source: code/trunk/cmd/soju/main.go@ 475

Last change on this file since 475 was 475, checked in by contact, 4 years ago

Reload TLS certs on SIGHUP

References: https://todo.sr.ht/~emersion/soju/42
File size: 5.4 KB
Line 
1package main
2
3import (
4 "crypto/tls"
5 "flag"
6 "log"
7 "net"
8 "net/http"
9 "net/url"
10 "os"
11 "os/signal"
12 "strings"
13 "sync/atomic"
14 "syscall"
15
16 "github.com/pires/go-proxyproto"
17
18 "git.sr.ht/~emersion/soju"
19 "git.sr.ht/~emersion/soju/config"
20)
21
22func main() {
23 var listen, configPath string
24 var debug bool
25 flag.StringVar(&listen, "listen", "", "listening address")
26 flag.StringVar(&configPath, "config", "", "path to configuration file")
27 flag.BoolVar(&debug, "debug", false, "enable debug logging")
28 flag.Parse()
29
30 var cfg *config.Server
31 if configPath != "" {
32 var err error
33 cfg, err = config.Load(configPath)
34 if err != nil {
35 log.Fatalf("failed to load config file: %v", err)
36 }
37 } else {
38 cfg = config.Defaults()
39 }
40
41 if listen != "" {
42 cfg.Listen = append(cfg.Listen, listen)
43 }
44 if len(cfg.Listen) == 0 {
45 cfg.Listen = []string{":6697"}
46 }
47
48 db, err := soju.OpenSQLDB(cfg.SQLDriver, cfg.SQLSource)
49 if err != nil {
50 log.Fatalf("failed to open database: %v", err)
51 }
52
53 var tlsCfg *tls.Config
54 var tlsCert atomic.Value
55 if cfg.TLS != nil {
56 cert, err := tls.LoadX509KeyPair(cfg.TLS.CertPath, cfg.TLS.KeyPath)
57 if err != nil {
58 log.Fatalf("failed to load TLS certificate and key: %v", err)
59 }
60 tlsCert.Store(cert)
61
62 tlsCfg = &tls.Config{
63 GetCertificate: func(*tls.ClientHelloInfo) (*tls.Certificate, error) {
64 return tlsCert.Load().(*tls.Certificate), nil
65 },
66 }
67 }
68
69 srv := soju.NewServer(db)
70 // TODO: load from config/DB
71 srv.Hostname = cfg.Hostname
72 srv.LogPath = cfg.LogPath
73 srv.HTTPOrigins = cfg.HTTPOrigins
74 srv.AcceptProxyIPs = cfg.AcceptProxyIPs
75 srv.Debug = debug
76
77 for _, listen := range cfg.Listen {
78 listenURI := listen
79 if !strings.Contains(listenURI, ":/") {
80 // This is a raw domain name, make it an URL with an empty scheme
81 listenURI = "//" + listenURI
82 }
83 u, err := url.Parse(listenURI)
84 if err != nil {
85 log.Fatalf("failed to parse listen URI %q: %v", listen, err)
86 }
87
88 switch u.Scheme {
89 case "ircs", "":
90 if tlsCfg == nil {
91 log.Fatalf("failed to listen on %q: missing TLS configuration", listen)
92 }
93 host := u.Host
94 if _, _, err := net.SplitHostPort(host); err != nil {
95 host = host + ":6697"
96 }
97 ircsTLSCfg := tlsCfg.Clone()
98 ircsTLSCfg.NextProtos = []string{"irc"}
99 ln, err := tls.Listen("tcp", host, ircsTLSCfg)
100 if err != nil {
101 log.Fatalf("failed to start TLS listener on %q: %v", listen, err)
102 }
103 ln = proxyProtoListener(ln, srv)
104 go func() {
105 if err := srv.Serve(ln); err != nil {
106 log.Printf("serving %q: %v", listen, err)
107 }
108 }()
109 case "irc+insecure":
110 host := u.Host
111 if _, _, err := net.SplitHostPort(host); err != nil {
112 host = host + ":6667"
113 }
114 ln, err := net.Listen("tcp", host)
115 if err != nil {
116 log.Fatalf("failed to start listener on %q: %v", listen, err)
117 }
118 ln = proxyProtoListener(ln, srv)
119 go func() {
120 if err := srv.Serve(ln); err != nil {
121 log.Printf("serving %q: %v", listen, err)
122 }
123 }()
124 case "unix":
125 ln, err := net.Listen("unix", u.Path)
126 if err != nil {
127 log.Fatalf("failed to start listener on %q: %v", listen, err)
128 }
129 ln = proxyProtoListener(ln, srv)
130 go func() {
131 if err := srv.Serve(ln); err != nil {
132 log.Printf("serving %q: %v", listen, err)
133 }
134 }()
135 case "wss":
136 addr := u.Host
137 if _, _, err := net.SplitHostPort(addr); err != nil {
138 addr = addr + ":https"
139 }
140 httpSrv := http.Server{
141 Addr: addr,
142 TLSConfig: tlsCfg,
143 Handler: srv,
144 }
145 go func() {
146 if err := httpSrv.ListenAndServeTLS("", ""); err != nil {
147 log.Fatalf("serving %q: %v", listen, err)
148 }
149 }()
150 case "ws+insecure":
151 addr := u.Host
152 if _, _, err := net.SplitHostPort(addr); err != nil {
153 addr = addr + ":http"
154 }
155 httpSrv := http.Server{
156 Addr: addr,
157 Handler: srv,
158 }
159 go func() {
160 if err := httpSrv.ListenAndServe(); err != nil {
161 log.Fatalf("serving %q: %v", listen, err)
162 }
163 }()
164 case "ident":
165 if srv.Identd == nil {
166 srv.Identd = soju.NewIdentd()
167 }
168
169 host := u.Host
170 if _, _, err := net.SplitHostPort(host); err != nil {
171 host = host + ":113"
172 }
173 ln, err := net.Listen("tcp", host)
174 if err != nil {
175 log.Fatalf("failed to start listener on %q: %v", listen, err)
176 }
177 ln = proxyProtoListener(ln, srv)
178 go func() {
179 if err := srv.Identd.Serve(ln); err != nil {
180 log.Printf("serving %q: %v", listen, err)
181 }
182 }()
183 default:
184 log.Fatalf("failed to listen on %q: unsupported scheme", listen)
185 }
186
187 log.Printf("server listening on %q", listen)
188 }
189
190 sigCh := make(chan os.Signal, 1)
191 signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM, syscall.SIGHUP)
192
193 if err := srv.Start(); err != nil {
194 log.Fatal(err)
195 }
196
197 for sig := range sigCh {
198 switch sig {
199 case syscall.SIGHUP:
200 if cfg.TLS != nil {
201 log.Print("reloading TLS certificate")
202 cert, err := tls.LoadX509KeyPair(cfg.TLS.CertPath, cfg.TLS.KeyPath)
203 if err != nil {
204 log.Printf("failed to reload TLS certificate and key: %v", err)
205 break
206 }
207 tlsCert.Store(cert)
208 }
209 case syscall.SIGINT, syscall.SIGTERM:
210 log.Print("shutting down server")
211 srv.Shutdown()
212 return
213 }
214 }
215}
216
217func proxyProtoListener(ln net.Listener, srv *soju.Server) net.Listener {
218 return &proxyproto.Listener{
219 Listener: ln,
220 Policy: func(upstream net.Addr) (proxyproto.Policy, error) {
221 tcpAddr, ok := upstream.(*net.TCPAddr)
222 if !ok {
223 return proxyproto.IGNORE, nil
224 }
225 if srv.AcceptProxyIPs.Contains(tcpAddr.IP) {
226 return proxyproto.USE, nil
227 }
228 return proxyproto.IGNORE, nil
229 },
230 }
231}
Note: See TracBrowser for help on using the repository browser.