func (s *HTTPListener) listenAndServeTLS() error {
certForHandshake := func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
r := s.findRoute(hello.ServerName, "/")
if r == nil {
return nil, errMissingTLS
}
return r.keypair, nil
}
tlsConfig := tlsconfig.SecureCiphers(&tls.Config{
GetCertificate: certForHandshake,
Certificates: []tls.Certificate{s.keypair},
})
l, err := listenFunc("tcp4", s.TLSAddr)
if err != nil {
return listenErr{s.Addr, err}
}
s.tlsListener = tls.NewListener(l, tlsConfig)
server := &http.Server{
Addr: s.tlsListener.Addr().String(),
Handler: fwdProtoHandler{
Handler: s,
Proto: "https",
Port: mustPortFromAddr(s.tlsListener.Addr().String()),
},
}
// TODO: log error
go server.Serve(s.tlsListener)
return nil
}
func (s *HTTPListener) listenAndServeTLS() error {
certForHandshake := func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
r := s.findRoute(hello.ServerName, "/")
if r == nil {
return nil, errMissingTLS
}
return r.keypair, nil
}
tlsConfig := tlsconfig.SecureCiphers(&tls.Config{
GetCertificate: certForHandshake,
Certificates: []tls.Certificate{s.keypair},
NextProtos: []string{http2.NextProtoTLS, "h2-14"},
})
l, err := listenFunc("tcp4", s.TLSAddr)
if err != nil {
return listenErr{s.Addr, err}
}
if s.proxyProtocol {
l = proxyproto.Listener{l}
}
s.tlsListener = tls.NewListener(l, tlsConfig)
handler := fwdProtoHandler{
Handler: s,
Proto: "https",
Port: mustPortFromAddr(s.tlsListener.Addr().String()),
}
http2Server := &http2.Server{}
http2Handler := func(hs *http.Server, c *tls.Conn, h http.Handler) {
http2Server.ServeConn(c, &http2.ServeConnOpts{
Handler: handler,
BaseConfig: hs,
})
}
server := &http.Server{
Addr: s.tlsListener.Addr().String(),
Handler: handler,
TLSNextProto: map[string]func(*http.Server, *tls.Conn, http.Handler){
http2.NextProtoTLS: http2Handler,
"h2-14": http2Handler,
},
}
// TODO: log error
go server.Serve(s.tlsListener)
return nil
}
func (r *Runner) start() error {
r.authKey = os.Getenv("AUTH_KEY")
if r.authKey == "" {
return errors.New("AUTH_KEY not set")
}
r.githubToken = os.Getenv("GITHUB_TOKEN")
if r.githubToken == "" {
return errors.New("GITHUB_TOKEN not set")
}
awsAuth, err := aws.EnvAuth()
if err != nil {
return err
}
r.s3Bucket = s3.New(awsAuth, aws.USEast).Bucket(logBucket)
_, listenPort, err = net.SplitHostPort(args.ListenAddr)
if err != nil {
return err
}
bc := r.bc
bc.Network = r.allocateNet()
if r.rootFS, err = cluster.BuildFlynn(bc, args.RootFS, "origin/master", false, os.Stdout); err != nil {
return fmt.Errorf("could not build flynn: %s", err)
}
r.releaseNet(bc.Network)
shutdown.BeforeExit(func() { removeRootFS(r.rootFS) })
db, err := bolt.Open(args.DBPath, 0600, &bolt.Options{Timeout: 5 * time.Second})
if err != nil {
return fmt.Errorf("could not open db: %s", err)
}
r.db = db
shutdown.BeforeExit(func() { r.db.Close() })
if err := r.db.Update(func(tx *bolt.Tx) error {
_, err := tx.CreateBucketIfNotExists(dbBucket)
return err
}); err != nil {
return fmt.Errorf("could not create builds bucket: %s", err)
}
for i := 0; i < maxConcurrentBuilds; i++ {
r.buildCh <- struct{}{}
}
if err := r.buildPending(); err != nil {
log.Printf("could not build pending builds: %s", err)
}
go r.connectIRC()
go r.watchEvents()
router := httprouter.New()
router.RedirectTrailingSlash = true
router.Handler("GET", "/", http.RedirectHandler("/builds", 302))
router.POST("/", r.handleEvent)
router.GET("/builds/:build", r.getBuildLog)
router.POST("/builds/:build/restart", r.restartBuild)
router.POST("/builds/:build/explain", r.explainBuild)
router.GET("/builds", r.getBuilds)
router.ServeFiles("/assets/*filepath", http.Dir(args.AssetsDir))
router.GET("/cluster/:cluster", r.clusterAPI(r.getCluster))
router.POST("/cluster/:cluster", r.clusterAPI(r.addHost))
router.POST("/cluster/:cluster/release", r.clusterAPI(r.addReleaseHosts))
router.DELETE("/cluster/:cluster/:host", r.clusterAPI(r.removeHost))
srv := &http.Server{
Addr: args.ListenAddr,
Handler: router,
TLSConfig: tlsconfig.SecureCiphers(nil),
}
log.Println("Listening on", args.ListenAddr, "...")
if err := srv.ListenAndServeTLS(args.TLSCert, args.TLSKey); err != nil {
return fmt.Errorf("ListenAndServeTLS: %s", err)
}
return nil
}
func (r *Runner) start() error {
r.authKey = os.Getenv("AUTH_KEY")
if r.authKey == "" {
return errors.New("AUTH_KEY not set")
}
r.runEnv["TEST_RUNNER_AUTH_KEY"] = r.authKey
for _, s := range []string{"S3", "GCS", "AZURE"} {
name := fmt.Sprintf("BLOBSTORE_%s_CONFIG", s)
if c := os.Getenv(name); c != "" {
r.runEnv[name] = c
} else {
return fmt.Errorf("%s not set", name)
}
}
r.githubToken = os.Getenv("GITHUB_TOKEN")
if r.githubToken == "" {
return errors.New("GITHUB_TOKEN not set")
}
am := autocert.Manager{
Prompt: autocert.AcceptTOS,
Cache: autocert.DirCache(args.TLSDir),
HostPolicy: autocert.HostWhitelist(args.Domain),
}
awsAuth, err := aws.EnvCreds()
if err != nil {
return err
}
r.s3 = s3.New(awsAuth, "us-east-1", nil)
_, listenPort, err = net.SplitHostPort(args.ListenAddr)
if err != nil {
return err
}
bc := r.bc
bc.Network = r.allocateNet()
if r.rootFS, err = cluster.BuildFlynn(bc, args.RootFS, "origin/master", false, os.Stdout); err != nil {
return fmt.Errorf("could not build flynn: %s", err)
}
r.releaseNet(bc.Network)
shutdown.BeforeExit(func() { removeRootFS(r.rootFS) })
db, err := bolt.Open(args.DBPath, 0600, &bolt.Options{Timeout: 5 * time.Second})
if err != nil {
return fmt.Errorf("could not open db: %s", err)
}
r.db = db
shutdown.BeforeExit(func() { r.db.Close() })
if err := r.db.Update(func(tx *bolt.Tx) error {
_, err := tx.CreateBucketIfNotExists(dbBucket)
return err
}); err != nil {
return fmt.Errorf("could not create builds bucket: %s", err)
}
for i := 0; i < args.ConcurrentBuilds; i++ {
r.buildCh <- struct{}{}
}
if err := r.buildPending(); err != nil {
log.Printf("could not build pending builds: %s", err)
}
go r.connectIRC()
go r.watchEvents()
router := httprouter.New()
router.RedirectTrailingSlash = true
router.Handler("GET", "/", http.RedirectHandler("/builds", 302))
router.POST("/", r.handleEvent)
router.GET("/builds/:build", r.getBuildLog)
router.GET("/builds/:build/download", r.downloadBuildLog)
router.POST("/builds/:build/restart", r.restartBuild)
router.POST("/builds/:build/explain", r.explainBuild)
router.GET("/builds", r.getBuilds)
router.ServeFiles("/assets/*filepath", http.Dir(args.AssetsDir))
router.GET("/cluster/:cluster", r.clusterAPI(r.getCluster))
router.POST("/cluster/:cluster", r.clusterAPI(r.addHost))
router.POST("/cluster/:cluster/release", r.clusterAPI(r.addReleaseHosts))
router.DELETE("/cluster/:cluster/:host", r.clusterAPI(r.removeHost))
srv := &http.Server{
Addr: args.ListenAddr,
Handler: router,
TLSConfig: tlsconfig.SecureCiphers(&tls.Config{
GetCertificate: am.GetCertificate,
}),
}
log.Println("Listening on", args.ListenAddr, "...")
if err := srv.ListenAndServeTLS("", ""); err != nil {
return fmt.Errorf("ListenAndServeTLS: %s", err)
}
return nil
}