/
main.go
125 lines (108 loc) · 3.41 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
package main
import (
"crypto/tls"
"flag"
"fmt"
"log"
"net"
"net/http"
"time"
"github.com/dchest/captcha"
)
// All the consts are here.
const HumanCookieName = "X-Uncensor-Human"
const HumanCookieDuration = 5 * time.Minute
const HumanCookieCheck = true
const MappingLocalLocation = "/var/mirrors/mirrors.json"
const MappingRemoteLocation = "http://localhost/mirrors.json"
const MappingUpdateInterval = 5 * time.Minute
const ByteBufferPoolSize = 20
const ByteBufferSize = 1 << 14
const GzipStreamsPoolSize = 20
const GzipCompressionLevel = 3
var remoteConfigFlag string
var httpAddr string
var tlsAddr string
func init() {
flag.StringVar(&remoteConfigFlag, "config-url", MappingRemoteLocation, "The URL to periodically fetch configuration information from.")
flag.StringVar(&httpAddr, "http", ":http", "Address to listen for HTTP requests.")
flag.StringVar(&tlsAddr, "https", ":https", "Address to listen for HTTPS requests.")
flag.Parse()
}
func main() {
// Don't care if this succeeds or not at this point.
updateMirrorMappings(remoteConfigFlag, MappingLocalLocation)
// Setup the primary server object.
replacers := loadMirrorMappings(MappingLocalLocation)
myHandler := &ProxyServer{
BufferChan: make(chan []byte, ByteBufferPoolSize),
GzipChan: make(chan gzipPair, GzipStreamsPoolSize),
Client: http.Client{
CheckRedirect: noClientRedirect,
},
Captcha: &CaptchaContext{
Generator: captcha.Server(captcha.StdWidth, captcha.StdHeight),
Epoch: time.Now(),
Key: GenerateCaptchaKey(),
ValidDuration: HumanCookieDuration,
},
}
myHandler.SetConfigurations(replacers)
// Setup the background mapping updater.
go loopUpdateMirrorMappings(myHandler, remoteConfigFlag, MappingLocalLocation, MappingUpdateInterval)
// Create a waitgroup to prevent the main thread from exiting.
// Create the HTTP server
httpServer := http.Server{
Addr: httpAddr,
Handler: myHandler,
ReadTimeout: 5 * time.Second,
WriteTimeout: 5 * time.Second,
MaxHeaderBytes: 1 << 20,
}
go func() {
log.Fatal(httpServer.ListenAndServe())
}()
// Create the HTTPS server
tlsConfig := &tls.Config{
Certificates: nil,
GetCertificate: func(ch *tls.ClientHelloInfo) (*tls.Certificate, error) {
if cfg, _ := myHandler.GetConfiguration(ch.ServerName); cfg != nil {
if cfg.Certificate != nil {
return cfg.Certificate, nil
}
}
return nil, fmt.Errorf("Unable to find certificate for %v", ch)
},
NextProtos: []string{"http/1.1"},
}
secureServer := http.Server{
Addr: tlsAddr,
Handler: myHandler,
ReadTimeout: 5 * time.Second,
WriteTimeout: 5 * time.Second,
MaxHeaderBytes: 1 << 20,
TLSConfig: tlsConfig,
}
var secureListener net.Listener
if secureLn, err := net.Listen("tcp", secureServer.Addr); err != nil {
log.Fatal(err)
} else {
secureListener = tls.NewListener(tcpKeepAliveListener{secureLn.(*net.TCPListener)}, secureServer.TLSConfig)
}
log.Fatal(secureServer.Serve(secureListener))
}
// This is replicated from golang's server.go. This struct
// isn't exposed. But replicating it allows control over the
// the keep alive time, so it isn't necessarily a bad thing.
type tcpKeepAliveListener struct {
*net.TCPListener
}
func (ln tcpKeepAliveListener) Accept() (c net.Conn, err error) {
tc, err := ln.AcceptTCP()
if err != nil {
return c, err
}
tc.SetKeepAlive(true)
tc.SetKeepAlivePeriod(2 * time.Minute)
return tc, nil
}