feat: Allow disabling ACME and enable better file caching
This commit is contained in:
parent
feabaf5221
commit
1154eff9ae
124
main.go
124
main.go
@ -3,6 +3,7 @@ package main
|
|||||||
import (
|
import (
|
||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
"os"
|
"os"
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
@ -19,7 +20,7 @@ const (
|
|||||||
PagesBranch = "pages"
|
PagesBranch = "pages"
|
||||||
)
|
)
|
||||||
|
|
||||||
func handleSubdomain(domain string, cname string, path string, giteaClient *gitea.Client, w http.ResponseWriter) {
|
func handleSubdomain(domain string, cname string, path, giteaUrl string, giteaClient *gitea.Client, w http.ResponseWriter) {
|
||||||
hostParts := strings.Split(domain, ".")
|
hostParts := strings.Split(domain, ".")
|
||||||
username := hostParts[0]
|
username := hostParts[0]
|
||||||
|
|
||||||
@ -42,10 +43,10 @@ func handleSubdomain(domain string, cname string, path string, giteaClient *gite
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
serveFile(username, repo.Name, path, giteaClient, w)
|
serveFile(username, repo.Name, path, giteaUrl, w)
|
||||||
}
|
}
|
||||||
|
|
||||||
func Handler(pagesDomain string, giteaClient *gitea.Client) http.HandlerFunc {
|
func Handler(pagesDomain, giteaUrl string, giteaClient *gitea.Client) http.HandlerFunc {
|
||||||
return func(w http.ResponseWriter, req *http.Request) {
|
return func(w http.ResponseWriter, req *http.Request) {
|
||||||
w.Header().Set("Server", "rio")
|
w.Header().Set("Server", "rio")
|
||||||
|
|
||||||
@ -55,7 +56,7 @@ func Handler(pagesDomain string, giteaClient *gitea.Client) http.HandlerFunc {
|
|||||||
}
|
}
|
||||||
|
|
||||||
log.Debug("Domain can be directly handled")
|
log.Debug("Domain can be directly handled")
|
||||||
handleSubdomain(req.Host, "", req.URL.Path, giteaClient, w)
|
handleSubdomain(req.Host, "", req.URL.Path, giteaUrl, giteaClient, w)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -74,7 +75,7 @@ func Handler(pagesDomain string, giteaClient *gitea.Client) http.HandlerFunc {
|
|||||||
}
|
}
|
||||||
|
|
||||||
log.Debugf("Domain can be handled after a CNAME query")
|
log.Debugf("Domain can be handled after a CNAME query")
|
||||||
handleSubdomain(cname, cname, req.URL.Path, giteaClient, w)
|
handleSubdomain(cname, cname, req.URL.Path, giteaUrl, giteaClient, w)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -86,7 +87,6 @@ func Handler(pagesDomain string, giteaClient *gitea.Client) http.HandlerFunc {
|
|||||||
func runServer(ctx *cli.Context) error {
|
func runServer(ctx *cli.Context) error {
|
||||||
log.SetLevel(log.DebugLevel)
|
log.SetLevel(log.DebugLevel)
|
||||||
giteaUrl := ctx.String("gitea-url")
|
giteaUrl := ctx.String("gitea-url")
|
||||||
addr := ctx.String("listen-host") + ":" + ctx.String("listen-port")
|
|
||||||
domain := ctx.String("pages-domain")
|
domain := ctx.String("pages-domain")
|
||||||
certsFile := ctx.String("certs-file")
|
certsFile := ctx.String("certs-file")
|
||||||
acmeEmail := ctx.String("acme-email")
|
acmeEmail := ctx.String("acme-email")
|
||||||
@ -94,46 +94,9 @@ func runServer(ctx *cli.Context) error {
|
|||||||
acmeFile := ctx.String("acme-file")
|
acmeFile := ctx.String("acme-file")
|
||||||
acmeHost := ctx.String("acme-host")
|
acmeHost := ctx.String("acme-host")
|
||||||
acmePort := ctx.String("acme-port")
|
acmePort := ctx.String("acme-port")
|
||||||
|
acmeDisable := ctx.Bool("acme-disable")
|
||||||
|
|
||||||
err := LoadCertificateStoreFromFile(certsFile)
|
// Setup the Gitea stuff
|
||||||
if err != nil {
|
|
||||||
log.Debugf("Generating cert")
|
|
||||||
err := InitialiseFallbackCert(domain)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("Failed to generate fallback certificate: %v", err)
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
FlushCertificateStoreToFile(certsFile)
|
|
||||||
log.Debug("Certificate wrote to disk")
|
|
||||||
} else {
|
|
||||||
log.Debug("Certificate store read from disk")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Create an ACME client, if we failed to load one
|
|
||||||
acmeClient, err := ClientFromFile(acmeFile, acmeServer)
|
|
||||||
if err != nil {
|
|
||||||
log.Warn("Failed to load ACME client data from disk. Generating new account")
|
|
||||||
acmeClient, err = GenerateNewAccount(acmeEmail, acmeFile, acmeServer)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("Failed to generate new ACME client: %v", err)
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
log.Info("ACME account registered")
|
|
||||||
} else {
|
|
||||||
log.Info("ACME client data read from disk")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Set up the HTTP01 listener
|
|
||||||
err = acmeClient.Challenge.SetHTTP01Provider(
|
|
||||||
http01.NewProviderServer(acmeHost, acmePort),
|
|
||||||
)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("Failed to setup HTTP01 challenge listener: %v", err)
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Setup the HTTPS stuff
|
|
||||||
httpClient := http.Client{Timeout: 10 * time.Second}
|
httpClient := http.Client{Timeout: 10 * time.Second}
|
||||||
client, err := gitea.NewClient(
|
client, err := gitea.NewClient(
|
||||||
giteaUrl,
|
giteaUrl,
|
||||||
@ -142,20 +105,66 @@ func runServer(ctx *cli.Context) error {
|
|||||||
gitea.SetUserAgent("rio"),
|
gitea.SetUserAgent("rio"),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// Listen on the port
|
||||||
|
addr := ctx.String("listen-host") + ":" + ctx.String("listen-port")
|
||||||
listener, err := net.Listen("tcp", addr)
|
listener, err := net.Listen("tcp", addr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Errorf("Failed to create listener: %v", err)
|
fmt.Errorf("Failed to create listener: %v", err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsConfig := makeTlsConfig(
|
if !acmeDisable {
|
||||||
domain,
|
if acmeEmail == "" || acmeFile == "" || certsFile == "" {
|
||||||
certsFile,
|
return errors.New("The options acme-file, acme-email, and certs-file are required")
|
||||||
acmeClient,
|
}
|
||||||
)
|
|
||||||
listener = tls.NewListener(listener, tlsConfig)
|
|
||||||
|
|
||||||
if err := http.Serve(listener, Handler(domain, client)); err != nil {
|
err := LoadCertificateStoreFromFile(certsFile)
|
||||||
|
if err != nil {
|
||||||
|
log.Debugf("Generating cert")
|
||||||
|
err := InitialiseFallbackCert(domain)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("Failed to generate fallback certificate: %v", err)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
FlushCertificateStoreToFile(certsFile)
|
||||||
|
log.Debug("Certificate wrote to disk")
|
||||||
|
} else {
|
||||||
|
log.Debug("Certificate store read from disk")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create an ACME client, if we failed to load one
|
||||||
|
acmeClient, err := ClientFromFile(acmeFile, acmeServer)
|
||||||
|
if err != nil {
|
||||||
|
log.Warn("Failed to load ACME client data from disk. Generating new account")
|
||||||
|
acmeClient, err = GenerateNewAccount(acmeEmail, acmeFile, acmeServer)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("Failed to generate new ACME client: %v", err)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
log.Info("ACME account registered")
|
||||||
|
} else {
|
||||||
|
log.Info("ACME client data read from disk")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Set up the HTTP01 listener
|
||||||
|
err = acmeClient.Challenge.SetHTTP01Provider(
|
||||||
|
http01.NewProviderServer(acmeHost, acmePort),
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("Failed to setup HTTP01 challenge listener: %v", err)
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
tlsConfig := makeTlsConfig(
|
||||||
|
domain,
|
||||||
|
certsFile,
|
||||||
|
acmeClient,
|
||||||
|
)
|
||||||
|
listener = tls.NewListener(listener, tlsConfig)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err := http.Serve(listener, Handler(domain, giteaUrl, client)); err != nil {
|
||||||
fmt.Printf("Listening failed")
|
fmt.Printf("Listening failed")
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@ -207,19 +216,19 @@ func main() {
|
|||||||
Name: "certs-file",
|
Name: "certs-file",
|
||||||
Usage: "File to store certificates in",
|
Usage: "File to store certificates in",
|
||||||
EnvVars: []string{"CERTS_FILE"},
|
EnvVars: []string{"CERTS_FILE"},
|
||||||
Required: true,
|
Value: "",
|
||||||
},
|
},
|
||||||
&cli.StringFlag{
|
&cli.StringFlag{
|
||||||
Name: "acme-file",
|
Name: "acme-file",
|
||||||
Usage: "File to store ACME configuration in",
|
Usage: "File to store ACME configuration in",
|
||||||
EnvVars: []string{"ACME_FILE"},
|
EnvVars: []string{"ACME_FILE"},
|
||||||
Required: true,
|
Value: "",
|
||||||
},
|
},
|
||||||
&cli.StringFlag{
|
&cli.StringFlag{
|
||||||
Name: "acme-email",
|
Name: "acme-email",
|
||||||
Usage: "Email to use for an ACME account",
|
Usage: "Email to use for an ACME account",
|
||||||
EnvVars: []string{"ACME_EMAIL"},
|
EnvVars: []string{"ACME_EMAIL"},
|
||||||
Required: true,
|
Value: "",
|
||||||
},
|
},
|
||||||
&cli.StringFlag{
|
&cli.StringFlag{
|
||||||
Name: "acme-server",
|
Name: "acme-server",
|
||||||
@ -227,6 +236,11 @@ func main() {
|
|||||||
EnvVars: []string{"ACME_SERVER"},
|
EnvVars: []string{"ACME_SERVER"},
|
||||||
Value: "https://acme-staging-v02.api.letsencrypt.org/directory",
|
Value: "https://acme-staging-v02.api.letsencrypt.org/directory",
|
||||||
},
|
},
|
||||||
|
&cli.BoolFlag{
|
||||||
|
Name: "acme-disable",
|
||||||
|
Usage: "Whether to disable automatic ACME certificates",
|
||||||
|
EnvVars: []string{"ACME_DISABLE"},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
93
pages.go
93
pages.go
@ -1,12 +1,13 @@
|
|||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
|
"io"
|
||||||
"mime"
|
"mime"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"code.gitea.io/sdk/gitea"
|
|
||||||
"github.com/patrickmn/go-cache"
|
"github.com/patrickmn/go-cache"
|
||||||
log "github.com/sirupsen/logrus"
|
log "github.com/sirupsen/logrus"
|
||||||
)
|
)
|
||||||
@ -18,13 +19,14 @@ var (
|
|||||||
type PageContentCache struct {
|
type PageContentCache struct {
|
||||||
Content []byte
|
Content []byte
|
||||||
mimeType string
|
mimeType string
|
||||||
|
RequestedAt time.Time
|
||||||
}
|
}
|
||||||
|
|
||||||
func makePageContentCacheEntry(username, path string) string {
|
func makePageContentCacheEntry(username, path string) string {
|
||||||
return username + ":" + path
|
return username + ":" + path
|
||||||
}
|
}
|
||||||
|
|
||||||
func serveFile(username, reponame, path string, giteaClient *gitea.Client, w http.ResponseWriter) {
|
func serveFile(username, reponame, path, giteaUrl string, w http.ResponseWriter) {
|
||||||
// Provide a default
|
// Provide a default
|
||||||
if path == "" {
|
if path == "" {
|
||||||
path = "/index.html"
|
path = "/index.html"
|
||||||
@ -44,30 +46,73 @@ func serveFile(username, reponame, path string, giteaClient *gitea.Client, w htt
|
|||||||
log.Debugf("Returning %s from cache", path)
|
log.Debugf("Returning %s from cache", path)
|
||||||
content = entry.(PageContentCache).Content
|
content = entry.(PageContentCache).Content
|
||||||
mimeType = entry.(PageContentCache).mimeType
|
mimeType = entry.(PageContentCache).mimeType
|
||||||
} else {
|
|
||||||
content, _, err = giteaClient.GetFile(username, reponame, PagesBranch, path, false)
|
|
||||||
if err != nil {
|
|
||||||
log.Errorf("Failed to get file %s/%s/%s (%s)", username, reponame, path, err)
|
|
||||||
w.WriteHeader(404)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
pathParts := strings.Split(path, ".")
|
|
||||||
ext := pathParts[len(pathParts) - 1]
|
|
||||||
mimeType = mime.TypeByExtension("." + ext)
|
|
||||||
|
|
||||||
pageCache.Set(
|
|
||||||
key,
|
|
||||||
PageContentCache{
|
|
||||||
content,
|
|
||||||
mimeType,
|
|
||||||
},
|
|
||||||
cache.DefaultExpiration,
|
|
||||||
)
|
|
||||||
|
|
||||||
log.Debugf("Page %s requested from Gitea and cached in memory", path)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// We have to do the raw request manually because the Gitea SDK does not allow
|
||||||
|
// passing the If-Modfied-Since header.
|
||||||
|
apiUrl := fmt.Sprintf(
|
||||||
|
"%s/api/v1/repos/%s/%s/raw/%s?ref=%s",
|
||||||
|
giteaUrl,
|
||||||
|
username,
|
||||||
|
reponame,
|
||||||
|
path,
|
||||||
|
PagesBranch,
|
||||||
|
)
|
||||||
|
client := &http.Client{}
|
||||||
|
req, err := http.NewRequest("GET", apiUrl, nil)
|
||||||
|
if found {
|
||||||
|
since := entry.(PageContentCache).RequestedAt.Format(time.RFC1123)
|
||||||
|
log.Debugf("Found %s in cache. Adding '%s' as If-Modified-Since", key, since)
|
||||||
|
req.Header.Add("If-Modified-Since", since)
|
||||||
|
}
|
||||||
|
resp, err := client.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
if !found {
|
||||||
|
log.Errorf("Failed to get file %s/%s/%s (%s)", username, reponame, path, err)
|
||||||
|
w.WriteHeader(404)
|
||||||
|
} else {
|
||||||
|
log.Debugf("Request failed but page %s is cached in memory", path)
|
||||||
|
w.WriteHeader(200)
|
||||||
|
w.Header().Set("Content-Type", mimeType)
|
||||||
|
w.Write(content)
|
||||||
|
}
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
defer resp.Body.Close()
|
||||||
|
|
||||||
|
log.Debugf("Gitea API request returned %d", resp.StatusCode)
|
||||||
|
if found && resp.StatusCode == 302 {
|
||||||
|
log.Debugf("Page %s is unchanged and cached in memory", path)
|
||||||
|
w.WriteHeader(200)
|
||||||
|
w.Header().Set("Content-Type", mimeType)
|
||||||
|
w.Write(content)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
content, err = io.ReadAll(resp.Body)
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("Failed to get file %s/%s/%s (%s)", username, reponame, path, err)
|
||||||
|
w.WriteHeader(404)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
pathParts := strings.Split(path, ".")
|
||||||
|
ext := pathParts[len(pathParts) - 1]
|
||||||
|
mimeType = mime.TypeByExtension("." + ext)
|
||||||
|
|
||||||
|
now := time.Now()
|
||||||
|
pageCache.Set(
|
||||||
|
key,
|
||||||
|
PageContentCache{
|
||||||
|
content,
|
||||||
|
mimeType,
|
||||||
|
now,
|
||||||
|
},
|
||||||
|
cache.DefaultExpiration,
|
||||||
|
)
|
||||||
|
|
||||||
|
log.Debugf("Page %s requested from Gitea and cached in memory at %v", path, now)
|
||||||
w.WriteHeader(200)
|
w.WriteHeader(200)
|
||||||
w.Header().Set("Content-Type", mimeType)
|
w.Header().Set("Content-Type", mimeType)
|
||||||
w.Write(content)
|
w.Write(content)
|
||||||
|
Loading…
Reference in New Issue
Block a user