Context Navigation

source: code/trunk/cmd/soju/main.go@ 705

Last change on this file since 705 was 705, checked in by contact, 4 years ago

Add per-user IP addresses

The new upstream-user-ip directive allows bouncer operators to
assign one IP address per user.

File size: 7.2 KB

Line
1	package main
2
3	import (
4	"context"
5	"crypto/tls"
6	"flag"
7	"fmt"
8	"io/ioutil"
9	"log"
10	"net"
11	"net/http"
12	"net/url"
13	"os"
14	"os/signal"
15	"strings"
16	"sync/atomic"
17	"syscall"
18	"time"
19
20	"github.com/pires/go-proxyproto"
21
22	"git.sr.ht/~emersion/soju"
23	"git.sr.ht/~emersion/soju/config"
24	)
25
26	// TCP keep-alive interval for downstream TCP connections
27	const downstreamKeepAlive = 1 * time.Hour
28
29	type stringSliceFlag []string
30
31	func (v *stringSliceFlag) String() string {
32	return fmt.Sprint([]string(*v))
33	}
34
35	func (v *stringSliceFlag) Set(s string) error {
36	v = append(v, s)
37	return nil
38	}
39
40	func bumpOpenedFileLimit() error {
41	var rlimit syscall.Rlimit
42	if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &rlimit); err != nil {
43	return fmt.Errorf("failed to get RLIMIT_NOFILE: %v", err)
44	}
45	rlimit.Cur = rlimit.Max
46	if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, &rlimit); err != nil {
47	return fmt.Errorf("failed to set RLIMIT_NOFILE: %v", err)
48	}
49	return nil
50	}
51
52	var (
53	configPath string
54	debug bool
55
56	tlsCert atomic.Value // *tls.Certificate
57	)
58
59	func loadConfig() (config.Server, soju.Config, error) {
60	var raw *config.Server
61	if configPath != "" {
62	var err error
63	raw, err = config.Load(configPath)
64	if err != nil {
65	return nil, nil, fmt.Errorf("failed to load config file: %v", err)
66	}
67	} else {
68	raw = config.Defaults()
69	}
70
71	var motd string
72	if raw.MOTDPath != "" {
73	b, err := ioutil.ReadFile(raw.MOTDPath)
74	if err != nil {
75	return nil, nil, fmt.Errorf("failed to load MOTD: %v", err)
76	}
77	motd = strings.TrimSuffix(string(b), "\n")
78	}
79
80	if raw.TLS != nil {
81	cert, err := tls.LoadX509KeyPair(raw.TLS.CertPath, raw.TLS.KeyPath)
82	if err != nil {
83	return nil, nil, fmt.Errorf("failed to load TLS certificate and key: %v", err)
84	}
85	tlsCert.Store(&cert)
86	}
87
88	cfg := &soju.Config{
89	Hostname: raw.Hostname,
90	Title: raw.Title,
91	LogPath: raw.LogPath,
92	HTTPOrigins: raw.HTTPOrigins,
93	AcceptProxyIPs: raw.AcceptProxyIPs,
94	MaxUserNetworks: raw.MaxUserNetworks,
95	MultiUpstream: raw.MultiUpstream,
96	UpstreamUserIPs: raw.UpstreamUserIPs,
97	Debug: debug,
98	MOTD: motd,
99	}
100	return raw, cfg, nil
101	}
102
103	func main() {
104	var listen []string
105	flag.Var((*stringSliceFlag)(&listen), "listen", "listening address")
106	flag.StringVar(&configPath, "config", "", "path to configuration file")
107	flag.BoolVar(&debug, "debug", false, "enable debug logging")
108	flag.Parse()
109
110	cfg, serverCfg, err := loadConfig()
111	if err != nil {
112	log.Fatal(err)
113	}
114
115	cfg.Listen = append(cfg.Listen, listen...)
116	if len(cfg.Listen) == 0 {
117	cfg.Listen = []string{":6697"}
118	}
119
120	if err := bumpOpenedFileLimit(); err != nil {
121	log.Printf("failed to bump max number of opened files: %v", err)
122	}
123
124	db, err := soju.OpenDB(cfg.SQLDriver, cfg.SQLSource)
125	if err != nil {
126	log.Fatalf("failed to open database: %v", err)
127	}
128
129	var tlsCfg *tls.Config
130	if cfg.TLS != nil {
131	tlsCfg = &tls.Config{
132	GetCertificate: func(tls.ClientHelloInfo) (tls.Certificate, error) {
133	return tlsCert.Load().(*tls.Certificate), nil
134	},
135	}
136	}
137
138	srv := soju.NewServer(db)
139	srv.SetConfig(serverCfg)
140
141	for _, listen := range cfg.Listen {
142	listenURI := listen
143	if !strings.Contains(listenURI, ":/") {
144	// This is a raw domain name, make it an URL with an empty scheme
145	listenURI = "//" + listenURI
146	}
147	u, err := url.Parse(listenURI)
148	if err != nil {
149	log.Fatalf("failed to parse listen URI %q: %v", listen, err)
150	}
151
152	switch u.Scheme {
153	case "ircs", "":
154	if tlsCfg == nil {
155	log.Fatalf("failed to listen on %q: missing TLS configuration", listen)
156	}
157	host := u.Host
158	if _, _, err := net.SplitHostPort(host); err != nil {
159	host = host + ":6697"
160	}
161	ircsTLSCfg := tlsCfg.Clone()
162	ircsTLSCfg.NextProtos = []string{"irc"}
163	lc := net.ListenConfig{
164	KeepAlive: downstreamKeepAlive,
165	}
166	l, err := lc.Listen(context.Background(), "tcp", host)
167	if err != nil {
168	log.Fatalf("failed to start TLS listener on %q: %v", listen, err)
169	}
170	ln := tls.NewListener(l, ircsTLSCfg)
171	ln = proxyProtoListener(ln, srv)
172	go func() {
173	if err := srv.Serve(ln); err != nil {
174	log.Printf("serving %q: %v", listen, err)
175	}
176	}()
177	case "irc+insecure":
178	host := u.Host
179	if _, _, err := net.SplitHostPort(host); err != nil {
180	host = host + ":6667"
181	}
182	lc := net.ListenConfig{
183	KeepAlive: downstreamKeepAlive,
184	}
185	ln, err := lc.Listen(context.Background(), "tcp", host)
186	if err != nil {
187	log.Fatalf("failed to start listener on %q: %v", listen, err)
188	}
189	ln = proxyProtoListener(ln, srv)
190	go func() {
191	if err := srv.Serve(ln); err != nil {
192	log.Printf("serving %q: %v", listen, err)
193	}
194	}()
195	case "unix":
196	ln, err := net.Listen("unix", u.Path)
197	if err != nil {
198	log.Fatalf("failed to start listener on %q: %v", listen, err)
199	}
200	ln = proxyProtoListener(ln, srv)
201	go func() {
202	if err := srv.Serve(ln); err != nil {
203	log.Printf("serving %q: %v", listen, err)
204	}
205	}()
206	case "wss":
207	if tlsCfg == nil {
208	log.Fatalf("failed to listen on %q: missing TLS configuration", listen)
209	}
210	addr := u.Host
211	if _, _, err := net.SplitHostPort(addr); err != nil {
212	addr = addr + ":https"
213	}
214	httpSrv := http.Server{
215	Addr: addr,
216	TLSConfig: tlsCfg,
217	Handler: srv,
218	}
219	go func() {
220	if err := httpSrv.ListenAndServeTLS("", ""); err != nil {
221	log.Fatalf("serving %q: %v", listen, err)
222	}
223	}()
224	case "ws+insecure":
225	addr := u.Host
226	if _, _, err := net.SplitHostPort(addr); err != nil {
227	addr = addr + ":http"
228	}
229	httpSrv := http.Server{
230	Addr: addr,
231	Handler: srv,
232	}
233	go func() {
234	if err := httpSrv.ListenAndServe(); err != nil {
235	log.Fatalf("serving %q: %v", listen, err)
236	}
237	}()
238	case "ident":
239	if srv.Identd == nil {
240	srv.Identd = soju.NewIdentd()
241	}
242
243	host := u.Host
244	if _, _, err := net.SplitHostPort(host); err != nil {
245	host = host + ":113"
246	}
247	ln, err := net.Listen("tcp", host)
248	if err != nil {
249	log.Fatalf("failed to start listener on %q: %v", listen, err)
250	}
251	ln = proxyProtoListener(ln, srv)
252	go func() {
253	if err := srv.Identd.Serve(ln); err != nil {
254	log.Printf("serving %q: %v", listen, err)
255	}
256	}()
257	default:
258	log.Fatalf("failed to listen on %q: unsupported scheme", listen)
259	}
260
261	log.Printf("server listening on %q", listen)
262	}
263
264	sigCh := make(chan os.Signal, 1)
265	signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM, syscall.SIGHUP)
266
267	if err := srv.Start(); err != nil {
268	log.Fatal(err)
269	}
270
271	for sig := range sigCh {
272	switch sig {
273	case syscall.SIGHUP:
274	log.Print("reloading configuration")
275	_, serverCfg, err := loadConfig()
276	if err != nil {
277	log.Printf("failed to reloading configuration: %v", err)
278	} else {
279	srv.SetConfig(serverCfg)
280	}
281	case syscall.SIGINT, syscall.SIGTERM:
282	log.Print("shutting down server")
283	srv.Shutdown()
284	return
285	}
286	}
287	}
288
289	func proxyProtoListener(ln net.Listener, srv *soju.Server) net.Listener {
290	return &proxyproto.Listener{
291	Listener: ln,
292	Policy: func(upstream net.Addr) (proxyproto.Policy, error) {
293	tcpAddr, ok := upstream.(*net.TCPAddr)
294	if !ok {
295	return proxyproto.IGNORE, nil
296	}
297	if srv.Config().AcceptProxyIPs.Contains(tcpAddr.IP) {
298	return proxyproto.USE, nil
299	}
300	return proxyproto.IGNORE, nil
301	},
302	ReadHeaderTimeout: 5 * time.Second,
303	}
304	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: