route/cmd/routed/main.go

package main

import (
	"context"
	"crypto/tls"
	"flag"
	"math/rand"
	"net"
	"net/http"
	"time"

	_ "git.xeserv.us/xena/route/internal"
	"git.xeserv.us/xena/route/internal/middleware"
	"git.xeserv.us/xena/route/internal/routecrypto"
	"github.com/Xe/ln"
	"github.com/caarlos0/env"
	"github.com/facebookgo/flagenv"
	_ "github.com/joho/godotenv/autoload"
	"github.com/lucas-clemente/quic-go/h2quic"
)

var (
	sslCertKey = flag.String("ssl-cert-key", "", "if set encrypt SSL certs with this key")
)

func main() {
	flag.Parse()
	flagenv.Parse()
	rand.Seed(time.Now().Unix())
	ctx, cancel := context.WithCancel(context.Background())
	defer cancel()

	certKey, _ := routecrypto.ParseKey(*sslCertKey)

	scfg := Config{}
	err := env.Parse(&scfg)
	if err != nil {
		ln.FatalErr(ctx, err, ln.Action("parsing environment for config"))
	}
	scfg.CertKey = certKey

	s, err := New(scfg)
	if err != nil {
		ln.FatalErr(ctx, err, ln.Action("create server instance"))
	}

	go setupQuic(s, scfg)
	go setupTLS(s, scfg)

	// listen on HTTP listener
	l, err := net.Listen("tcp", scfg.WebAddr)
	if err != nil {
		ln.FatalErr(ctx, err, ln.Action("listening on HTTP port"), ln.F{"addr": scfg.WebAddr})
	}
	defer l.Close()

	hs := &http.Server{
		Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			switch r.Method {
			case http.MethodPatch, http.MethodPut, http.MethodPost:
				http.Error(w, "use https", http.StatusNotAcceptable)
				ln.Log(r.Context(), ln.Action("cannot redirect (wrong method)"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})
				return
			}

			r.URL.Host = r.Host
			r.URL.Scheme = "https"

			ln.Log(r.Context(), ln.Action("redirecting insecure HTTP to HTTPS"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})

			http.Redirect(w, r, r.URL.String(), http.StatusPermanentRedirect)
		}),
		Addr: scfg.WebAddr,
	}

	hs.Serve(l)
}

func setupQuic(s *Server, scfg Config) {
	qs := &h2quic.Server{
		Server: &http.Server{
			Handler: middleware.Trace(s),
			Addr:    scfg.QuicAddr,
			TLSConfig: &tls.Config{
				GetCertificate: s.GetCertificate,
			},
		},
	}

	s.QuicServer = qs

	for {
		ln.FatalErr(context.Background(), qs.ListenAndServe())
	}
}

func setupTLS(s *Server, scfg Config) {
	hs := &http.Server{
		Handler: middleware.Trace(s),
		Addr:    scfg.SSLAddr,
		TLSConfig: &tls.Config{
			GetCertificate: s.GetCertificate,
		},
	}

	for {
		ln.FatalErr(context.Background(), hs.ListenAndServeTLS("", ""))
	}
}
Initial commit 2017-01-18 09:57:18 +00:00			`package main`

			`import (`
all: update use of ln 2017-10-01 13:28:13 +00:00			`"context"`
Let's Encrypt! 2017-01-22 18:16:18 +00:00			`"crypto/tls"`
Initial commit 2017-01-18 09:57:18 +00:00			`"flag"`
			`"math/rand"`
			`"net"`
			`"net/http"`
			`"time"`

start adding go stdlib tracing 2017-10-01 13:54:56 +00:00			`_ "git.xeserv.us/xena/route/internal"`
			`"git.xeserv.us/xena/route/internal/middleware"`
move routecrypto and server into internal 2017-09-30 13:50:24 +00:00			`"git.xeserv.us/xena/route/internal/routecrypto"`
main: clean up and use env 2017-04-28 23:28:03 +00:00			`"github.com/Xe/ln"`
			`"github.com/caarlos0/env"`
Initial commit 2017-01-18 09:57:18 +00:00			`"github.com/facebookgo/flagenv"`
			`_ "github.com/joho/godotenv/autoload"`
cmd/routed: add quic support 2017-12-12 02:51:45 +00:00			`"github.com/lucas-clemente/quic-go/h2quic"`
Initial commit 2017-01-18 09:57:18 +00:00			`)`

			`var (`
encrypt inserted SSL certificates 2017-01-26 04:22:27 +00:00			`sslCertKey = flag.String("ssl-cert-key", "", "if set encrypt SSL certs with this key")`
Initial commit 2017-01-18 09:57:18 +00:00			`)`

			`func main() {`
			`flag.Parse()`
			`flagenv.Parse()`
			`rand.Seed(time.Now().Unix())`
all: update use of ln 2017-10-01 13:28:13 +00:00			`ctx, cancel := context.WithCancel(context.Background())`
			`defer cancel()`
Initial commit 2017-01-18 09:57:18 +00:00
encrypt inserted SSL certificates 2017-01-26 04:22:27 +00:00			`certKey, _ := routecrypto.ParseKey(*sslCertKey)`

cmd/routed: move internal/server here 2017-12-15 18:18:13 +00:00			`scfg := Config{}`
main: clean up and use env 2017-04-28 23:28:03 +00:00			`err := env.Parse(&scfg)`
Initial commit 2017-01-18 09:57:18 +00:00			`if err != nil {`
all: update use of ln 2017-10-01 13:28:13 +00:00			`ln.FatalErr(ctx, err, ln.Action("parsing environment for config"))`
Initial commit 2017-01-18 09:57:18 +00:00			`}`
main: clean up and use env 2017-04-28 23:28:03 +00:00			`scfg.CertKey = certKey`
Initial commit 2017-01-18 09:57:18 +00:00
cmd/routed: move internal/server here 2017-12-15 18:18:13 +00:00			`s, err := New(scfg)`
main: clean up and use env 2017-04-28 23:28:03 +00:00			`if err != nil {`
all: update use of ln 2017-10-01 13:28:13 +00:00			`ln.FatalErr(ctx, err, ln.Action("create server instance"))`
Let's Encrypt! 2017-01-22 18:16:18 +00:00			`}`

cmd/routed: actually enable quic oops 2018-01-03 18:45:43 +00:00			`go setupQuic(s, scfg)`
main: clean up and use env 2017-04-28 23:28:03 +00:00			`go setupTLS(s, scfg)`

all: update use of ln 2017-10-01 13:28:13 +00:00			`// listen on HTTP listener`
main: clean up and use env 2017-04-28 23:28:03 +00:00			`l, err := net.Listen("tcp", scfg.WebAddr)`
Initial commit 2017-01-18 09:57:18 +00:00			`if err != nil {`
all: update use of ln 2017-10-01 13:28:13 +00:00			`ln.FatalErr(ctx, err, ln.Action("listening on HTTP port"), ln.F{"addr": scfg.WebAddr})`
Initial commit 2017-01-18 09:57:18 +00:00			`}`
			`defer l.Close()`

			`hs := &http.Server{`
cmd/routed: configure the http listener to redirect if the method allows redirecting 2017-10-01 18:29:31 +00:00			`Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {`
			`switch r.Method {`
			`case http.MethodPatch, http.MethodPut, http.MethodPost:`
			`http.Error(w, "use https", http.StatusNotAcceptable)`
			`ln.Log(r.Context(), ln.Action("cannot redirect (wrong method)"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})`
			`return`
			`}`

cmd/routed: redirect better 2017-10-01 18:01:18 +00:00			`r.URL.Host = r.Host`
cmd/routed: only serve sites over https 2017-10-01 17:57:52 +00:00			`r.URL.Scheme = "https"`
cmd/routed: log http redirects 2017-10-01 18:04:19 +00:00
cmd/routed: configure the http listener to redirect if the method allows redirecting 2017-10-01 18:29:31 +00:00			`ln.Log(r.Context(), ln.Action("redirecting insecure HTTP to HTTPS"), ln.F{"remote": r.RemoteAddr, "host": r.Host, "path": r.URL.Path})`
cmd/routed: log http redirects 2017-10-01 18:04:19 +00:00
cmd/routed: only serve sites over https 2017-10-01 17:57:52 +00:00			`http.Redirect(w, r, r.URL.String(), http.StatusPermanentRedirect)`
cmd/routed: configure the http listener to redirect if the method allows redirecting 2017-10-01 18:29:31 +00:00			`}),`
cmd/routed: only serve sites over https 2017-10-01 17:57:52 +00:00			`Addr: scfg.WebAddr,`
Initial commit 2017-01-18 09:57:18 +00:00			`}`

			`hs.Serve(l)`
			`}`
Let's Encrypt! 2017-01-22 18:16:18 +00:00
cmd/routed: move internal/server here 2017-12-15 18:18:13 +00:00			`func setupQuic(s *Server, scfg Config) {`
cmd/routed: add quic support 2017-12-12 02:51:45 +00:00			`qs := &h2quic.Server{`
			`Server: &http.Server{`
			`Handler: middleware.Trace(s),`
			`Addr: scfg.QuicAddr,`
			`TLSConfig: &tls.Config{`
			`GetCertificate: s.GetCertificate,`
			`},`
			`},`
			`}`

cmd/routed: alt-svc fix again 2018-01-03 19:12:21 +00:00			`s.QuicServer = qs`

cmd/routed: add quic support 2017-12-12 02:51:45 +00:00			`for {`
cmd/routed: quic fix 2018-01-03 18:58:55 +00:00			`ln.FatalErr(context.Background(), qs.ListenAndServe())`
cmd/routed: add quic support 2017-12-12 02:51:45 +00:00			`}`
			`}`

cmd/routed: move internal/server here 2017-12-15 18:18:13 +00:00			`func setupTLS(s *Server, scfg Config) {`
Let's Encrypt! 2017-01-22 18:16:18 +00:00			`hs := &http.Server{`
start adding go stdlib tracing 2017-10-01 13:54:56 +00:00			`Handler: middleware.Trace(s),`
main: clean up and use env 2017-04-28 23:28:03 +00:00			`Addr: scfg.SSLAddr,`
Let's Encrypt! 2017-01-22 18:16:18 +00:00			`TLSConfig: &tls.Config{`
main: clean up and use env 2017-04-28 23:28:03 +00:00			`GetCertificate: s.GetCertificate,`
Let's Encrypt! 2017-01-22 18:16:18 +00:00			`},`
			`}`

all: update use of ln 2017-10-01 13:28:13 +00:00			`for {`
cmd/routed: ensure quic is working 2018-01-03 18:53:26 +00:00			`ln.FatalErr(context.Background(), hs.ListenAndServeTLS("", ""))`
all: update use of ln 2017-10-01 13:28:13 +00:00			`}`
Let's Encrypt! 2017-01-22 18:16:18 +00:00			`}`