diff --git a/main-server.service b/main-server.service index 6b10237..4632885 100644 --- a/main-server.service +++ b/main-server.service @@ -1,15 +1,29 @@ [Unit] Description=My main HTTP server -After=network.target syslog.target +After=syslog.target +After=network.target [Service] +# Modify these two values and uncomment them if you have +# repos with lots of files and get an HTTP error 500 because +# of that +### +#LimitMEMLOCK=infinity +#LimitNOFILE=65535 +Type=simple User=kelvin -Type=forking -PIDFile=/tmp/main-server-pid +Group=kelvin +WorkingDirectory=/home/kelvin/main-server ExecStart=/home/kelvin/main-server/main-server -StandardOutput=syslog -StandardError=syslog +Restart=always +Environment=USER=kelvin HOME=/home/kelvin + +# Some distributions may not support these hardening directives. If you cannot start the service due +# to an unknown option, comment out the ones not supported by your version of systemd. +ProtectSystem=full +PrivateDevices=yes +PrivateTmp=yes +NoNewPrivileges=true [Install] -WantedBy=multi-user.target - +WantedBy=multi-user.target diff --git a/main.go b/main.go index 2ef2129..dcac15c 100644 --- a/main.go +++ b/main.go @@ -14,25 +14,15 @@ import ( "net/url" "os" "os/exec" - "path" + "os/signal" "strings" - "syscall" "io/ioutil" - "github.com/sevlyar/go-daemon" "github.com/shurcooL/github_flavored_markdown/gfmstyle" //blackfriday "gopkg.in/russross/blackfriday.v2" ) -var ( - signal = flag.String("s", "", `send signal to the daemon - quit — graceful shutdown - stop — fast shutdown - reload — reloading the configuration file`) - devmode = flag.Bool("dev_mode", false, "whether this server should run in developer mode or not") -) - const DEBUG = false const DOMAIN_NAME = "threefortiethofonehamster.com" @@ -123,91 +113,33 @@ func rootHandler(w http.ResponseWriter, r *http.Request) { } var ( - shutdown chan struct{} = make(chan struct{}) serverShutdown chan struct{} = make(chan struct{}) ) func main() { flag.Parse() - daemon.AddCommand(daemon.StringFlag(signal, "quit"), syscall.SIGQUIT, termHandler) - daemon.AddCommand(daemon.StringFlag(signal, "stop"), syscall.SIGTERM, termHandler) - daemon.AddCommand(daemon.StringFlag(signal, "reload"), syscall.SIGHUP, reloadHandler) - - execName := path.Base(os.Args[0]) - cwd, cwdErr := os.Getwd() - if cwdErr != nil { - log.Fatalln("unable to get cwd:", cwdErr) - } - cntxt := &daemon.Context{ - PidFileName: "/tmp/" + execName + "-pid", - PidFilePerm: 0644, - LogFileName: "/tmp/" + execName + "-log", - LogFilePerm: 0640, - WorkDir: cwd + "/", - Umask: 027, - } - if DEBUG { - cntxt.WorkDir = "." - } - - // TODO: figure out the daemonizing stuff - - if len(daemon.ActiveFlags()) > 0 { - d, err := cntxt.Search() - if err != nil { - log.Fatalln("Unable to send signal to daemon:", err) - } - daemon.SendCommands(d) - return - } - - d, err := cntxt.Reborn() - if err != nil { - log.Fatalln(err) - } - if d != nil { - return - } - defer cntxt.Release() var redirect http.Server var srv http.Server - if !*devmode { - go startRedirectServer(&redirect) - } + go startRedirectServer(&redirect) go startServer(&srv) - go func() { - <-shutdown - log.Println("shutting down server...") - if err := srv.Shutdown(context.Background()); err != nil { - log.Printf("server shutdown error: %v\n", err) - } - if err = redirect.Shutdown(context.Background()); err != nil { - log.Printf("redirect shutdown error: %v\n", err) - } - }() + shutdown := make(chan os.Signal, 1) + signal.Notify(shutdown, os.Interrupt) - err = daemon.ServeSignals() - if err != nil { - log.Println("Error: ", err) + <-shutdown + log.Println("shutting down server...") + if err := srv.Shutdown(context.Background()); err != nil { + log.Printf("server shutdown error: %v\n", err) + } + if err := redirect.Shutdown(context.Background()); err != nil { + log.Printf("redirect shutdown error: %v\n", err) } log.Println("server terminated") } -func termHandler(sig os.Signal) error { - log.Printf("sending shutdown signal...") - close(shutdown) - return daemon.ErrStop -} - -func reloadHandler(sig os.Signal) error { - log.Printf("[WARN] reloading not supported yet") - return nil -} - func readWebhookKey() []byte { b, err := ioutil.ReadFile("webhook_secret") if err != nil { @@ -233,14 +165,20 @@ func startServer(srv *http.Server) { webhookKey := readWebhookKey() serveMux := http.NewServeMux() - if !*devmode { - url, err := url.Parse("http://localhost:8081") - if err != nil { - log.Fatalf("unable to parse reverse proxy path: %v", err) - return - } - serveMux.Handle("dev."+DOMAIN_NAME+"/", httputil.NewSingleHostReverseProxy(url)) + url, err := url.Parse("http://localhost:8081") + if err != nil { + log.Fatalf("unable to parse reverse proxy path: %v", err) + return } + serveMux.Handle("dev."+DOMAIN_NAME+"/", httputil.NewSingleHostReverseProxy(url)) + + gogsUrl, err := url.Parse("http://localhost:7000") + if err != nil { + log.Fatalf("unable to parse reverse proxy path: %v", err) + return + } + serveMux.Handle("git."+DOMAIN_NAME+"/", httputil.NewSingleHostReverseProxy(gogsUrl)) + serveMux.HandleFunc("/", rootHandler) //serveMux.Handle("/certbot/", http.StripPrefix("/certbot/", http.FileServer(http.Dir("./certbot-tmp")))) serveMux.Handle("/gfm/", http.StripPrefix("/gfm", http.FileServer(gfmstyle.Assets))) @@ -299,15 +237,10 @@ func startServer(srv *http.Server) { }) } - if *devmode { - srv.Addr = ":8081" - srv.Handler = serveMux - } else { - srv.Addr = ":8443" - srv.Handler = Gzip(serveMux) - } + srv.Addr = ":8443" + srv.Handler = Gzip(serveMux) log.Print("starting server at " + srv.Addr) - if !DEBUG && !*devmode { + if !DEBUG { log.Fatal(srv.ListenAndServeTLS("/etc/letsencrypt/live/"+DOMAIN_NAME+"/fullchain.pem", "/etc/letsencrypt/live/"+DOMAIN_NAME+"/privkey.pem")) } else { @@ -319,15 +252,12 @@ func startServer(srv *http.Server) { func startRedirectServer(srv *http.Server) { serveMux := http.NewServeMux() // copied from https://gist.github.com/d-schmidt/587ceec34ce1334a5e60 - if !*devmode { - url, err := url.Parse("http://localhost:8081") - if err != nil { - log.Fatalf("unable to parse reverse proxy path: %v", err) - return - } - serveMux.Handle("dev."+DOMAIN_NAME+"/", httputil.NewSingleHostReverseProxy(url)) - + url, err := url.Parse("http://localhost:8081") + if err != nil { + log.Fatalf("unable to parse reverse proxy path: %v", err) + return } + serveMux.Handle("dev."+DOMAIN_NAME+"/", httputil.NewSingleHostReverseProxy(url)) serveMux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { target := "https://" + req.Host + req.URL.Path @@ -337,11 +267,7 @@ func startRedirectServer(srv *http.Server) { http.Redirect(w, req, target, http.StatusTemporaryRedirect) }) - if *devmode { - srv.Addr = ":8081" - } else { - srv.Addr = ":8080" - } + srv.Addr = ":8080" srv.Handler = serveMux log.Print("starting server") log.Fatal(srv.ListenAndServe()) diff --git a/restart-server.sh b/restart-server.sh deleted file mode 100755 index f7c9bea..0000000 --- a/restart-server.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -./stop-server.sh -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" - -# lol -sleep 1 -$DIR/main-server diff --git a/static b/static index bb1cf35..fc366bc 160000 --- a/static +++ b/static @@ -1 +1 @@ -Subproject commit bb1cf35fa6ed759fdeb78d405c0f57d06f613c5b +Subproject commit fc366bc93e9d39408bd344cfc4578d9ed5e75dd4 diff --git a/stop-server.sh b/stop-server.sh deleted file mode 100755 index a4a0592..0000000 --- a/stop-server.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -SCRIPT=`realpath $0` -SCRIPTPATH=`dirname $SCRIPT` -BASENAME=`basename $SCRIPTPATH` -echo "killing $BASENAME" -kill `cat /tmp/$BASENAME-pid`