| [98] | 1 | package main
|
|---|
| 2 |
|
|---|
| 3 | import (
|
|---|
| [477] | 4 | "context"
|
|---|
| [98] | 5 | "crypto/tls"
|
|---|
| 6 | "flag"
|
|---|
| [491] | 7 | "fmt"
|
|---|
| [636] | 8 | "io/ioutil"
|
|---|
| [98] | 9 | "log"
|
|---|
| 10 | "net"
|
|---|
| [323] | 11 | "net/http"
|
|---|
| [317] | 12 | "net/url"
|
|---|
| [449] | 13 | "os"
|
|---|
| 14 | "os/signal"
|
|---|
| [317] | 15 | "strings"
|
|---|
| [475] | 16 | "sync/atomic"
|
|---|
| [449] | 17 | "syscall"
|
|---|
| [477] | 18 | "time"
|
|---|
| [98] | 19 |
|
|---|
| [418] | 20 | "github.com/pires/go-proxyproto"
|
|---|
| 21 |
|
|---|
| [98] | 22 | "git.sr.ht/~emersion/soju"
|
|---|
| 23 | "git.sr.ht/~emersion/soju/config"
|
|---|
| 24 | )
|
|---|
| 25 |
|
|---|
| [477] | 26 | // TCP keep-alive interval for downstream TCP connections
|
|---|
| 27 | const downstreamKeepAlive = 1 * time.Hour
|
|---|
| 28 |
|
|---|
| [491] | 29 | type stringSliceFlag []string
|
|---|
| 30 |
|
|---|
| 31 | func (v *stringSliceFlag) String() string {
|
|---|
| 32 | return fmt.Sprint([]string(*v))
|
|---|
| 33 | }
|
|---|
| 34 |
|
|---|
| 35 | func (v *stringSliceFlag) Set(s string) error {
|
|---|
| 36 | *v = append(*v, s)
|
|---|
| 37 | return nil
|
|---|
| 38 | }
|
|---|
| 39 |
|
|---|
| [687] | 40 | func bumpOpenedFileLimit() error {
|
|---|
| 41 | var rlimit syscall.Rlimit
|
|---|
| 42 | if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &rlimit); err != nil {
|
|---|
| 43 | return fmt.Errorf("failed to get RLIMIT_NOFILE: %v", err)
|
|---|
| 44 | }
|
|---|
| 45 | rlimit.Cur = rlimit.Max
|
|---|
| 46 | if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, &rlimit); err != nil {
|
|---|
| 47 | return fmt.Errorf("failed to set RLIMIT_NOFILE: %v", err)
|
|---|
| 48 | }
|
|---|
| 49 | return nil
|
|---|
| 50 | }
|
|---|
| 51 |
|
|---|
| [691] | 52 | var (
|
|---|
| 53 | configPath string
|
|---|
| 54 | debug bool
|
|---|
| 55 |
|
|---|
| 56 | tlsCert atomic.Value // *tls.Certificate
|
|---|
| 57 | )
|
|---|
| 58 |
|
|---|
| 59 | func loadConfig() (*config.Server, *soju.Config, error) {
|
|---|
| 60 | var raw *config.Server
|
|---|
| 61 | if configPath != "" {
|
|---|
| 62 | var err error
|
|---|
| 63 | raw, err = config.Load(configPath)
|
|---|
| 64 | if err != nil {
|
|---|
| 65 | return nil, nil, fmt.Errorf("failed to load config file: %v", err)
|
|---|
| 66 | }
|
|---|
| 67 | } else {
|
|---|
| 68 | raw = config.Defaults()
|
|---|
| 69 | }
|
|---|
| 70 |
|
|---|
| 71 | var motd string
|
|---|
| 72 | if raw.MOTDPath != "" {
|
|---|
| 73 | b, err := ioutil.ReadFile(raw.MOTDPath)
|
|---|
| 74 | if err != nil {
|
|---|
| 75 | return nil, nil, fmt.Errorf("failed to load MOTD: %v", err)
|
|---|
| 76 | }
|
|---|
| 77 | motd = strings.TrimSuffix(string(b), "\n")
|
|---|
| 78 | }
|
|---|
| 79 |
|
|---|
| 80 | if raw.TLS != nil {
|
|---|
| 81 | cert, err := tls.LoadX509KeyPair(raw.TLS.CertPath, raw.TLS.KeyPath)
|
|---|
| 82 | if err != nil {
|
|---|
| 83 | return nil, nil, fmt.Errorf("failed to load TLS certificate and key: %v", err)
|
|---|
| 84 | }
|
|---|
| 85 | tlsCert.Store(&cert)
|
|---|
| 86 | }
|
|---|
| 87 |
|
|---|
| 88 | cfg := &soju.Config{
|
|---|
| 89 | Hostname: raw.Hostname,
|
|---|
| 90 | Title: raw.Title,
|
|---|
| 91 | LogPath: raw.LogPath,
|
|---|
| 92 | HTTPOrigins: raw.HTTPOrigins,
|
|---|
| 93 | AcceptProxyIPs: raw.AcceptProxyIPs,
|
|---|
| 94 | MaxUserNetworks: raw.MaxUserNetworks,
|
|---|
| [694] | 95 | MultiUpstream: raw.MultiUpstream,
|
|---|
| [705] | 96 | UpstreamUserIPs: raw.UpstreamUserIPs,
|
|---|
| [691] | 97 | Debug: debug,
|
|---|
| 98 | MOTD: motd,
|
|---|
| 99 | }
|
|---|
| 100 | return raw, cfg, nil
|
|---|
| 101 | }
|
|---|
| 102 |
|
|---|
| [98] | 103 | func main() {
|
|---|
| [491] | 104 | var listen []string
|
|---|
| 105 | flag.Var((*stringSliceFlag)(&listen), "listen", "listening address")
|
|---|
| [98] | 106 | flag.StringVar(&configPath, "config", "", "path to configuration file")
|
|---|
| 107 | flag.BoolVar(&debug, "debug", false, "enable debug logging")
|
|---|
| 108 | flag.Parse()
|
|---|
| 109 |
|
|---|
| [691] | 110 | cfg, serverCfg, err := loadConfig()
|
|---|
| 111 | if err != nil {
|
|---|
| 112 | log.Fatal(err)
|
|---|
| [98] | 113 | }
|
|---|
| 114 |
|
|---|
| [491] | 115 | cfg.Listen = append(cfg.Listen, listen...)
|
|---|
| [317] | 116 | if len(cfg.Listen) == 0 {
|
|---|
| 117 | cfg.Listen = []string{":6697"}
|
|---|
| 118 | }
|
|---|
| [98] | 119 |
|
|---|
| [687] | 120 | if err := bumpOpenedFileLimit(); err != nil {
|
|---|
| 121 | log.Printf("failed to bump max number of opened files: %v", err)
|
|---|
| 122 | }
|
|---|
| 123 |
|
|---|
| [620] | 124 | db, err := soju.OpenDB(cfg.SQLDriver, cfg.SQLSource)
|
|---|
| [98] | 125 | if err != nil {
|
|---|
| 126 | log.Fatalf("failed to open database: %v", err)
|
|---|
| 127 | }
|
|---|
| 128 |
|
|---|
| [317] | 129 | var tlsCfg *tls.Config
|
|---|
| [98] | 130 | if cfg.TLS != nil {
|
|---|
| [475] | 131 | tlsCfg = &tls.Config{
|
|---|
| 132 | GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
|
|---|
| 133 | return tlsCert.Load().(*tls.Certificate), nil
|
|---|
| 134 | },
|
|---|
| 135 | }
|
|---|
| [98] | 136 | }
|
|---|
| 137 |
|
|---|
| 138 | srv := soju.NewServer(db)
|
|---|
| [691] | 139 | srv.SetConfig(serverCfg)
|
|---|
| [98] | 140 |
|
|---|
| [317] | 141 | for _, listen := range cfg.Listen {
|
|---|
| 142 | listenURI := listen
|
|---|
| 143 | if !strings.Contains(listenURI, ":/") {
|
|---|
| 144 | // This is a raw domain name, make it an URL with an empty scheme
|
|---|
| 145 | listenURI = "//" + listenURI
|
|---|
| [98] | 146 | }
|
|---|
| [317] | 147 | u, err := url.Parse(listenURI)
|
|---|
| 148 | if err != nil {
|
|---|
| 149 | log.Fatalf("failed to parse listen URI %q: %v", listen, err)
|
|---|
| 150 | }
|
|---|
| 151 |
|
|---|
| 152 | switch u.Scheme {
|
|---|
| 153 | case "ircs", "":
|
|---|
| 154 | if tlsCfg == nil {
|
|---|
| 155 | log.Fatalf("failed to listen on %q: missing TLS configuration", listen)
|
|---|
| 156 | }
|
|---|
| 157 | host := u.Host
|
|---|
| 158 | if _, _, err := net.SplitHostPort(host); err != nil {
|
|---|
| 159 | host = host + ":6697"
|
|---|
| 160 | }
|
|---|
| [470] | 161 | ircsTLSCfg := tlsCfg.Clone()
|
|---|
| 162 | ircsTLSCfg.NextProtos = []string{"irc"}
|
|---|
| [477] | 163 | lc := net.ListenConfig{
|
|---|
| 164 | KeepAlive: downstreamKeepAlive,
|
|---|
| 165 | }
|
|---|
| 166 | l, err := lc.Listen(context.Background(), "tcp", host)
|
|---|
| [317] | 167 | if err != nil {
|
|---|
| 168 | log.Fatalf("failed to start TLS listener on %q: %v", listen, err)
|
|---|
| 169 | }
|
|---|
| [477] | 170 | ln := tls.NewListener(l, ircsTLSCfg)
|
|---|
| [418] | 171 | ln = proxyProtoListener(ln, srv)
|
|---|
| [317] | 172 | go func() {
|
|---|
| [449] | 173 | if err := srv.Serve(ln); err != nil {
|
|---|
| 174 | log.Printf("serving %q: %v", listen, err)
|
|---|
| 175 | }
|
|---|
| [317] | 176 | }()
|
|---|
| 177 | case "irc+insecure":
|
|---|
| 178 | host := u.Host
|
|---|
| 179 | if _, _, err := net.SplitHostPort(host); err != nil {
|
|---|
| 180 | host = host + ":6667"
|
|---|
| 181 | }
|
|---|
| [477] | 182 | lc := net.ListenConfig{
|
|---|
| 183 | KeepAlive: downstreamKeepAlive,
|
|---|
| 184 | }
|
|---|
| 185 | ln, err := lc.Listen(context.Background(), "tcp", host)
|
|---|
| [317] | 186 | if err != nil {
|
|---|
| 187 | log.Fatalf("failed to start listener on %q: %v", listen, err)
|
|---|
| 188 | }
|
|---|
| [418] | 189 | ln = proxyProtoListener(ln, srv)
|
|---|
| [317] | 190 | go func() {
|
|---|
| [449] | 191 | if err := srv.Serve(ln); err != nil {
|
|---|
| 192 | log.Printf("serving %q: %v", listen, err)
|
|---|
| 193 | }
|
|---|
| [317] | 194 | }()
|
|---|
| [466] | 195 | case "unix":
|
|---|
| 196 | ln, err := net.Listen("unix", u.Path)
|
|---|
| 197 | if err != nil {
|
|---|
| 198 | log.Fatalf("failed to start listener on %q: %v", listen, err)
|
|---|
| 199 | }
|
|---|
| 200 | ln = proxyProtoListener(ln, srv)
|
|---|
| 201 | go func() {
|
|---|
| 202 | if err := srv.Serve(ln); err != nil {
|
|---|
| 203 | log.Printf("serving %q: %v", listen, err)
|
|---|
| 204 | }
|
|---|
| 205 | }()
|
|---|
| [323] | 206 | case "wss":
|
|---|
| [581] | 207 | if tlsCfg == nil {
|
|---|
| 208 | log.Fatalf("failed to listen on %q: missing TLS configuration", listen)
|
|---|
| 209 | }
|
|---|
| [323] | 210 | addr := u.Host
|
|---|
| 211 | if _, _, err := net.SplitHostPort(addr); err != nil {
|
|---|
| 212 | addr = addr + ":https"
|
|---|
| 213 | }
|
|---|
| 214 | httpSrv := http.Server{
|
|---|
| 215 | Addr: addr,
|
|---|
| 216 | TLSConfig: tlsCfg,
|
|---|
| 217 | Handler: srv,
|
|---|
| 218 | }
|
|---|
| 219 | go func() {
|
|---|
| [449] | 220 | if err := httpSrv.ListenAndServeTLS("", ""); err != nil {
|
|---|
| 221 | log.Fatalf("serving %q: %v", listen, err)
|
|---|
| 222 | }
|
|---|
| [323] | 223 | }()
|
|---|
| 224 | case "ws+insecure":
|
|---|
| 225 | addr := u.Host
|
|---|
| 226 | if _, _, err := net.SplitHostPort(addr); err != nil {
|
|---|
| 227 | addr = addr + ":http"
|
|---|
| 228 | }
|
|---|
| 229 | httpSrv := http.Server{
|
|---|
| 230 | Addr: addr,
|
|---|
| 231 | Handler: srv,
|
|---|
| 232 | }
|
|---|
| 233 | go func() {
|
|---|
| [449] | 234 | if err := httpSrv.ListenAndServe(); err != nil {
|
|---|
| 235 | log.Fatalf("serving %q: %v", listen, err)
|
|---|
| 236 | }
|
|---|
| [323] | 237 | }()
|
|---|
| [385] | 238 | case "ident":
|
|---|
| 239 | if srv.Identd == nil {
|
|---|
| 240 | srv.Identd = soju.NewIdentd()
|
|---|
| 241 | }
|
|---|
| 242 |
|
|---|
| 243 | host := u.Host
|
|---|
| 244 | if _, _, err := net.SplitHostPort(host); err != nil {
|
|---|
| 245 | host = host + ":113"
|
|---|
| 246 | }
|
|---|
| 247 | ln, err := net.Listen("tcp", host)
|
|---|
| 248 | if err != nil {
|
|---|
| 249 | log.Fatalf("failed to start listener on %q: %v", listen, err)
|
|---|
| 250 | }
|
|---|
| [418] | 251 | ln = proxyProtoListener(ln, srv)
|
|---|
| [385] | 252 | go func() {
|
|---|
| [449] | 253 | if err := srv.Identd.Serve(ln); err != nil {
|
|---|
| 254 | log.Printf("serving %q: %v", listen, err)
|
|---|
| 255 | }
|
|---|
| [385] | 256 | }()
|
|---|
| [317] | 257 | default:
|
|---|
| 258 | log.Fatalf("failed to listen on %q: unsupported scheme", listen)
|
|---|
| 259 | }
|
|---|
| 260 |
|
|---|
| 261 | log.Printf("server listening on %q", listen)
|
|---|
| 262 | }
|
|---|
| [449] | 263 |
|
|---|
| 264 | sigCh := make(chan os.Signal, 1)
|
|---|
| [475] | 265 | signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM, syscall.SIGHUP)
|
|---|
| [449] | 266 |
|
|---|
| 267 | if err := srv.Start(); err != nil {
|
|---|
| 268 | log.Fatal(err)
|
|---|
| 269 | }
|
|---|
| 270 |
|
|---|
| [475] | 271 | for sig := range sigCh {
|
|---|
| 272 | switch sig {
|
|---|
| 273 | case syscall.SIGHUP:
|
|---|
| [691] | 274 | log.Print("reloading configuration")
|
|---|
| 275 | _, serverCfg, err := loadConfig()
|
|---|
| 276 | if err != nil {
|
|---|
| 277 | log.Printf("failed to reloading configuration: %v", err)
|
|---|
| 278 | } else {
|
|---|
| 279 | srv.SetConfig(serverCfg)
|
|---|
| [475] | 280 | }
|
|---|
| 281 | case syscall.SIGINT, syscall.SIGTERM:
|
|---|
| 282 | log.Print("shutting down server")
|
|---|
| 283 | srv.Shutdown()
|
|---|
| 284 | return
|
|---|
| 285 | }
|
|---|
| 286 | }
|
|---|
| [98] | 287 | }
|
|---|
| [418] | 288 |
|
|---|
| 289 | func proxyProtoListener(ln net.Listener, srv *soju.Server) net.Listener {
|
|---|
| 290 | return &proxyproto.Listener{
|
|---|
| 291 | Listener: ln,
|
|---|
| 292 | Policy: func(upstream net.Addr) (proxyproto.Policy, error) {
|
|---|
| 293 | tcpAddr, ok := upstream.(*net.TCPAddr)
|
|---|
| 294 | if !ok {
|
|---|
| 295 | return proxyproto.IGNORE, nil
|
|---|
| 296 | }
|
|---|
| [691] | 297 | if srv.Config().AcceptProxyIPs.Contains(tcpAddr.IP) {
|
|---|
| [418] | 298 | return proxyproto.USE, nil
|
|---|
| 299 | }
|
|---|
| 300 | return proxyproto.IGNORE, nil
|
|---|
| 301 | },
|
|---|
| [592] | 302 | ReadHeaderTimeout: 5 * time.Second,
|
|---|
| [418] | 303 | }
|
|---|
| 304 | }
|
|---|
