func main() {
flag.Parse()
host := *vhost
if strings.Contains(*vhost, ":") {
var err error
shost, port, err := net.SplitHostPort(*vhost)
if err != nil {
log.Fatalf("unable to parse httpsAddr: %s", err)
}
host = shost
if port != "443" {
host = *vhost
}
}
apiVars.Set("requests", apiRequests)
staticVars.Set("requests", staticRequests)
webVars.Set("requests", webRequests)
index = loadIndex()
tlsConf := makeTLSConfig(*certPath, *keyPath)
tlsListener, err := tls.Listen("tcp", *httpsAddr, tlsConf)
if err != nil {
log.Fatalf("unable to listen for the HTTPS server on %s: %s", *httpsAddr, err)
}
plaintextListener, err := net.Listen("tcp", *httpAddr)
if err != nil {
log.Fatalf("unable to listen for the HTTP server on %s: %s", *httpAddr, err)
}
l := &listener{tlsListener}
m := tlsMux(
host,
makeStaticHandler())
adminAddr := net.JoinHostPort("localhost", *adminPort)
go func() {
err := http.ListenAndServe(adminAddr, nil)
if err != nil {
log.Fatalf("unable to open admin server: %s", err)
}
}()
log.Printf("Booting HTTPS on %s and HTTP on %s", *httpsAddr, *httpAddr)
go func() {
err := http.Serve(l, m)
if err != nil {
log.Fatalf("https server error: %s", err)
}
}()
err = http.Serve(plaintextListener, plaintextMux(host))
if err != nil {
log.Fatalf("http server error: %s", err)
}
}
func main() {
flag.Parse()
routeHost, redirectHost := calculateDomains(*rawVHost, *httpsAddr)
apiVars.Set("requests", apiRequests)
staticVars.Set("requests", staticRequests)
webVars.Set("requests", webRequests)
index = loadIndex()
tlsConf := makeTLSConfig(*certPath, *keyPath)
tlsListener, err := tls.Listen("tcp", *httpsAddr, tlsConf)
if err != nil {
log.Fatalf("unable to listen for the HTTPS server on %s: %s", *httpsAddr, err)
}
plaintextListener, err := net.Listen("tcp", *httpAddr)
if err != nil {
log.Fatalf("unable to listen for the HTTP server on %s: %s", *httpAddr, err)
}
l := &listener{tlsListener}
if *acmeURL != "" {
if !strings.HasPrefix(*acmeURL, "/") &&
!strings.HasPrefix(*acmeURL, "https://") &&
!strings.HasPrefix(*acmeURL, "http://") {
fmt.Fprintf(os.Stderr, "acmeRedirect must start with 'http://', 'https://', or '/' but does not: %#v\n", *acmeURL)
os.Exit(1)
}
}
m := tlsMux(
routeHost,
redirectHost,
*acmeURL,
makeStaticHandler(*staticDir, staticVars))
adminAddr := net.JoinHostPort("localhost", *adminPort)
go func() {
err := http.ListenAndServe(adminAddr, nil)
if err != nil {
log.Fatalf("unable to open admin server: %s", err)
}
}()
log.Printf("Booting HTTPS on %s and HTTP on %s", *httpsAddr, *httpAddr)
go func() {
err := http.Serve(l, m)
if err != nil {
log.Fatalf("https server error: %s", err)
}
}()
err = http.Serve(plaintextListener, plaintextMux(redirectHost))
if err != nil {
log.Fatalf("http server error: %s", err)
}
}
func connect(t *testing.T, clientConf *tls.Config) *conn {
clientConf.ServerName = "localhost"
// Required to flip on session ticket keys
clientConf.ClientSessionCache = tls.NewLRUClientSessionCache(-1)
// Required to avoid InsecureSkipVerify (which is probably unnecessary, but
// nice to be Good™.)
clientConf.RootCAs = x509.NewCertPool()
clientConf.RootCAs.AddCert(rootCA)
tl, err := tls.Listen("tcp", "localhost:0", serverConf)
if err != nil {
t.Fatalf("NewListener: %s", err)
}
li := newListener(tl, new(expvar.Map).Init())
type connRes struct {
recv []byte
conn *conn
}
ch := make(chan connRes)
errCh := make(chan error)
go func() {
c, err := li.Accept()
if err != nil {
errCh <- err
return
}
b := make([]byte, 1)
io.ReadFull(c, b)
c.Close()
li.Close()
tc := c.(*conn)
ch <- connRes{recv: b, conn: tc}
}()
c, err := tls.Dial("tcp", li.Addr().String(), clientConf)
if err != nil {
t.Fatalf("Dial: %s", err)
}
defer c.Close()
sent := []byte("a")
c.Write(sent)
var cr connRes
select {
case err := <-errCh:
t.Fatalf("Accept: %s", err)
case cr = <-ch:
if !bytes.Equal(cr.recv, sent) {
t.Fatalf("expected bytes %#v, got %#v", string(sent), string(cr.recv))
}
case <-time.After(1 * time.Second):
t.Fatalf("timed out")
}
return cr.conn
}
func main() {
flag.Parse()
routeHost, redirectHost := calculateDomains(*rawVHost, *httpsAddr)
apiVars.Set("requests", apiRequests)
staticVars.Set("requests", staticRequests)
webVars.Set("requests", webRequests)
index = loadIndex()
tlsConf := makeTLSConfig(*certPath, *keyPath)
tlsListener, err := tls.Listen("tcp", *httpsAddr, tlsConf)
if err != nil {
log.Fatalf("unable to listen for the HTTPS server on %s: %s", *httpsAddr, err)
}
plaintextListener, err := net.Listen("tcp", *httpAddr)
if err != nil {
log.Fatalf("unable to listen for the HTTP server on %s: %s", *httpAddr, err)
}
l := &listener{tlsListener}
m := tlsMux(
routeHost,
redirectHost,
makeStaticHandler(*staticDir, staticVars))
adminAddr := net.JoinHostPort("localhost", *adminPort)
go func() {
err := http.ListenAndServe(adminAddr, nil)
if err != nil {
log.Fatalf("unable to open admin server: %s", err)
}
}()
log.Printf("Booting HTTPS on %s and HTTP on %s", *httpsAddr, *httpAddr)
go func() {
err := http.Serve(l, m)
if err != nil {
log.Fatalf("https server error: %s", err)
}
}()
err = http.Serve(plaintextListener, plaintextMux(redirectHost))
if err != nil {
log.Fatalf("http server error: %s", err)
}
}
func main() {
flag.Parse()
t := time.Now()
expvar.NewInt("start_time_epoch_secs").Set(t.Unix())
expvar.NewString("start_time_timestamp").Set(t.Format(time.RFC3339))
expvar.Publish("uptime_secs", expvar.Func(func() interface{} {
return int64(time.Now().Sub(t) / time.Second)
}))
expvar.Publish("uptime_dur", expvar.Func(func() interface{} {
return time.Now().Sub(t).String()
}))
routeHost, redirectHost := calculateDomains(*rawVHost, *httpsAddr)
apiVars.Set("requests", apiRequests)
staticVars.Set("requests", staticRequests)
webVars.Set("requests", webRequests)
tlsConf := makeTLSConfig(*certPath, *keyPath)
tlsListener, err := tls.Listen("tcp", *httpsAddr, tlsConf)
if err != nil {
log.Fatalf("unable to listen for the HTTPS server on %s: %s", *httpsAddr, err)
}
plaintextListener, err := net.Listen("tcp", *httpAddr)
if err != nil {
log.Fatalf("unable to listen for the HTTP server on %s: %s", *httpAddr, err)
}
ns := expvar.NewMap("tls")
l := newListener(tlsListener, ns)
if *acmeURL != "" {
if !strings.HasPrefix(*acmeURL, "/") &&
!strings.HasPrefix(*acmeURL, "https://") &&
!strings.HasPrefix(*acmeURL, "http://") {
fmt.Fprintf(os.Stderr, "acmeRedirect must start with 'http://', 'https://', or '/' but does not: %#v\n", *acmeURL)
os.Exit(1)
}
}
blockedOrigins := []string{}
if *originsFile != "" {
jc := loadOriginsConfig(*originsFile)
blockedOrigins = jc.BlockedOrigins
}
hostname, err := os.Hostname()
if err != nil {
log.Fatalf("unable to get hostname of local machine: %s", err)
}
var gclog logClient
if *googAcctConf != "" {
googConf := loadGoogleServiceAccount(*googAcctConf)
tokSrc := googConf.conf.TokenSource(context.Background())
client, err := logging.NewClient(context.Background(), googConf.ProjectID, option.WithTokenSource(tokSrc))
if err != nil {
log.Fatalf("unable to make Google Cloud Logging client: %s", err)
}
client.OnError = func(err error) {
log.Printf("goog logging error: %s", err)
}
gclog = client.Logger(*allowLogName)
} else {
gclog = nullLogClient{}
}
oa := newOriginAllower(blockedOrigins, hostname, gclog, expvar.NewMap("origins"))
staticHandler := http.NotFoundHandler()
webHandleFunc := http.NotFound
if !*headless {
index = loadIndex()
staticHandler = makeStaticHandler(*staticDir, staticVars)
webHandleFunc = handleWeb
}
m := tlsMux(
routeHost,
redirectHost,
*acmeURL,
staticHandler,
webHandleFunc,
oa,
)
go func() {
err := http.ListenAndServe(*adminAddr, nil)
if err != nil {
log.Fatalf("unable to open admin server: %s", err)
}
}()
httpsSrv := &http.Server{
Handler: m,
ReadTimeout: 10 * time.Second,
WriteTimeout: 15 * time.Second,
}
httpSrv := &http.Server{
Handler: plaintextMux(redirectHost),
ReadTimeout: 10 * time.Second,
WriteTimeout: 15 * time.Second,
}
log.Printf("Booting HTTPS on %s and HTTP on %s", *httpsAddr, *httpAddr)
go func() {
err := httpsSrv.Serve(l)
if err != nil {
log.Fatalf("https server error: %s", err)
}
}()
err = httpSrv.Serve(plaintextListener)
if err != nil {
log.Fatalf("http server error: %s", err)
}
}
