server,main: simplify config code
This commit is contained in:
parent
9758adc118
commit
ecc31b1eb7
18
main.go
18
main.go
|
|
@ -19,17 +19,19 @@ import (
|
||||||
var (
|
var (
|
||||||
rethinkDBHost = flag.String("rethink-host", "", "RethinkDB host")
|
rethinkDBHost = flag.String("rethink-host", "", "RethinkDB host")
|
||||||
rethinkDBDatabase = flag.String("rethink-database", "", "RethinkDB database")
|
rethinkDBDatabase = flag.String("rethink-database", "", "RethinkDB database")
|
||||||
controlKeyFile = flag.String("control-key-file", "", "Control host keyfile")
|
|
||||||
controlHost = flag.String("control-host", "", "Control host onion hash")
|
|
||||||
torDataDir = flag.String("tor-data-dir", "./var", "Tor data directory")
|
torDataDir = flag.String("tor-data-dir", "./var", "Tor data directory")
|
||||||
torHashedPassword = flag.String("tor-hashed-password", "", "Tor hashed password")
|
torHashedPassword = flag.String("tor-hashed-password", "", "Tor hashed password")
|
||||||
torPassword = flag.String("tor-password", "hunter2", "Tor clear password")
|
torPassword = flag.String("tor-password", "hunter2", "Tor clear password")
|
||||||
|
|
||||||
webPort = flag.String("web-port", "9234", "HTTP ingress port for backends and users")
|
webPort = flag.String("web-port", "9234", "HTTP ingress port for backends and users")
|
||||||
sslPort = flag.String("ssl-port", "", "if set use this port for SSL HTTP requests (certs via LE, you agree to follow their TOS)")
|
sslPort = flag.String("ssl-port", "", "if set use this port for SSL HTTP requests (certs via LE, you agree to follow their TOS)")
|
||||||
domainSuffix = flag.String("domain-suffix", ".apps.xeserv.us", "Domain name suffix associated with the load balancer")
|
|
||||||
backendPort = flag.String("backend-port", "36971", "Port for TCP/TLS backends")
|
backendPort = flag.String("backend-port", "36971", "Port for TCP/TLS backends")
|
||||||
backendKCPPort = flag.String("backend-kcp-port", "23154", "Port for KCP/TLS backends")
|
backendKCPPort = flag.String("backend-kcp-port", "23154", "Port for KCP/TLS backends")
|
||||||
|
|
||||||
|
domainSuffix = flag.String("domain-suffix", ".apps.xeserv.us", "Domain name suffix associated with the load balancer")
|
||||||
|
acmeEmail = flag.String("acme-email", "", "ACME email (must be set for SSL to work)")
|
||||||
|
|
||||||
sslCertKey = flag.String("ssl-cert-key", "", "if set encrypt SSL certs with this key")
|
sslCertKey = flag.String("ssl-cert-key", "", "if set encrypt SSL certs with this key")
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -41,8 +43,6 @@ func main() {
|
||||||
certKey, _ := routecrypto.ParseKey(*sslCertKey)
|
certKey, _ := routecrypto.ParseKey(*sslCertKey)
|
||||||
|
|
||||||
s, err := server.New(server.Config{
|
s, err := server.New(server.Config{
|
||||||
ControlHost: *controlHost,
|
|
||||||
ControlKeyFile: *controlKeyFile,
|
|
||||||
RethinkDBHost: *rethinkDBHost,
|
RethinkDBHost: *rethinkDBHost,
|
||||||
RethinkDBDatabase: *rethinkDBDatabase,
|
RethinkDBDatabase: *rethinkDBDatabase,
|
||||||
TorDataDir: *torDataDir,
|
TorDataDir: *torDataDir,
|
||||||
|
|
@ -63,7 +63,7 @@ func main() {
|
||||||
go setupACME(s)
|
go setupACME(s)
|
||||||
}
|
}
|
||||||
|
|
||||||
l, err := net.Listen("tcp", "0.0.0.0:"+*webPort)
|
l, err := net.Listen("tcp", *webPort)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
@ -71,7 +71,7 @@ func main() {
|
||||||
|
|
||||||
hs := &http.Server{
|
hs := &http.Server{
|
||||||
Handler: s,
|
Handler: s,
|
||||||
Addr: "0.0.0.0:" + *webPort,
|
Addr: ":" + *webPort,
|
||||||
}
|
}
|
||||||
|
|
||||||
hs.Serve(l)
|
hs.Serve(l)
|
||||||
|
|
@ -82,12 +82,12 @@ func setupACME(s *server.Server) {
|
||||||
Prompt: autocert.AcceptTOS,
|
Prompt: autocert.AcceptTOS,
|
||||||
Cache: s.CertCache,
|
Cache: s.CertCache,
|
||||||
HostPolicy: nil,
|
HostPolicy: nil,
|
||||||
Email: "xena@yolo-swag.com",
|
Email: *acmeEmail,
|
||||||
}
|
}
|
||||||
|
|
||||||
hs := &http.Server{
|
hs := &http.Server{
|
||||||
Handler: s,
|
Handler: s,
|
||||||
Addr: "0.0.0.0:" + *sslPort,
|
Addr: ":" + *sslPort,
|
||||||
TLSConfig: &tls.Config{
|
TLSConfig: &tls.Config{
|
||||||
GetCertificate: m.GetCertificate,
|
GetCertificate: m.GetCertificate,
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -6,13 +6,11 @@ import (
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
"errors"
|
"errors"
|
||||||
"io/ioutil"
|
|
||||||
"log"
|
"log"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httputil"
|
"net/http/httputil"
|
||||||
"net/rpc"
|
"net/rpc"
|
||||||
"os"
|
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
@ -21,7 +19,6 @@ import (
|
||||||
"git.xeserv.us/xena/route/lib/elfs"
|
"git.xeserv.us/xena/route/lib/elfs"
|
||||||
"git.xeserv.us/xena/route/lib/tun2"
|
"git.xeserv.us/xena/route/lib/tun2"
|
||||||
"git.xeserv.us/xena/route/routerpc"
|
"git.xeserv.us/xena/route/routerpc"
|
||||||
"git.xeserv.us/xena/route/utils"
|
|
||||||
"github.com/Xe/uuid"
|
"github.com/Xe/uuid"
|
||||||
"github.com/Yawning/bulb"
|
"github.com/Yawning/bulb"
|
||||||
"github.com/brandur/simplebox"
|
"github.com/brandur/simplebox"
|
||||||
|
|
@ -51,11 +48,20 @@ type Server struct {
|
||||||
|
|
||||||
// Config configures Server
|
// Config configures Server
|
||||||
type Config struct {
|
type Config struct {
|
||||||
ControlHost, ControlKeyFile string
|
RethinkDBHost string
|
||||||
RethinkDBHost, RethinkDBDatabase string
|
RethinkDBDatabase string
|
||||||
TorDataDir, TorHashedPassword, TorPassword string
|
|
||||||
WebPort, DomainSuffix, SSLPort, GRPCClientPort string
|
TorDataDir string
|
||||||
BackendPort, KCPPort string
|
TorHashedPassword string
|
||||||
|
TorPassword string
|
||||||
|
|
||||||
|
WebPort string
|
||||||
|
SSLPort string
|
||||||
|
BackendPort string
|
||||||
|
KCPPort string
|
||||||
|
|
||||||
|
DomainSuffix string
|
||||||
|
ACMEEmail string
|
||||||
CertKey *[32]byte
|
CertKey *[32]byte
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -81,27 +87,6 @@ func New(cfg Config) (*Server, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
fin, err := os.Open(cfg.ControlKeyFile)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
defer fin.Close()
|
|
||||||
|
|
||||||
data, err := ioutil.ReadAll(fin)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
pKey, err := utils.PemToRSAPrivateKey(data)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
_, err = t.AddOnion(pKey, RPCPort, l.Addr().String())
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
rpcs := rpc.NewServer()
|
rpcs := rpc.NewServer()
|
||||||
|
|
||||||
s := &Server{
|
s := &Server{
|
||||||
|
|
@ -122,13 +107,15 @@ func New(cfg Config) (*Server, error) {
|
||||||
Prompt: autocert.AcceptTOS,
|
Prompt: autocert.AcceptTOS,
|
||||||
Cache: s.CertCache,
|
Cache: s.CertCache,
|
||||||
HostPolicy: nil,
|
HostPolicy: nil,
|
||||||
Email: "xena@yolo-swag.com",
|
Email: cfg.ACMEEmail,
|
||||||
}
|
}
|
||||||
|
|
||||||
if cfg.CertKey != nil {
|
if cfg.CertKey == nil {
|
||||||
s.CertCache.SimpleBox = simplebox.NewFromSecretKey(cfg.CertKey)
|
return nil, errors.New("no cert decryption key, can't do anything")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
s.CertCache.SimpleBox = simplebox.NewFromSecretKey(cfg.CertKey)
|
||||||
|
|
||||||
tcfg := &tun2.ServerConfig{
|
tcfg := &tun2.ServerConfig{
|
||||||
TCPAddr: cfg.BackendPort,
|
TCPAddr: cfg.BackendPort,
|
||||||
KCPAddr: cfg.KCPPort,
|
KCPAddr: cfg.KCPPort,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue