --git a/svc/svc.go b/svc/svc.go index 01dd0d7..4e98c94 100644 --- a/svc/svc.go +++ b/svc/svc.go @@ -20,7 +20,6 @@ along with Getwtxt. If not, see . package svc // import "github.com/getwtxt/getwtxt/svc" import ( - "crypto/tls" "fmt" "log" "net/http" @@ -45,32 +44,13 @@ func Start() { confObj.Mu.RLock() portnum := fmt.Sprintf(":%v", confObj.Port) - if !confObj.IsProxied { - index.Host(confObj.Instance.URL) - } - TLS := confObj.TLS.Use - TLSCert := confObj.TLS.Cert - TLSKey := confObj.TLS.Key confObj.Mu.RUnlock() server := newServer(portnum, index) - if TLS { - cert, err := tls.LoadX509KeyPair(TLSCert, TLSKey) - errFatal("", err) - - cfg := &tls.Config{Certificates: []tls.Certificate{cert}} - lstnr, err := tls.Listen("tcp", portnum, cfg) - errFatal("", err) - - server.TLSConfig = cfg - startAnnounce(portnum, before) - errLog("", server.ServeTLS(lstnr, "", "")) - - } else { - startAnnounce(portnum, before) - errLog("", server.ListenAndServe()) - } + log.Printf("*** Listening on %v\n", portnum) + log.Printf("*** getwtxt %v Startup finished at %v, took %v\n\n", Vers, time.Now().Format(time.RFC3339), time.Since(before)) + errLog("", server.ListenAndServe()) closeLog <- struct{}{} killTickers() @@ -79,11 +59,6 @@ func Start() { close(closeLog) } -func startAnnounce(portnum string, before time.Time) { - log.Printf("*** Listening on %v\n", portnum) - log.Printf("*** getwtxt %v Startup finished at %v, took %v\n\n", Vers, time.Now().Format(time.RFC3339), time.Since(before)) -} - func newServer(port string, index *mux.Router) *http.Server { // handlers.CompressHandler gzips all responses. // ipMiddleware passes the request IP along. -- cgit 1.4.1-2-gfad0