func main() {
app := cmd.NewAppShell("boulder-ocsp-responder", "Handles OCSP requests")
app.Action = func(c cmd.Config, stats metrics.Statter, logger blog.Logger) {
go cmd.DebugServer(c.OCSPResponder.DebugAddr)
go cmd.ProfileCmd("OCSP", stats)
config := c.OCSPResponder
var source cfocsp.Source
// DBConfig takes precedence over Source, if present.
dbConnect, err := config.DBConfig.URL()
cmd.FailOnError(err, "Reading DB config")
if dbConnect == "" {
dbConnect = config.Source
}
url, err := url.Parse(dbConnect)
cmd.FailOnError(err, fmt.Sprintf("Source was not a URL: %s", config.Source))
if url.Scheme == "mysql+tcp" {
logger.Info(fmt.Sprintf("Loading OCSP Database for CA Cert: %s", c.Common.IssuerCert))
dbMap, err := sa.NewDbMap(config.Source)
cmd.FailOnError(err, "Could not connect to database")
sa.SetSQLDebug(dbMap, logger)
source, err = makeDBSource(dbMap, c.Common.IssuerCert, logger)
cmd.FailOnError(err, "Couldn't load OCSP DB")
} else if url.Scheme == "file" {
filename := url.Path
// Go interprets cwd-relative file urls (file:test/foo.txt) as having the
// relative part of the path in the 'Opaque' field.
if filename == "" {
filename = url.Opaque
}
source, err = cfocsp.NewSourceFromFile(filename)
cmd.FailOnError(err, fmt.Sprintf("Couldn't read file: %s", url.Path))
} else {
cmd.FailOnError(errors.New(`"source" parameter not found in JSON config`), "unable to start ocsp-responder")
}
stopTimeout, err := time.ParseDuration(c.OCSPResponder.ShutdownStopTimeout)
cmd.FailOnError(err, "Couldn't parse shutdown stop timeout")
killTimeout, err := time.ParseDuration(c.OCSPResponder.ShutdownKillTimeout)
cmd.FailOnError(err, "Couldn't parse shutdown kill timeout")
m := mux(stats, c.OCSPResponder.Path, source)
srv := &http.Server{
Addr: c.OCSPResponder.ListenAddress,
Handler: m,
}
hd := &httpdown.HTTP{
StopTimeout: stopTimeout,
KillTimeout: killTimeout,
Stats: metrics.NewFBAdapter(stats, "OCSP", clock.Default()),
}
err = httpdown.ListenAndServe(srv, hd)
cmd.FailOnError(err, "Error starting HTTP server")
}
app.Run()
}
func main() {
server := &http.Server{
Addr: "127.0.0.1:8080",
Handler: http.HandlerFunc(handler),
}
hd := &httpdown.HTTP{
StopTimeout: 10 * time.Second,
KillTimeout: 1 * time.Second,
}
flag.StringVar(&server.Addr, "addr", server.Addr, "http address")
flag.DurationVar(&hd.StopTimeout, "stop-timeout", hd.StopTimeout, "stop timeout")
flag.DurationVar(&hd.KillTimeout, "kill-timeout", hd.KillTimeout, "kill timeout")
flag.Parse()
if err := httpdown.ListenAndServe(server, hd); err != nil {
panic(err)
}
}
func main() {
app := cmd.NewAppShell("boulder-wfe", "Handles HTTP API requests")
addrFlag := cli.StringFlag{
Name: "addr",
Value: "",
Usage: "if set, overrides the listenAddr setting in the WFE config",
EnvVar: "WFE_LISTEN_ADDR",
}
app.App.Flags = append(app.App.Flags, addrFlag)
app.Config = func(c *cli.Context, config cmd.Config) cmd.Config {
if c.GlobalString("addr") != "" {
config.WFE.ListenAddress = c.GlobalString("addr")
}
return config
}
app.Action = func(c cmd.Config, stats metrics.Statter, logger blog.Logger) {
go cmd.DebugServer(c.WFE.DebugAddr)
wfe, err := wfe.NewWebFrontEndImpl(stats, clock.Default(), c.KeyPolicy(), logger)
cmd.FailOnError(err, "Unable to create WFE")
rac, sac := setupWFE(c, logger, stats)
wfe.RA = rac
wfe.SA = sac
wfe.SubscriberAgreementURL = c.SubscriberAgreementURL
wfe.AllowOrigins = c.WFE.AllowOrigins
wfe.CertCacheDuration, err = time.ParseDuration(c.WFE.CertCacheDuration)
cmd.FailOnError(err, "Couldn't parse certificate caching duration")
wfe.CertNoCacheExpirationWindow, err = time.ParseDuration(c.WFE.CertNoCacheExpirationWindow)
cmd.FailOnError(err, "Couldn't parse certificate expiration no-cache window")
wfe.IndexCacheDuration, err = time.ParseDuration(c.WFE.IndexCacheDuration)
cmd.FailOnError(err, "Couldn't parse index caching duration")
wfe.IssuerCacheDuration, err = time.ParseDuration(c.WFE.IssuerCacheDuration)
cmd.FailOnError(err, "Couldn't parse issuer caching duration")
wfe.ShutdownStopTimeout, err = time.ParseDuration(c.WFE.ShutdownStopTimeout)
cmd.FailOnError(err, "Couldn't parse shutdown stop timeout")
wfe.ShutdownKillTimeout, err = time.ParseDuration(c.WFE.ShutdownKillTimeout)
cmd.FailOnError(err, "Couldn't parse shutdown kill timeout")
wfe.IssuerCert, err = cmd.LoadCert(c.Common.IssuerCert)
cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.Common.IssuerCert))
logger.Info(fmt.Sprintf("WFE using key policy: %#v", c.KeyPolicy()))
go cmd.ProfileCmd("WFE", stats)
// Set up paths
wfe.BaseURL = c.Common.BaseURL
h, err := wfe.Handler()
cmd.FailOnError(err, "Problem setting up HTTP handlers")
httpMonitor := metrics.NewHTTPMonitor(stats, h, "WFE")
logger.Info(fmt.Sprintf("Server running, listening on %s...\n", c.WFE.ListenAddress))
srv := &http.Server{
Addr: c.WFE.ListenAddress,
Handler: httpMonitor,
}
hd := &httpdown.HTTP{
StopTimeout: wfe.ShutdownStopTimeout,
KillTimeout: wfe.ShutdownKillTimeout,
Stats: metrics.NewFBAdapter(stats, "WFE", clock.Default()),
}
err = httpdown.ListenAndServe(srv, hd)
cmd.FailOnError(err, "Error starting HTTP server")
}
app.Run()
}
func main() {
const signedRequestMaxAge = time.Hour * 24
runtime.GOMAXPROCS(runtime.NumCPU())
flagSet := flag.NewFlagSet(filepath.Base(os.Args[0]), flag.ExitOnError)
dev := flagSet.Bool("dev", runtime.GOOS != "linux", "development mode")
addr := flagSet.String("addr", defaultAddr(), "server address to bind to")
adminPath := flagSet.String("admin-path", "", "secret admin path")
facebookAppID := flagSet.Uint64("fb-app-id", 342526215814610, "facebook application id")
facebookAppSecret := flagSet.String("fb-app-secret", "", "facebook application secret")
facebookAppNS := flagSet.String("fb-app-ns", "", "facebook application namespace")
empCheckerAppID := flagSet.Uint64("empcheck-app-id", 0, "empcheck application id")
empCheckerAppSecret := flagSet.String("empcheck-app-secret", "", "empcheck application secret")
parseAppID := flagSet.String("parse-app-id", "", "parse application id")
parseMasterKey := flagSet.String("parse-master-key", "", "parse master key")
publicDir := flagSet.String(
"public-dir", pkgDir("github.com/daaku/rell/public"), "public files directory")
examplesDir := flagSet.String(
"examples-dir", pkgDir("github.com/daaku/rell/examples/db"), "example files directory")
flagSet.Parse(os.Args[1:])
if err := flagenv.ParseSet("RELL_", flagSet); err != nil {
fmt.Fprintln(os.Stderr, err)
os.Exit(2)
}
if *dev {
devrestarter.Init()
}
logger := log.New(os.Stderr, "", log.LstdFlags)
// for systemd started servers we can skip the date/time since journald
// already shows it
if os.Getppid() == 1 {
logger.SetFlags(0)
}
fbApp := fbapp.New(
*facebookAppID,
*facebookAppSecret,
*facebookAppNS,
)
forwarded := &trustforward.Forwarded{
X: true,
CloudFlare: true,
}
bid := &browserid.Cookie{
Name: "z",
MaxAge: time.Hour * 24 * 365 * 10, // 10 years
Length: 16,
Logger: logger,
Forwarded: forwarded,
}
xsrf := &xsrf.Provider{
BrowserID: bid,
MaxAge: time.Hour * 24,
SumLen: 10,
}
publicFS := http.Dir(*publicDir)
static := &static.Handler{
Path: "/static/",
Box: static.FileSystemBox(publicFS),
}
httpTransport := &httpcontrol.Transport{
MaxIdleConnsPerHost: http.DefaultMaxIdleConnsPerHost,
DialTimeout: 2 * time.Second,
ResponseHeaderTimeout: 3 * time.Second,
RequestTimeout: 30 * time.Second,
}
parseClient := &parse.Client{
Transport: httpTransport,
Credentials: parse.MasterKey{
ApplicationID: *parseAppID,
MasterKey: *parseMasterKey,
},
}
fbApiClient := &fbapi.Client{
Transport: httpTransport,
}
lruCache := lru.New(10000)
empChecker := &empcheck.Checker{
FbApiClient: fbApiClient,
App: fbapp.New(*empCheckerAppID, *empCheckerAppSecret, ""),
Logger: logger,
Cache: lruCache,
}
appNSFetcher := &appns.Fetcher{
Apps: []fbapp.App{fbApp},
FbApiClient: fbApiClient,
Logger: logger,
Cache: lruCache,
}
exampleStore := &examples.Store{
Parse: parseClient,
DB: examples.MustMakeDB(*examplesDir),
Cache: lruCache,
}
webHandler := &web.Handler{
Static: static,
App: fbApp,
Logger: logger,
EnvParser: &rellenv.Parser{
App: fbApp,
EmpChecker: empChecker,
AppNSFetcher: appNSFetcher,
SignedRequestMaxAge: signedRequestMaxAge,
Forwarded: forwarded,
},
PublicFS: publicFS,
ContextHandler: &viewcontext.Handler{},
ExamplesHandler: &viewexamples.Handler{
ExampleStore: exampleStore,
Xsrf: xsrf,
Static: static,
},
OgHandler: &viewog.Handler{
Static: static,
ObjectParser: &og.Parser{Static: static},
},
OauthHandler: &oauth.Handler{
BrowserID: bid,
App: fbApp,
HttpTransport: httpTransport,
Static: static,
},
AdminHandler: &adminweb.Handler{
Forwarded: forwarded,
Path: *adminPath,
SkipHTTPS: *dev,
},
SignedRequestMaxAge: signedRequestMaxAge,
}
httpServer := &http.Server{
Addr: *addr,
Handler: webHandler,
}
hdConfig := &httpdown.HTTP{
StopTimeout: 9 * time.Second, // heroku provides 10 seconds to terminate
}
if err := httpdown.ListenAndServe(httpServer, hdConfig); err != nil {
logger.Fatal(err)
}
}
func main() {
hawk.MaxTimestampSkew = time.Second * time.Duration(config.HawkTimestampMaxSkew)
syncLimitConfig := web.NewDefaultSyncUserHandlerConfig()
syncLimitConfig.MaxRequestBytes = config.Limit.MaxRequestBytes
syncLimitConfig.MaxBSOGetLimit = config.Limit.MaxBSOGetLimit
syncLimitConfig.MaxPOSTRecords = config.Limit.MaxPOSTRecords
syncLimitConfig.MaxPOSTBytes = config.Limit.MaxPOSTBytes
syncLimitConfig.MaxTotalBytes = config.Limit.MaxTotalBytes
syncLimitConfig.MaxTotalRecords = config.Limit.MaxTotalRecords
syncLimitConfig.MaxBatchTTL = config.Limit.MaxBatchTTL * 1000
syncLimitConfig.MaxRecordPayloadBytes = config.Limit.MaxRecordPayloadBytes
// The base functionality is the sync 1.5 api
poolHandler := web.NewSyncPoolHandler(&web.SyncPoolConfig{
Basepath: config.DataDir,
NumPools: config.Pool.Num,
MaxPoolSize: config.Pool.MaxSize,
VacuumKB: config.Pool.VacuumKB,
DBConfig: &syncstorage.Config{config.Sqlite.CacheSize},
PurgeMinHours: config.Pool.PurgeMinHours,
PurgeMaxHours: config.Pool.PurgeMaxHours,
}, syncLimitConfig)
var router http.Handler
router = poolHandler
if config.InfoCacheSize > 0 {
router = web.NewCacheHandler(router, web.CacheConfig{MaxCacheSize: config.InfoCacheSize})
}
// legacy weave hacks
router = web.NewWeaveHandler(router)
// All sync 1.5 access requires Hawk Authorization
router = web.NewHawkHandler(router, config.Secrets)
// Serve non sync 1.5 endpoints
router = web.NewInfoHandler(router)
// Log all the things
if config.Log.DisableHTTP != true {
logHandler := web.NewLogHandler(log.StandardLogger(), router)
if config.Log.OnlyHTTPErrors {
h := logHandler.(*web.LoggingHandler)
h.OnlyHTTPErrors = true
}
router = logHandler
}
if config.EnablePprof {
log.Info("Enabling pprof profile at /debug/pprof/")
router = web.NewPprofHandler(router)
}
listenOn := config.Host + ":" + strconv.Itoa(config.Port)
server := &http.Server{
Addr: listenOn,
Handler: router,
}
if config.Log.Mozlog {
log.SetFormatter(&web.MozlogFormatter{
Hostname: config.Hostname,
Pid: os.Getpid(),
})
}
hd := &httpdown.HTTP{
// how long until connections are force closed
StopTimeout: 3 * time.Minute,
// how long before complete abort (even when clients are connected)
// this is above StopTimeout. In other worse, how much time to give
// force stopping of connections to finish
KillTimeout: 2 * time.Minute,
}
log.WithFields(log.Fields{
"addr": listenOn,
"PID": os.Getpid(),
"POOL_NUM": config.Pool.Num,
"POOL_MAX_SIZE": config.Pool.MaxSize,
"POOL_VACUUM_KB": config.Pool.VacuumKB,
"POOL_PURGE_MIN_HOURS": config.Pool.PurgeMinHours,
"POOL_PURGE_MAX_HOURS": config.Pool.PurgeMaxHours,
"LIMIT_MAX_BSO_GET_LIMIT": syncLimitConfig.MaxBSOGetLimit,
"LIMIT_MAX_POST_RECORDS": syncLimitConfig.MaxPOSTRecords,
"LIMIT_MAX_POST_BYTES": syncLimitConfig.MaxPOSTBytes,
"LIMIT_MAX_TOTAL_RECORDS": syncLimitConfig.MaxTotalRecords,
"LIMIT_MAX_TOTAL_BYTES": syncLimitConfig.MaxTotalBytes,
"LIMIT_MAX_REQUEST_BYTES": syncLimitConfig.MaxRequestBytes,
"LIMIT_MAX_BATCH_TTL": fmt.Sprintf("%d seconds", syncLimitConfig.MaxBatchTTL/1000),
"LIMIT_MAX_RECORD_PAYLOAD_BYTES": syncLimitConfig.MaxRecordPayloadBytes,
"SQLITE3_CACHE_SIZE": config.Sqlite.CacheSize,
"INFO_CACHE_SIZE": config.InfoCacheSize,
"HAWK_TIMESTAMP_MAX_SKEW": hawk.MaxTimestampSkew.Seconds(),
}).Info("HTTP Listening at " + listenOn)
err := httpdown.ListenAndServe(server, hd)
if err != nil {
log.Error(err.Error())
}
poolHandler.StopHTTP()
}
func main() {
configFile := flag.String("config", "", "File path to the configuration file for this service")
flag.Parse()
if *configFile == "" {
flag.Usage()
os.Exit(1)
}
var c config
err := cmd.ReadJSONFile(*configFile, &c)
cmd.FailOnError(err, "Reading JSON config file into config structure")
go cmd.DebugServer(c.WFE.DebugAddr)
stats, logger := cmd.StatsAndLogging(c.StatsdConfig, c.SyslogConfig)
defer logger.AuditPanic()
logger.Info(cmd.VersionString(clientName))
wfe, err := wfe.NewWebFrontEndImpl(stats, clock.Default(), c.AllowedSigningAlgos.KeyPolicy(), logger)
cmd.FailOnError(err, "Unable to create WFE")
rac, sac := setupWFE(c, logger, stats)
wfe.RA = rac
wfe.SA = sac
// TODO: remove this check once the production config uses the SubscriberAgreementURL in the wfe section
if c.WFE.SubscriberAgreementURL != "" {
wfe.SubscriberAgreementURL = c.WFE.SubscriberAgreementURL
} else {
wfe.SubscriberAgreementURL = c.SubscriberAgreementURL
}
wfe.AllowOrigins = c.WFE.AllowOrigins
wfe.CheckMalformedCSR = c.WFE.CheckMalformedCSR
wfe.CertCacheDuration, err = time.ParseDuration(c.WFE.CertCacheDuration)
cmd.FailOnError(err, "Couldn't parse certificate caching duration")
wfe.CertNoCacheExpirationWindow, err = time.ParseDuration(c.WFE.CertNoCacheExpirationWindow)
cmd.FailOnError(err, "Couldn't parse certificate expiration no-cache window")
wfe.IndexCacheDuration, err = time.ParseDuration(c.WFE.IndexCacheDuration)
cmd.FailOnError(err, "Couldn't parse index caching duration")
wfe.IssuerCacheDuration, err = time.ParseDuration(c.WFE.IssuerCacheDuration)
cmd.FailOnError(err, "Couldn't parse issuer caching duration")
wfe.ShutdownStopTimeout, err = time.ParseDuration(c.WFE.ShutdownStopTimeout)
cmd.FailOnError(err, "Couldn't parse shutdown stop timeout")
wfe.ShutdownKillTimeout, err = time.ParseDuration(c.WFE.ShutdownKillTimeout)
cmd.FailOnError(err, "Couldn't parse shutdown kill timeout")
wfe.IssuerCert, err = cmd.LoadCert(c.Common.IssuerCert)
cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.Common.IssuerCert))
logger.Info(fmt.Sprintf("WFE using key policy: %#v", c.KeyPolicy()))
go cmd.ProfileCmd("WFE", stats)
// Set up paths
wfe.BaseURL = c.Common.BaseURL
h, err := wfe.Handler()
cmd.FailOnError(err, "Problem setting up HTTP handlers")
httpMonitor := metrics.NewHTTPMonitor(stats, h, "WFE")
logger.Info(fmt.Sprintf("Server running, listening on %s...\n", c.WFE.ListenAddress))
srv := &http.Server{
Addr: c.WFE.ListenAddress,
Handler: httpMonitor,
}
hd := &httpdown.HTTP{
StopTimeout: wfe.ShutdownStopTimeout,
KillTimeout: wfe.ShutdownKillTimeout,
Stats: metrics.NewFBAdapter(stats, "WFE", clock.Default()),
}
err = httpdown.ListenAndServe(srv, hd)
cmd.FailOnError(err, "Error starting HTTP server")
}