Пример #1
func main() {
	app := cmd.NewAppShell("boulder-ocsp-responder", "Handles OCSP requests")
	app.Action = func(c cmd.Config, stats metrics.Statter, logger blog.Logger) {
		go cmd.DebugServer(c.OCSPResponder.DebugAddr)

		go cmd.ProfileCmd("OCSP", stats)

		config := c.OCSPResponder
		var source cfocsp.Source

		// DBConfig takes precedence over Source, if present.
		dbConnect, err := config.DBConfig.URL()
		cmd.FailOnError(err, "Reading DB config")
		if dbConnect == "" {
			dbConnect = config.Source
		url, err := url.Parse(dbConnect)
		cmd.FailOnError(err, fmt.Sprintf("Source was not a URL: %s", config.Source))

		if url.Scheme == "mysql+tcp" {
			logger.Info(fmt.Sprintf("Loading OCSP Database for CA Cert: %s", c.Common.IssuerCert))
			dbMap, err := sa.NewDbMap(config.Source)
			cmd.FailOnError(err, "Could not connect to database")
			sa.SetSQLDebug(dbMap, logger)
			source, err = makeDBSource(dbMap, c.Common.IssuerCert, logger)
			cmd.FailOnError(err, "Couldn't load OCSP DB")
		} else if url.Scheme == "file" {
			filename := url.Path
			// Go interprets cwd-relative file urls (file:test/foo.txt) as having the
			// relative part of the path in the 'Opaque' field.
			if filename == "" {
				filename = url.Opaque
			source, err = cfocsp.NewSourceFromFile(filename)
			cmd.FailOnError(err, fmt.Sprintf("Couldn't read file: %s", url.Path))
		} else {
			cmd.FailOnError(errors.New(`"source" parameter not found in JSON config`), "unable to start ocsp-responder")

		stopTimeout, err := time.ParseDuration(c.OCSPResponder.ShutdownStopTimeout)
		cmd.FailOnError(err, "Couldn't parse shutdown stop timeout")
		killTimeout, err := time.ParseDuration(c.OCSPResponder.ShutdownKillTimeout)
		cmd.FailOnError(err, "Couldn't parse shutdown kill timeout")
		m := mux(stats, c.OCSPResponder.Path, source)
		srv := &http.Server{
			Addr:    c.OCSPResponder.ListenAddress,
			Handler: m,

		hd := &httpdown.HTTP{
			StopTimeout: stopTimeout,
			KillTimeout: killTimeout,
			Stats:       metrics.NewFBAdapter(stats, "OCSP", clock.Default()),
		err = httpdown.ListenAndServe(srv, hd)
		cmd.FailOnError(err, "Error starting HTTP server")

Пример #2
func main() {
	server := &http.Server{
		Addr:    "",
		Handler: http.HandlerFunc(handler),
	hd := &httpdown.HTTP{
		StopTimeout: 10 * time.Second,
		KillTimeout: 1 * time.Second,

	flag.StringVar(&server.Addr, "addr", server.Addr, "http address")
	flag.DurationVar(&hd.StopTimeout, "stop-timeout", hd.StopTimeout, "stop timeout")
	flag.DurationVar(&hd.KillTimeout, "kill-timeout", hd.KillTimeout, "kill timeout")

	if err := httpdown.ListenAndServe(server, hd); err != nil {
Пример #3
func main() {
	app := cmd.NewAppShell("boulder-wfe", "Handles HTTP API requests")
	addrFlag := cli.StringFlag{
		Name:   "addr",
		Value:  "",
		Usage:  "if set, overrides the listenAddr setting in the WFE config",
	app.App.Flags = append(app.App.Flags, addrFlag)
	app.Config = func(c *cli.Context, config cmd.Config) cmd.Config {
		if c.GlobalString("addr") != "" {
			config.WFE.ListenAddress = c.GlobalString("addr")
		return config
	app.Action = func(c cmd.Config, stats metrics.Statter, logger blog.Logger) {
		go cmd.DebugServer(c.WFE.DebugAddr)

		wfe, err := wfe.NewWebFrontEndImpl(stats, clock.Default(), c.KeyPolicy(), logger)
		cmd.FailOnError(err, "Unable to create WFE")
		rac, sac := setupWFE(c, logger, stats)
		wfe.RA = rac
		wfe.SA = sac
		wfe.SubscriberAgreementURL = c.SubscriberAgreementURL

		wfe.AllowOrigins = c.WFE.AllowOrigins

		wfe.CertCacheDuration, err = time.ParseDuration(c.WFE.CertCacheDuration)
		cmd.FailOnError(err, "Couldn't parse certificate caching duration")
		wfe.CertNoCacheExpirationWindow, err = time.ParseDuration(c.WFE.CertNoCacheExpirationWindow)
		cmd.FailOnError(err, "Couldn't parse certificate expiration no-cache window")
		wfe.IndexCacheDuration, err = time.ParseDuration(c.WFE.IndexCacheDuration)
		cmd.FailOnError(err, "Couldn't parse index caching duration")
		wfe.IssuerCacheDuration, err = time.ParseDuration(c.WFE.IssuerCacheDuration)
		cmd.FailOnError(err, "Couldn't parse issuer caching duration")

		wfe.ShutdownStopTimeout, err = time.ParseDuration(c.WFE.ShutdownStopTimeout)
		cmd.FailOnError(err, "Couldn't parse shutdown stop timeout")
		wfe.ShutdownKillTimeout, err = time.ParseDuration(c.WFE.ShutdownKillTimeout)
		cmd.FailOnError(err, "Couldn't parse shutdown kill timeout")

		wfe.IssuerCert, err = cmd.LoadCert(c.Common.IssuerCert)
		cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.Common.IssuerCert))

		logger.Info(fmt.Sprintf("WFE using key policy: %#v", c.KeyPolicy()))

		go cmd.ProfileCmd("WFE", stats)

		// Set up paths
		wfe.BaseURL = c.Common.BaseURL
		h, err := wfe.Handler()
		cmd.FailOnError(err, "Problem setting up HTTP handlers")

		httpMonitor := metrics.NewHTTPMonitor(stats, h, "WFE")

		logger.Info(fmt.Sprintf("Server running, listening on %s...\n", c.WFE.ListenAddress))
		srv := &http.Server{
			Addr:    c.WFE.ListenAddress,
			Handler: httpMonitor,

		hd := &httpdown.HTTP{
			StopTimeout: wfe.ShutdownStopTimeout,
			KillTimeout: wfe.ShutdownKillTimeout,
			Stats:       metrics.NewFBAdapter(stats, "WFE", clock.Default()),
		err = httpdown.ListenAndServe(srv, hd)
		cmd.FailOnError(err, "Error starting HTTP server")

Пример #4
func main() {
	const signedRequestMaxAge = time.Hour * 24

	flagSet := flag.NewFlagSet(filepath.Base(os.Args[0]), flag.ExitOnError)
	dev := flagSet.Bool("dev", runtime.GOOS != "linux", "development mode")
	addr := flagSet.String("addr", defaultAddr(), "server address to bind to")
	adminPath := flagSet.String("admin-path", "", "secret admin path")
	facebookAppID := flagSet.Uint64("fb-app-id", 342526215814610, "facebook application id")
	facebookAppSecret := flagSet.String("fb-app-secret", "", "facebook application secret")
	facebookAppNS := flagSet.String("fb-app-ns", "", "facebook application namespace")
	empCheckerAppID := flagSet.Uint64("empcheck-app-id", 0, "empcheck application id")
	empCheckerAppSecret := flagSet.String("empcheck-app-secret", "", "empcheck application secret")
	parseAppID := flagSet.String("parse-app-id", "", "parse application id")
	parseMasterKey := flagSet.String("parse-master-key", "", "parse master key")
	publicDir := flagSet.String(
		"public-dir", pkgDir("github.com/daaku/rell/public"), "public files directory")
	examplesDir := flagSet.String(
		"examples-dir", pkgDir("github.com/daaku/rell/examples/db"), "example files directory")

	if err := flagenv.ParseSet("RELL_", flagSet); err != nil {
		fmt.Fprintln(os.Stderr, err)

	if *dev {

	logger := log.New(os.Stderr, "", log.LstdFlags)
	// for systemd started servers we can skip the date/time since journald
	// already shows it
	if os.Getppid() == 1 {

	fbApp := fbapp.New(
	forwarded := &trustforward.Forwarded{
		X:          true,
		CloudFlare: true,
	bid := &browserid.Cookie{
		Name:      "z",
		MaxAge:    time.Hour * 24 * 365 * 10, // 10 years
		Length:    16,
		Logger:    logger,
		Forwarded: forwarded,
	xsrf := &xsrf.Provider{
		BrowserID: bid,
		MaxAge:    time.Hour * 24,
		SumLen:    10,
	publicFS := http.Dir(*publicDir)
	static := &static.Handler{
		Path: "/static/",
		Box:  static.FileSystemBox(publicFS),
	httpTransport := &httpcontrol.Transport{
		MaxIdleConnsPerHost:   http.DefaultMaxIdleConnsPerHost,
		DialTimeout:           2 * time.Second,
		ResponseHeaderTimeout: 3 * time.Second,
		RequestTimeout:        30 * time.Second,
	parseClient := &parse.Client{
		Transport: httpTransport,
		Credentials: parse.MasterKey{
			ApplicationID: *parseAppID,
			MasterKey:     *parseMasterKey,
	fbApiClient := &fbapi.Client{
		Transport: httpTransport,
	lruCache := lru.New(10000)
	empChecker := &empcheck.Checker{
		FbApiClient: fbApiClient,
		App:         fbapp.New(*empCheckerAppID, *empCheckerAppSecret, ""),
		Logger:      logger,
		Cache:       lruCache,
	appNSFetcher := &appns.Fetcher{
		Apps:        []fbapp.App{fbApp},
		FbApiClient: fbApiClient,
		Logger:      logger,
		Cache:       lruCache,
	exampleStore := &examples.Store{
		Parse: parseClient,
		DB:    examples.MustMakeDB(*examplesDir),
		Cache: lruCache,
	webHandler := &web.Handler{
		Static: static,
		App:    fbApp,
		Logger: logger,
		EnvParser: &rellenv.Parser{
			App:                 fbApp,
			EmpChecker:          empChecker,
			AppNSFetcher:        appNSFetcher,
			SignedRequestMaxAge: signedRequestMaxAge,
			Forwarded:           forwarded,
		PublicFS:       publicFS,
		ContextHandler: &viewcontext.Handler{},
		ExamplesHandler: &viewexamples.Handler{
			ExampleStore: exampleStore,
			Xsrf:         xsrf,
			Static:       static,
		OgHandler: &viewog.Handler{
			Static:       static,
			ObjectParser: &og.Parser{Static: static},
		OauthHandler: &oauth.Handler{
			BrowserID:     bid,
			App:           fbApp,
			HttpTransport: httpTransport,
			Static:        static,
		AdminHandler: &adminweb.Handler{
			Forwarded: forwarded,
			Path:      *adminPath,
			SkipHTTPS: *dev,
		SignedRequestMaxAge: signedRequestMaxAge,
	httpServer := &http.Server{
		Addr:    *addr,
		Handler: webHandler,
	hdConfig := &httpdown.HTTP{
		StopTimeout: 9 * time.Second, // heroku provides 10 seconds to terminate

	if err := httpdown.ListenAndServe(httpServer, hdConfig); err != nil {
Пример #5
func main() {

	hawk.MaxTimestampSkew = time.Second * time.Duration(config.HawkTimestampMaxSkew)

	syncLimitConfig := web.NewDefaultSyncUserHandlerConfig()
	syncLimitConfig.MaxRequestBytes = config.Limit.MaxRequestBytes
	syncLimitConfig.MaxBSOGetLimit = config.Limit.MaxBSOGetLimit
	syncLimitConfig.MaxPOSTRecords = config.Limit.MaxPOSTRecords
	syncLimitConfig.MaxPOSTBytes = config.Limit.MaxPOSTBytes
	syncLimitConfig.MaxTotalBytes = config.Limit.MaxTotalBytes
	syncLimitConfig.MaxTotalRecords = config.Limit.MaxTotalRecords
	syncLimitConfig.MaxBatchTTL = config.Limit.MaxBatchTTL * 1000
	syncLimitConfig.MaxRecordPayloadBytes = config.Limit.MaxRecordPayloadBytes

	// The base functionality is the sync 1.5 api
	poolHandler := web.NewSyncPoolHandler(&web.SyncPoolConfig{
		Basepath:      config.DataDir,
		NumPools:      config.Pool.Num,
		MaxPoolSize:   config.Pool.MaxSize,
		VacuumKB:      config.Pool.VacuumKB,
		DBConfig:      &syncstorage.Config{config.Sqlite.CacheSize},
		PurgeMinHours: config.Pool.PurgeMinHours,
		PurgeMaxHours: config.Pool.PurgeMaxHours,
	}, syncLimitConfig)

	var router http.Handler
	router = poolHandler

	if config.InfoCacheSize > 0 {
		router = web.NewCacheHandler(router, web.CacheConfig{MaxCacheSize: config.InfoCacheSize})

	// legacy weave hacks
	router = web.NewWeaveHandler(router)

	// All sync 1.5 access requires Hawk Authorization
	router = web.NewHawkHandler(router, config.Secrets)

	// Serve non sync 1.5 endpoints
	router = web.NewInfoHandler(router)

	// Log all the things
	if config.Log.DisableHTTP != true {
		logHandler := web.NewLogHandler(log.StandardLogger(), router)

		if config.Log.OnlyHTTPErrors {
			h := logHandler.(*web.LoggingHandler)
			h.OnlyHTTPErrors = true

		router = logHandler

	if config.EnablePprof {
		log.Info("Enabling pprof profile at /debug/pprof/")
		router = web.NewPprofHandler(router)

	listenOn := config.Host + ":" + strconv.Itoa(config.Port)
	server := &http.Server{
		Addr:    listenOn,
		Handler: router,

	if config.Log.Mozlog {
			Hostname: config.Hostname,
			Pid:      os.Getpid(),

	hd := &httpdown.HTTP{
		// how long until connections are force closed
		StopTimeout: 3 * time.Minute,

		// how long before complete abort (even when clients are connected)
		// this is above StopTimeout. In other worse, how much time to give
		// force stopping of connections to finish
		KillTimeout: 2 * time.Minute,

		"addr":                           listenOn,
		"PID":                            os.Getpid(),
		"POOL_NUM":                       config.Pool.Num,
		"POOL_MAX_SIZE":                  config.Pool.MaxSize,
		"POOL_VACUUM_KB":                 config.Pool.VacuumKB,
		"POOL_PURGE_MIN_HOURS":           config.Pool.PurgeMinHours,
		"POOL_PURGE_MAX_HOURS":           config.Pool.PurgeMaxHours,
		"LIMIT_MAX_BSO_GET_LIMIT":        syncLimitConfig.MaxBSOGetLimit,
		"LIMIT_MAX_POST_RECORDS":         syncLimitConfig.MaxPOSTRecords,
		"LIMIT_MAX_POST_BYTES":           syncLimitConfig.MaxPOSTBytes,
		"LIMIT_MAX_TOTAL_RECORDS":        syncLimitConfig.MaxTotalRecords,
		"LIMIT_MAX_TOTAL_BYTES":          syncLimitConfig.MaxTotalBytes,
		"LIMIT_MAX_REQUEST_BYTES":        syncLimitConfig.MaxRequestBytes,
		"LIMIT_MAX_BATCH_TTL":            fmt.Sprintf("%d seconds", syncLimitConfig.MaxBatchTTL/1000),
		"LIMIT_MAX_RECORD_PAYLOAD_BYTES": syncLimitConfig.MaxRecordPayloadBytes,
		"SQLITE3_CACHE_SIZE":             config.Sqlite.CacheSize,
		"INFO_CACHE_SIZE":                config.InfoCacheSize,
		"HAWK_TIMESTAMP_MAX_SKEW":        hawk.MaxTimestampSkew.Seconds(),
	}).Info("HTTP Listening at " + listenOn)

	err := httpdown.ListenAndServe(server, hd)
	if err != nil {

Пример #6
func main() {
	configFile := flag.String("config", "", "File path to the configuration file for this service")
	if *configFile == "" {

	var c config
	err := cmd.ReadJSONFile(*configFile, &c)
	cmd.FailOnError(err, "Reading JSON config file into config structure")

	go cmd.DebugServer(c.WFE.DebugAddr)

	stats, logger := cmd.StatsAndLogging(c.StatsdConfig, c.SyslogConfig)
	defer logger.AuditPanic()

	wfe, err := wfe.NewWebFrontEndImpl(stats, clock.Default(), c.AllowedSigningAlgos.KeyPolicy(), logger)
	cmd.FailOnError(err, "Unable to create WFE")
	rac, sac := setupWFE(c, logger, stats)
	wfe.RA = rac
	wfe.SA = sac

	// TODO: remove this check once the production config uses the SubscriberAgreementURL in the wfe section
	if c.WFE.SubscriberAgreementURL != "" {
		wfe.SubscriberAgreementURL = c.WFE.SubscriberAgreementURL
	} else {
		wfe.SubscriberAgreementURL = c.SubscriberAgreementURL

	wfe.AllowOrigins = c.WFE.AllowOrigins
	wfe.CheckMalformedCSR = c.WFE.CheckMalformedCSR

	wfe.CertCacheDuration, err = time.ParseDuration(c.WFE.CertCacheDuration)
	cmd.FailOnError(err, "Couldn't parse certificate caching duration")
	wfe.CertNoCacheExpirationWindow, err = time.ParseDuration(c.WFE.CertNoCacheExpirationWindow)
	cmd.FailOnError(err, "Couldn't parse certificate expiration no-cache window")
	wfe.IndexCacheDuration, err = time.ParseDuration(c.WFE.IndexCacheDuration)
	cmd.FailOnError(err, "Couldn't parse index caching duration")
	wfe.IssuerCacheDuration, err = time.ParseDuration(c.WFE.IssuerCacheDuration)
	cmd.FailOnError(err, "Couldn't parse issuer caching duration")

	wfe.ShutdownStopTimeout, err = time.ParseDuration(c.WFE.ShutdownStopTimeout)
	cmd.FailOnError(err, "Couldn't parse shutdown stop timeout")
	wfe.ShutdownKillTimeout, err = time.ParseDuration(c.WFE.ShutdownKillTimeout)
	cmd.FailOnError(err, "Couldn't parse shutdown kill timeout")

	wfe.IssuerCert, err = cmd.LoadCert(c.Common.IssuerCert)
	cmd.FailOnError(err, fmt.Sprintf("Couldn't read issuer cert [%s]", c.Common.IssuerCert))

	logger.Info(fmt.Sprintf("WFE using key policy: %#v", c.KeyPolicy()))

	go cmd.ProfileCmd("WFE", stats)

	// Set up paths
	wfe.BaseURL = c.Common.BaseURL
	h, err := wfe.Handler()
	cmd.FailOnError(err, "Problem setting up HTTP handlers")

	httpMonitor := metrics.NewHTTPMonitor(stats, h, "WFE")

	logger.Info(fmt.Sprintf("Server running, listening on %s...\n", c.WFE.ListenAddress))
	srv := &http.Server{
		Addr:    c.WFE.ListenAddress,
		Handler: httpMonitor,

	hd := &httpdown.HTTP{
		StopTimeout: wfe.ShutdownStopTimeout,
		KillTimeout: wfe.ShutdownKillTimeout,
		Stats:       metrics.NewFBAdapter(stats, "WFE", clock.Default()),
	err = httpdown.ListenAndServe(srv, hd)
	cmd.FailOnError(err, "Error starting HTTP server")