98 lines
2.5 KiB
Go
98 lines
2.5 KiB
Go
package main
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"flag"
|
|
"log"
|
|
"math/rand"
|
|
"net"
|
|
"net/http"
|
|
"time"
|
|
|
|
"git.xeserv.us/xena/route/lib/routecrypto"
|
|
"git.xeserv.us/xena/route/server"
|
|
"github.com/facebookgo/flagenv"
|
|
_ "github.com/joho/godotenv/autoload"
|
|
"golang.org/x/crypto/acme/autocert"
|
|
)
|
|
|
|
var (
|
|
rethinkDBHost = flag.String("rethink-host", "", "RethinkDB host")
|
|
rethinkDBDatabase = flag.String("rethink-database", "", "RethinkDB database")
|
|
|
|
torDataDir = flag.String("tor-data-dir", "./var", "Tor data directory")
|
|
torHashedPassword = flag.String("tor-hashed-password", "", "Tor hashed password")
|
|
torPassword = flag.String("tor-password", "hunter2", "Tor clear password")
|
|
|
|
webPort = flag.String("web-port", "9234", "HTTP ingress port for backends and users")
|
|
sslPort = flag.String("ssl-port", "", "if set use this port for SSL HTTP requests (certs via LE, you agree to follow their TOS)")
|
|
backendPort = flag.String("backend-port", "36971", "Port for TCP/TLS backends")
|
|
backendKCPPort = flag.String("backend-kcp-port", "23154", "Port for KCP/TLS backends")
|
|
|
|
domainSuffix = flag.String("domain-suffix", ".apps.xeserv.us", "Domain name suffix associated with the load balancer")
|
|
acmeEmail = flag.String("acme-email", "", "ACME email (must be set for SSL to work)")
|
|
|
|
sslCertKey = flag.String("ssl-cert-key", "", "if set encrypt SSL certs with this key")
|
|
)
|
|
|
|
func main() {
|
|
flag.Parse()
|
|
flagenv.Parse()
|
|
rand.Seed(time.Now().Unix())
|
|
|
|
certKey, _ := routecrypto.ParseKey(*sslCertKey)
|
|
|
|
s, err := server.New(server.Config{
|
|
RethinkDBHost: *rethinkDBHost,
|
|
RethinkDBDatabase: *rethinkDBDatabase,
|
|
TorDataDir: *torDataDir,
|
|
TorHashedPassword: *torHashedPassword,
|
|
TorPassword: *torPassword,
|
|
WebPort: *webPort,
|
|
SSLPort: *sslPort,
|
|
DomainSuffix: *domainSuffix,
|
|
CertKey: certKey,
|
|
BackendPort: ":" + *backendPort,
|
|
KCPPort: ":" + *backendKCPPort,
|
|
})
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
|
|
if *sslPort != "" {
|
|
go setupACME(s)
|
|
}
|
|
|
|
l, err := net.Listen("tcp", ":"+*webPort)
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
defer l.Close()
|
|
|
|
hs := &http.Server{
|
|
Handler: s,
|
|
Addr: ":" + *webPort,
|
|
}
|
|
|
|
hs.Serve(l)
|
|
}
|
|
|
|
func setupACME(s *server.Server) {
|
|
m := autocert.Manager{
|
|
Prompt: autocert.AcceptTOS,
|
|
Cache: s.CertCache,
|
|
HostPolicy: nil,
|
|
Email: *acmeEmail,
|
|
}
|
|
|
|
hs := &http.Server{
|
|
Handler: s,
|
|
Addr: ":" + *sslPort,
|
|
TLSConfig: &tls.Config{
|
|
GetCertificate: m.GetCertificate,
|
|
},
|
|
}
|
|
|
|
hs.ListenAndServeTLS("", "")
|
|
}
|