From 6dad1372a4680f2314a057b831f8cb2ef44dcf1b Mon Sep 17 00:00:00 2001 From: Ben Morrison Date: Tue, 11 Jun 2019 18:13:30 -0400 Subject: check if behind reverse proxy --- Makefile | 12 ++++++++++++ etc/getwtxt-proxied.service | 15 +++++++++++++++ getwtxt.yml | 4 ++++ svc/conf.go | 10 ++++++++++ svc/handlers.go | 2 +- svc/init.go | 7 ++++--- svc/svc.go | 19 +++++++++++++------ 7 files changed, 59 insertions(+), 10 deletions(-) create mode 100644 etc/getwtxt-proxied.service diff --git a/Makefile b/Makefile index 2151717..eea8cdd 100644 --- a/Makefile +++ b/Makefile @@ -19,6 +19,18 @@ update: git pull --rebase install: + adduser -home $(BINDIR) --system --group getwtxt + mkdir -p $(BINDIR)/assets/tmpl $(BINDIR)/docs + install -m755 getwtxt $(BINDIR) + install -m644 getwtxt.yml $(BINDIR) + install -m644 assets/style.css $(BINDIR)/assets + install -m644 assets/tmpl/index.html $(BINDIR)/assets/tmpl + install -m644 README.md $(BINDIR)/docs + install -m644 LICENSE $(BINDIR)/docs + install -m644 etc/getwtxt-proxied.service /etc/systemd/system + chown -R getwtxt:getwtxt $(BINDIR) + +install-unproxied: adduser -home $(BINDIR) --system --group getwtxt mkdir -p $(BINDIR)/assets/tmpl $(BINDIR)/docs install -m755 getwtxt $(BINDIR) diff --git a/etc/getwtxt-proxied.service b/etc/getwtxt-proxied.service new file mode 100644 index 0000000..07ea8cb --- /dev/null +++ b/etc/getwtxt-proxied.service @@ -0,0 +1,15 @@ +[Unit] +Description=getwtxt + +[Service] +Type=simple +ExecStart=/usr/local/getwtxt/getwtxt \ + --assets /usr/local/getwtxt/assets \ + --config /usr/local/getwtxt/getwtxt.yml \ + --db /usr/local/getwtxt/getwtxt.db \ + --dbtype leveldb \ + --proxied +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/getwtxt.yml b/getwtxt.yml index 6d17b95..0388651 100644 --- a/getwtxt.yml +++ b/getwtxt.yml @@ -19,6 +19,10 @@ ## Changing the following options requires a restart. ## ############################################################# +# Set to true if getwtxt will be behind a reverse +# proxy server, such as Caddy or nginx +BehindProxy: true + # This is the port that getwtxt will bind to. ListenPort: 9001 diff --git a/svc/conf.go b/svc/conf.go index 90cac6a..f15bd13 100644 --- a/svc/conf.go +++ b/svc/conf.go @@ -15,6 +15,7 @@ import ( // this struct. type Configuration struct { Mu sync.RWMutex + IsProxied bool `yaml:"BehindProxy"` Port int `yaml:"ListenPort"` LogFile string `yaml:"LogFile"` DBType string `yaml:"DatabaseType"` @@ -132,6 +133,7 @@ func parseConfigFlag() { func bindConfig() { confObj.Mu.Lock() + confObj.IsProxied = viper.GetBool("BehindProxy") confObj.Port = viper.GetInt("ListenPort") confObj.LogFile = viper.GetString("LogFile") confObj.DBType = strings.ToLower(viper.GetString("DatabaseType")) @@ -157,7 +159,15 @@ func bindConfig() { if *flagAssets != "" { confObj.AssetsDir = *flagAssets } + if *flagProxied { + confObj.IsProxied = true + } + if confObj.IsProxied { + log.Printf("Behind reverse proxy, not using host matching\n") + } else { + log.Printf("Matching host: %v\n", confObj.Instance.URL) + } if confObj.StdoutLogging { log.Printf("Logging to: stdout\n") } else { diff --git a/svc/handlers.go b/svc/handlers.go index d3b8d8a..73ef869 100644 --- a/svc/handlers.go +++ b/svc/handlers.go @@ -21,7 +21,7 @@ func sendStaticEtag(w http.ResponseWriter, isCSS bool) { if isCSS { etag := getEtag(staticCache.cssMod) w.Header().Set("ETag", "\""+etag+"\"") - w.Header().Set("Content-Time", txtutf8) + w.Header().Set("Content-Time", cssutf8) return } etag := getEtag(staticCache.indexMod) diff --git a/svc/init.go b/svc/init.go index d7419de..082cef8 100644 --- a/svc/init.go +++ b/svc/init.go @@ -19,9 +19,10 @@ var ( flagHelp *bool = pflag.BoolP("help", "h", false, "Display the quick-help screen.") flagMan *bool = pflag.BoolP("manual", "m", false, "Display the configuration manual.") flagConfFile *string = pflag.StringP("config", "c", "", "The name/path of the configuration file you wish to use.") - flagAssets *string = pflag.StringP("assets", "a", "", "The location of the getwtxt assets directory") - flagDBPath *string = pflag.StringP("db", "d", "", "Path to the getwtxt database") - flagDBType *string = pflag.StringP("dbtype", "t", "", "Type of database being used") + flagAssets *string = pflag.StringP("assets", "a", "", "The location of the getwtxt assets directory.") + flagDBPath *string = pflag.StringP("db", "d", "", "Path to the getwtxt database.") + flagDBType *string = pflag.StringP("dbtype", "t", "", "Type of database being used.") + flagProxied *bool = pflag.BoolP("proxied", "p", false, "Use if getwtxt is behind a reverse proxy.") ) // Holds the global configuration diff --git a/svc/svc.go b/svc/svc.go index 6284239..e5802d2 100644 --- a/svc/svc.go +++ b/svc/svc.go @@ -12,28 +12,35 @@ import ( // Start is the initialization function for getwtxt func Start() { + before := time.Now() initSvc() // StrictSlash(true) allows /api and /api/ // to serve the same content without duplicating // handlers/paths index := mux.NewRouter().StrictSlash(true) - api := index.PathPrefix("/api").Subrouter() - - setIndexRouting(index) - setEndpointRouting(api) confObj.Mu.RLock() portnum := fmt.Sprintf(":%v", confObj.Port) + if !confObj.IsProxied { + index.Host(confObj.Instance.URL) + } confObj.Mu.RUnlock() - server := newServer(portnum, index) + setIndexRouting(index) + api := index.PathPrefix("/api").Subrouter() + setEndpointRouting(api) + server := newServer(portnum, index) log.Printf("*** Listening on %v\n", portnum) - log.Printf("*** getwtxt %v Started :: %v ::\n\n", Vers, time.Now().Format(time.RFC3339)) + log.Printf("*** getwtxt %v Startup finished at %v, took %v\n\n", Vers, time.Now().Format(time.RFC3339), time.Since(before)) errLog("", server.ListenAndServe()) closeLog <- true + killTickers() + killDB() + close(dbChan) + close(closeLog) } func newServer(port string, index *mux.Router) *http.Server { -- cgit 1.4.1-2-gfad0 From 45ee3c060433c58a0a89de223655381933e7df11 Mon Sep 17 00:00:00 2001 From: Ben Morrison Date: Tue, 11 Jun 2019 18:49:16 -0400 Subject: added support for TLS and hostname resolution --- Makefile | 12 ------------ etc/getwtxt-proxied.service | 15 --------------- getwtxt.yml | 11 +++++++++++ svc/conf.go | 37 ++++++++++++++++++++++++++++++++----- svc/init.go | 1 - svc/svc.go | 9 ++++++++- 6 files changed, 51 insertions(+), 34 deletions(-) delete mode 100644 etc/getwtxt-proxied.service diff --git a/Makefile b/Makefile index eea8cdd..2151717 100644 --- a/Makefile +++ b/Makefile @@ -19,18 +19,6 @@ update: git pull --rebase install: - adduser -home $(BINDIR) --system --group getwtxt - mkdir -p $(BINDIR)/assets/tmpl $(BINDIR)/docs - install -m755 getwtxt $(BINDIR) - install -m644 getwtxt.yml $(BINDIR) - install -m644 assets/style.css $(BINDIR)/assets - install -m644 assets/tmpl/index.html $(BINDIR)/assets/tmpl - install -m644 README.md $(BINDIR)/docs - install -m644 LICENSE $(BINDIR)/docs - install -m644 etc/getwtxt-proxied.service /etc/systemd/system - chown -R getwtxt:getwtxt $(BINDIR) - -install-unproxied: adduser -home $(BINDIR) --system --group getwtxt mkdir -p $(BINDIR)/assets/tmpl $(BINDIR)/docs install -m755 getwtxt $(BINDIR) diff --git a/etc/getwtxt-proxied.service b/etc/getwtxt-proxied.service deleted file mode 100644 index 07ea8cb..0000000 --- a/etc/getwtxt-proxied.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=getwtxt - -[Service] -Type=simple -ExecStart=/usr/local/getwtxt/getwtxt \ - --assets /usr/local/getwtxt/assets \ - --config /usr/local/getwtxt/getwtxt.yml \ - --db /usr/local/getwtxt/getwtxt.db \ - --dbtype leveldb \ - --proxied -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/getwtxt.yml b/getwtxt.yml index 0388651..d9f5c90 100644 --- a/getwtxt.yml +++ b/getwtxt.yml @@ -24,8 +24,19 @@ BehindProxy: true # This is the port that getwtxt will bind to. +# If BehindProxy is false, you should probably +# set this to 80 or 443 ListenPort: 9001 +# Determines whether we're using SSL/TLS. If so, +# you should set the Cert and Key files. +# Don't use TLS if you're setting up getwtxt +# behind a reverse proxy - just let the proxy +# handle the connection. +UseTLS: false +TLSCert: "/etc/ssl/getwtxt.pem" +TLSKey: "/etc/ssl/private/getwtxt.pem" + # The type of database you want to use. Currently, # the following are supported: # leveldb (default) diff --git a/svc/conf.go b/svc/conf.go index f15bd13..538b701 100644 --- a/svc/conf.go +++ b/svc/conf.go @@ -25,6 +25,7 @@ type Configuration struct { CacheInterval time.Duration `yaml:"StatusFetchInterval"` DBInterval time.Duration `yaml:"DatabasePushInterval"` Instance `yaml:"Instance"` + TLS } // Instance refers to meta data about @@ -38,6 +39,14 @@ type Instance struct { Desc string `yaml:"Instance.Description"` } +// TLS holds the tls config from the +// config file +type TLS struct { + Use bool `yaml:"UseTLS"` + Cert string `yaml:"TLSCert"` + Key string `yaml:"TLSKey"` +} + // Called on start-up. Initializes everything // related to configuration values. func initConfig() { @@ -88,6 +97,10 @@ func initLogging() { // Default values should a config file // not be available. func setConfigDefaults() { + viper.SetDefault("BehindProxy", true) + viper.SetDefault("UseTLS", false) + viper.SetDefault("TLSCert", "cert.pem") + viper.SetDefault("TLSKey", "key.pem") viper.SetDefault("ListenPort", 9001) viper.SetDefault("LogFile", "getwtxt.log") viper.SetDefault("DatabasePath", "getwtxt.db") @@ -150,6 +163,12 @@ func bindConfig() { confObj.Instance.Mail = viper.GetString("Instance.Email") confObj.Instance.Desc = viper.GetString("Instance.Description") + confObj.TLS.Use = viper.GetBool("UseTLS") + if confObj.TLS.Use { + confObj.TLS.Cert = viper.GetString("TLSCert") + confObj.TLS.Key = viper.GetString("TLSKey") + } + if *flagDBType != "" { confObj.DBType = *flagDBType } @@ -159,15 +178,24 @@ func bindConfig() { if *flagAssets != "" { confObj.AssetsDir = *flagAssets } - if *flagProxied { - confObj.IsProxied = true - } + confObj.Mu.Unlock() + + announceConfig() +} + +func announceConfig() { + confObj.Mu.RLock() if confObj.IsProxied { log.Printf("Behind reverse proxy, not using host matching\n") } else { log.Printf("Matching host: %v\n", confObj.Instance.URL) } + if confObj.TLS.Use { + log.Printf("Using TLS\n") + log.Printf("Cert: %v\n", confObj.TLS.Cert) + log.Printf("Key: %v\n", confObj.TLS.Key) + } if confObj.StdoutLogging { log.Printf("Logging to: stdout\n") } else { @@ -176,6 +204,5 @@ func bindConfig() { log.Printf("Using %v database: %v\n", confObj.DBType, confObj.DBPath) log.Printf("Database push interval: %v\n", confObj.DBInterval) log.Printf("User status fetch interval: %v\n", confObj.CacheInterval) - - confObj.Mu.Unlock() + confObj.Mu.RUnlock() } diff --git a/svc/init.go b/svc/init.go index 082cef8..fe83145 100644 --- a/svc/init.go +++ b/svc/init.go @@ -22,7 +22,6 @@ var ( flagAssets *string = pflag.StringP("assets", "a", "", "The location of the getwtxt assets directory.") flagDBPath *string = pflag.StringP("db", "d", "", "Path to the getwtxt database.") flagDBType *string = pflag.StringP("dbtype", "t", "", "Type of database being used.") - flagProxied *bool = pflag.BoolP("proxied", "p", false, "Use if getwtxt is behind a reverse proxy.") ) // Holds the global configuration diff --git a/svc/svc.go b/svc/svc.go index e5802d2..1748bf0 100644 --- a/svc/svc.go +++ b/svc/svc.go @@ -25,6 +25,9 @@ func Start() { if !confObj.IsProxied { index.Host(confObj.Instance.URL) } + TLS := confObj.TLS.Use + TLSCert := confObj.TLS.Cert + TLSKey := confObj.TLS.Key confObj.Mu.RUnlock() setIndexRouting(index) @@ -34,7 +37,11 @@ func Start() { server := newServer(portnum, index) log.Printf("*** Listening on %v\n", portnum) log.Printf("*** getwtxt %v Startup finished at %v, took %v\n\n", Vers, time.Now().Format(time.RFC3339), time.Since(before)) - errLog("", server.ListenAndServe()) + if TLS { + errLog("", server.ListenAndServeTLS(TLSCert, TLSKey)) + } else { + errLog("", server.ListenAndServe()) + } closeLog <- true killTickers() -- cgit 1.4.1-2-gfad0