micropelago/domani
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cleaned up https parameter handling a bit

Browse Source
This commit is contained in:
Brian Picciano 2023-05-20 14:51:36 +02:00
parent 0fd832efdd
commit 9c2bd4e49a
1 changed files with 44 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
src/main.rs
View File

@ -30,7 +30,8 @@ struct Cli {
long,
help = "E.g. '[::]:443', if given then SSL certs will automatically be retrieved for all domains using LetsEncrypt",
env = "DOMIPLY_HTTPS_LISTEN_ADDR",
requires = "domain_acme_contact_email"
requires = "domain_acme_contact_email",
requires = "domain_acme_store_dir_path"
)]
https_listen_addr: Option<SocketAddr>,
@ -49,13 +50,24 @@ struct Cli {
#[arg(long, required = true, env = "DOMIPLY_DOMAIN_CONFIG_STORE_DIR_PATH")]
domain_config_store_dir_path: path::PathBuf,
#[arg(long, required = true, env = "DOMIPLY_DOMAIN_ACME_STORE_DIR_PATH")]
domain_acme_store_dir_path: path::PathBuf,
#[arg(long, env = "DOMIPLY_DOMAIN_ACME_STORE_DIR_PATH")]
domain_acme_store_dir_path: Option<path::PathBuf>,
#[arg(long, env = "DOMIPLY_DOMAIN_ACME_CONTACT_EMAIL")]
domain_acme_contact_email: Option<String>,
}
#[derive(Clone)]
struct HTTPSParams<DomainAcmeStore, DomainAcmeManager>
where
DomainAcmeStore: domiply::domain::acme::store::BoxedStore,
DomainAcmeManager: domiply::domain::acme::manager::BoxedManager,
{
https_listen_addr: SocketAddr,
domain_acme_store: DomainAcmeStore,
domain_acme_manager: DomainAcmeManager,
}
#[tokio::main]
async fn main() {
let config = Cli::parse();
@ -95,10 +107,11 @@ async fn main() {
let domain_config_store = domiply::domain::config::new(&config.domain_config_store_dir_path)
.expect("domain config store initialized");
let (domain_acme_store, domain_acme_manager) = if config.https_listen_addr.is_some() {
let domain_acme_store =
domiply::domain::acme::store::new(&config.domain_acme_store_dir_path)
.expect("domain acme store initialized");
let https_params = if let Some(https_listen_addr) = config.https_listen_addr {
let domain_acme_store_dir_path = config.domain_acme_store_dir_path.unwrap();
let domain_acme_store = domiply::domain::acme::store::new(&domain_acme_store_dir_path)
.expect("domain acme store initialized");
// if https_listen_addr is set then domain_acme_contact_email is required, see the Cli/clap
// settings.
@ -111,20 +124,26 @@ async fn main() {
.await
.expect("domain acme manager initialized");
(Some(domain_acme_store), Some(domain_acme_manager))
Some(HTTPSParams {
https_listen_addr,
domain_acme_store,
domain_acme_manager,
})
} else {
(None, None)
None
};
let manager = domiply::domain::manager::new(
let domain_manager = domiply::domain::manager::new(
origin_store,
domain_config_store,
domain_checker,
domain_acme_manager.clone(),
https_params
.as_ref()
.and_then(|p| Some(p.domain_acme_manager.clone())),
);
wait_group.push({
let manager = manager.clone();
let domain_manager = domain_manager.clone();
let canceller = canceller.clone();
tokio::spawn(async move {
@ -136,7 +155,7 @@ async fn main() {
_ = canceller.cancelled() => return,
}
let errors_iter = manager.sync_all_origins();
let errors_iter = domain_manager.sync_all_origins();
if let Err(err) = errors_iter {
println!("Got error calling sync_all_origins: {err}");
@ -155,7 +174,7 @@ async fn main() {
});
let service = domiply::service::new(
manager.clone(),
domain_manager.clone(),
config.domain_checker_target_a,
config.passphrase,
config.http_domain.clone(),
@ -200,13 +219,11 @@ async fn main() {
})
});
// if there's an acme manager then it means that https is enabled
if let (Some(domain_acme_store), Some(domain_acme_manager)) =
(domain_acme_store, domain_acme_manager)
{
if let Some(https_params) = https_params {
// Periodically refresh all domain certs, including the http_domain passed in the Cli opts
wait_group.push({
let manager = manager.clone();
let https_params = https_params.clone();
let domain_manager = domain_manager.clone();
let http_domain = config.http_domain.clone();
let canceller = canceller.clone();
@ -219,7 +236,8 @@ async fn main() {
_ = canceller.cancelled() => return,
}
_ = domain_acme_manager
_ = https_params
.domain_acme_manager
.sync_domain(http_domain.clone())
.await
.inspect_err(|err| {
@ -229,7 +247,7 @@ async fn main() {
)
});
let domains_iter = manager.all_domains();
let domains_iter = domain_manager.all_domains();
if let Err(err) = domains_iter {
println!("Got error calling all_domains: {err}");
@ -239,7 +257,8 @@ async fn main() {
for domain in domains_iter.unwrap().into_iter() {
match domain {
Ok(domain) => {
let _ = domain_acme_manager
let _ = https_params
.domain_acme_manager
.sync_domain(domain.clone())
.await
.inspect_err(|err| {
@ -258,6 +277,7 @@ async fn main() {
// HTTPS server
wait_group.push({
let https_params = https_params.clone();
let http_domain = config.http_domain.clone();
let canceller = canceller.clone();
let service = service.clone();
@ -283,11 +303,11 @@ async fn main() {
.with_safe_default_protocol_versions()
.unwrap()
.with_no_client_auth()
.with_cert_resolver(sync::Arc::from(domain_acme_store)),
.with_cert_resolver(sync::Arc::from(https_params.domain_acme_store)),
)
.into();
let addr = config.https_listen_addr.unwrap();
let addr = https_params.https_listen_addr;
let addr_incoming = hyper::server::conn::AddrIncoming::bind(&addr)
.expect("https listen socket created");