Allow tls listener only

This commit is contained in:
Andrea Spacca 2018-07-07 19:05:16 +02:00
parent 89e37272ed
commit cb0401ec5c
3 changed files with 41 additions and 50 deletions

View file

@ -53,7 +53,8 @@ listener | port to use for http (:80) | |
profile-listener | port to use for profiler (:6060)| | profile-listener | port to use for profiler (:6060)| |
force-https | redirect to https | false | force-https | redirect to https | false |
tls-listener | port to use for https (:443) | | tls-listener | port to use for https (:443) | |
tls-cert-file | path to tls certificate | | tls-listener-only | flag to enable tls listener only | |
tls-cert-file | path to tls certificate | |
tls-private-key | path to tls private key | | tls-private-key | path to tls private key | |
http-auth-user | user for basic http auth on upload | | http-auth-user | user for basic http auth on upload | |
http-auth-pass | pass for basic http auth on upload | | http-auth-pass | pass for basic http auth on upload | |

View file

@ -54,6 +54,10 @@ var globalFlags = []cli.Flag{
Usage: "127.0.0.1:8443", Usage: "127.0.0.1:8443",
Value: "", Value: "",
}, },
cli.BoolFlag{
Name: "tls-listener-only",
Usage: "",
},
cli.StringFlag{ cli.StringFlag{
Name: "tls-cert-file", Name: "tls-cert-file",
Value: "", Value: "",
@ -204,8 +208,11 @@ func New() *Cmd {
options = append(options, server.Listener(v)) options = append(options, server.Listener(v))
} }
if v := c.String("tls-listener"); v != "" { if v := c.String("tls-listener"); v == "" {
options = append(options, server.TLSListener(v)) } else if c.Bool("tls-listener-only") {
options = append(options, server.TLSListener(v, true))
} else {
options = append(options, server.TLSListener(v, false))
} }
if v := c.String("profile-listener"); v != "" { if v := c.String("profile-listener"); v != "" {

View file

@ -95,9 +95,10 @@ func UserVoice(userVoiceKey string) OptionFn {
} }
} }
func TLSListener(s string) OptionFn { func TLSListener(s string, t bool) OptionFn {
return func(srvr *Server) { return func(srvr *Server) {
srvr.TLSListenerString = s srvr.TLSListenerString = s
srvr.TLSListenerOnly = t
} }
} }
@ -235,6 +236,8 @@ type Server struct {
gaKey string gaKey string
userVoiceKey string userVoiceKey string
TLSListenerOnly bool
ListenerString string ListenerString string
TLSListenerString string TLSListenerString string
ProfileListenerString string ProfileListenerString string
@ -261,7 +264,11 @@ func init() {
} }
func (s *Server) Run() { func (s *Server) Run() {
listening := false
if s.profilerEnabled { if s.profilerEnabled {
listening = true
go func() { go func() {
fmt.Println("Profiled listening at: :6060") fmt.Println("Profiled listening at: :6060")
@ -363,21 +370,28 @@ func (s *Server) Run() {
mime.AddExtensionType(".md", "text/x-markdown") mime.AddExtensionType(".md", "text/x-markdown")
log.Printf("Transfer.sh server started.\nlistening on port: %v\nusing temp folder: %s\nusing storage provider: %s", s.ListenerString, s.tempPath, s.storage.Type()) log.Printf("Transfer.sh server started.\nusing temp folder: %s\nusing storage provider: %s", s.tempPath, s.storage.Type())
log.Printf("---------------------------")
h := handlers.PanicHandler(handlers.LogHandler(LoveHandler(s.RedirectHandler(r)), handlers.NewLogOptions(log.Printf, "_default_")), nil) h := handlers.PanicHandler(handlers.LogHandler(LoveHandler(s.RedirectHandler(r)), handlers.NewLogOptions(log.Printf, "_default_")), nil)
srvr := &http.Server{ if !s.TLSListenerOnly {
Addr: s.ListenerString, srvr := &http.Server{
Handler: h, Addr: s.ListenerString,
Handler: h,
}
listening = true
log.Printf("listening on port: %v\n", s.ListenerString)
go func() {
srvr.ListenAndServe()
}()
} }
go func() {
srvr.ListenAndServe()
}()
if s.TLSListenerString != "" { if s.TLSListenerString != "" {
listening = true
log.Printf("listening on port: %v\n", s.TLSListenerString)
go func() { go func() {
s := &http.Server{ s := &http.Server{
Addr: s.TLSListenerString, Addr: s.TLSListenerString,
@ -391,48 +405,17 @@ func (s *Server) Run() {
}() }()
} }
/* log.Printf("---------------------------")
cacheDir := "/var/cache/autocert"
if s.LetsEncryptCache != "" {
cacheDir = s.LetsEncryptCache
}
m := autocert.Manager{
Prompt: autocert.AcceptTOS,
Cache: autocert.DirCache(cacheDir),
HostPolicy: func(_ context.Context, host string) error {
if !strings.HasSuffix(host, "transfer.sh") {
return errors.New("acme/autocert: host not configured")
}
return nil
},
}
if s.TLSListenerString != "" {
go func() {
s := &http.Server{
Addr: ":https",
Handler: lh,
TLSConfig: &tls.Config{GetCertificate: m.GetCertificate},
}
if err := s.ListenAndServeTLS("", ""); err != nil {
panic(err)
}
}()
if err := http.ListenAndServe(c.ListenerString, RedirectHandler()); err != nil {
panic(err)
}
}
*/
term := make(chan os.Signal, 1) term := make(chan os.Signal, 1)
signal.Notify(term, os.Interrupt) signal.Notify(term, os.Interrupt)
signal.Notify(term, syscall.SIGTERM) signal.Notify(term, syscall.SIGTERM)
<-term if listening {
<-term
} else {
log.Printf("No listener active.")
}
log.Printf("Server stopped.") log.Printf("Server stopped.")
} }