Rename primary_domain to interface_domain, and make it optional

This commit is contained in:
Brian Picciano 2023-08-03 11:18:31 +02:00
parent e67cd6725a
commit b44fd575a9
8 changed files with 127 additions and 125 deletions

View File

@ -89,8 +89,8 @@ service:
# Domani can serve the domains. All records given must route to this Domani # Domani can serve the domains. All records given must route to this Domani
# instance. # instance.
# #
# A CNAME record with the primary_domain of this server is automatically # A CNAME record with the interface_domain of this server is automatically
# included. # included, if it's not null itself.
dns_records: dns_records:
#- kind: A #- kind: A
# addr: 127.0.0.1 # addr: 127.0.0.1
@ -105,7 +105,9 @@ service:
# The domain name which will be used to serve the web interface of Domani. If # The domain name which will be used to serve the web interface of Domani. If
# service.http.https_addr is enabled then an HTTPS certificate for this domain # service.http.https_addr is enabled then an HTTPS certificate for this domain
# will be retrieved automatically. # will be retrieved automatically.
#primary_domain: "localhost" #
# This can be set to null to disable the web interface entirely.
#interface_domain: "localhost"
#http: #http:

View File

@ -13,7 +13,6 @@ domain:
public: true public: true
service: service:
passphrase: foobar passphrase: foobar
primary_domain: localhost
dns_records: dns_records:
- kind: A - kind: A
addr: 127.0.0.1 addr: 127.0.0.1

View File

@ -32,14 +32,12 @@ pub struct DNSChecker {
// TODO we should use some kind of connection pool here, I suppose // TODO we should use some kind of connection pool here, I suppose
client: tokio::sync::Mutex<AsyncClient>, client: tokio::sync::Mutex<AsyncClient>,
token_store: Box<dyn token::Store + Send + Sync>, token_store: Box<dyn token::Store + Send + Sync>,
service_primary_domain: domain::Name,
} }
impl DNSChecker { impl DNSChecker {
pub async fn new<TokenStore>( pub async fn new<TokenStore>(
token_store: TokenStore, token_store: TokenStore,
config: &domain::ConfigDNS, config: &domain::ConfigDNS,
service_primary_domain: domain::Name,
) -> Result<Self, unexpected::Error> ) -> Result<Self, unexpected::Error>
where where
TokenStore: token::Store + Send + Sync + 'static, TokenStore: token::Store + Send + Sync + 'static,
@ -52,7 +50,6 @@ impl DNSChecker {
Ok(Self { Ok(Self {
token_store: Box::from(token_store), token_store: Box::from(token_store),
client: tokio::sync::Mutex::new(client), client: tokio::sync::Mutex::new(client),
service_primary_domain,
}) })
} }
@ -111,7 +108,7 @@ impl DNSChecker {
let body = match reqwest::get(format!( let body = match reqwest::get(format!(
"http://{}/.well-known/domani-challenge", "http://{}/.well-known/domani-challenge",
self.service_primary_domain.as_str() domain.as_str(),
)) ))
.await .await
{ {

View File

@ -56,26 +56,25 @@ async fn main() {
}) })
}; };
// primary_cname is a CNAME record which points to the primary domain of the service. Since // inteface_cname is a CNAME record which points to the interface domain of the service.
// the primary domain _must_ point to the service (otherwise HTTPS wouldn't work) it's // Since the interface domain _must_ point to the service (otherwise it wouldn't work) it's
// reasonable to assume that a CNAME on any domain would suffice to point that domain to // reasonable to assume that a CNAME on any domain would suffice to point that domain to
// the service. // the service.
let primary_cname = domani::service::ConfigDNSRecord::CNAME { if let Some(ref interface_domain) = config.service.interface_domain {
name: config.service.primary_domain.clone(), let interface_cname = domani::service::ConfigDNSRecord::CNAME {
name: interface_domain.clone(),
}; };
let dns_records_have_primary_cname = config let dns_records_have_interface_cname = config
.service .service
.dns_records .dns_records
.iter() .iter()
.any(|r| r == &primary_cname); .any(|r| r == &interface_cname);
if !dns_records_have_primary_cname { if !dns_records_have_interface_cname {
log::info!( log::info!("Adding 'CNAME {interface_domain}' to service.dns_records");
"Adding 'CNAME {}' to service.dns_records", config.service.dns_records.push(interface_cname);
&config.service.primary_domain }
);
config.service.dns_records.push(primary_cname);
} }
config config
@ -95,7 +94,6 @@ async fn main() {
let domain_checker = domani::domain::checker::DNSChecker::new( let domain_checker = domani::domain::checker::DNSChecker::new(
domani::token::MemStore::new(), domani::token::MemStore::new(),
&config.domain.dns, &config.domain.dns,
config.service.primary_domain.clone(),
) )
.await .await
.expect("domain checker initialization failed"); .expect("domain checker initialization failed");

View File

@ -2,8 +2,8 @@ use crate::{domain, service};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use std::{net, str::FromStr}; use std::{net, str::FromStr};
fn default_primary_domain() -> domain::Name { fn default_interface_domain() -> Option<domain::Name> {
domain::Name::from_str("localhost").unwrap() Some(domain::Name::from_str("localhost").unwrap())
} }
#[derive(Serialize, Deserialize, Clone, PartialEq)] #[derive(Serialize, Deserialize, Clone, PartialEq)]
@ -28,10 +28,13 @@ impl From<ConfigDNSRecord> for domain::checker::DNSRecord {
pub struct Config { pub struct Config {
pub passphrase: String, pub passphrase: String,
pub dns_records: Vec<ConfigDNSRecord>, pub dns_records: Vec<ConfigDNSRecord>,
#[serde(default = "default_primary_domain")]
pub primary_domain: domain::Name, #[serde(default = "default_interface_domain")]
pub interface_domain: Option<domain::Name>,
#[serde(default)] #[serde(default)]
pub http: service::http::Config, pub http: service::http::Config,
#[serde(default)] #[serde(default)]
pub gemini: service::gemini::Config, pub gemini: service::gemini::Config,
} }

View File

@ -196,11 +196,7 @@ async fn listen(
.with_cert_resolver(service.cert_resolver.clone()), .with_cert_resolver(service.cert_resolver.clone()),
); );
log::info!( log::info!("Listening on gemini://{}", addr);
"Listening on gemini://{}:{}",
&service.config.primary_domain.clone(),
addr,
);
let listener = tokio::net::TcpListener::bind(addr) let listener = tokio::net::TcpListener::bind(addr)
.await .await

View File

@ -10,7 +10,6 @@ use http::request::Parts;
use hyper::{Body, Method, Request, Response}; use hyper::{Body, Method, Request, Response};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use std::str::FromStr;
use std::{future, net, sync}; use std::{future, net, sync};
use crate::error::unexpected; use crate::error::unexpected;
@ -164,7 +163,7 @@ impl Service {
match self.domain_manager.get_file(&domain, &path) { match self.domain_manager.get_file(&domain, &path) {
Ok(f) => self.serve(200, &path, Body::wrap_stream(f)), Ok(f) => self.serve(200, &path, Body::wrap_stream(f)),
Err(domain::manager::GetFileError::DomainNotFound) => { Err(domain::manager::GetFileError::DomainNotFound) => {
return self.render_error_page(404, "Domain not found") return self.render_error_page(404, "Unknown domain name")
} }
Err(domain::manager::GetFileError::FileNotFound) => { Err(domain::manager::GetFileError::FileNotFound) => {
self.render_error_page(404, "File not found") self.render_error_page(404, "File not found")
@ -396,83 +395,7 @@ impl Service {
self.render_page("/domains.html", Response { domains }) self.render_page("/domains.html", Response { domains })
} }
async fn handle_request( async fn serve_interface(&self, req: Request<Body>) -> Response<Body> {
&self,
client_ip: net::IpAddr,
req: Request<Body>,
req_is_https: bool,
) -> Response<Body> {
let maybe_host = match (
req.headers()
.get("Host")
.and_then(|v| v.to_str().ok())
.map(strip_port),
req.uri().host().map(strip_port),
) {
(Some(h), _) if h != self.config.primary_domain.as_str() => Some(h),
(_, Some(h)) if h != self.config.primary_domain.as_str() => Some(h),
_ => None,
}
.and_then(|h| domain::Name::from_str(h).ok());
{
let path = req.uri().path();
// Serving acme challenges always takes priority. We serve them from the same store no
// matter the domain, presumably they are cryptographically random enough that it doesn't
// matter.
if req.method() == Method::GET && path.starts_with("/.well-known/acme-challenge/") {
let token = path.trim_start_matches("/.well-known/acme-challenge/");
if let Ok(key) = self.domain_manager.get_acme_http01_challenge_key(token) {
return self.serve(200, "token.txt", key.into());
}
}
// Serving domani challenges similarly takes priority.
if req.method() == Method::GET && path == "/.well-known/domani-challenge" {
if let Some(ref domain) = maybe_host {
match self
.domain_manager
.get_domain_checker_challenge_token(domain)
{
Ok(Some(token)) => return self.serve(200, "token.txt", token.into()),
Ok(None) => return self.render_error_page(404, "Token not found"),
Err(e) => {
return self.internal_error(
format!("failed to get token for domain {}: {e}", domain).as_str(),
)
}
}
}
}
}
// If a managed domain was given then serve that from its origin or a proxy.
if let Some(domain) = maybe_host {
if let Some(proxied_domain_config) = self.config.http.proxied_domains.get(&domain) {
return service::http::proxy::serve_http_request(
proxied_domain_config,
client_ip,
req,
req_is_https,
)
.await
.unwrap_or_else(|e| {
self.internal_error(
format!(
"serving {domain} via proxy {}: {e}",
proxied_domain_config.url.as_ref()
)
.as_str(),
)
});
}
return self.serve_origin(domain, req).await;
}
// Serve main domani site
let (req, body) = req.into_parts(); let (req, body) = req.into_parts();
let path = req.uri.path(); let path = req.uri.path();
@ -509,6 +432,86 @@ impl Service {
), ),
} }
} }
fn domain_from_req(req: &Request<Body>) -> Option<domain::Name> {
let host_header = req
.headers()
.get("Host")
.and_then(|v| v.to_str().ok())
.map(strip_port);
host_header
// if host_header isn't present, try the host from the URI
.or_else(|| req.uri().host().map(strip_port))
.and_then(|h| h.parse().ok())
}
async fn handle_request(
&self,
client_ip: net::IpAddr,
req: Request<Body>,
req_is_https: bool,
) -> Response<Body> {
let domain = match Self::domain_from_req(&req) {
Some(domain) => domain,
None => return self.render_error_page(400, "Cannot serve page without domain"),
};
let method = req.method();
let path = req.uri().path();
// Serving acme challenges always takes priority. We serve them from the same store no
// matter the domain, presumably they are cryptographically random enough that it doesn't
// matter.
if method == Method::GET && path.starts_with("/.well-known/acme-challenge/") {
let token = path.trim_start_matches("/.well-known/acme-challenge/");
if let Ok(key) = self.domain_manager.get_acme_http01_challenge_key(token) {
return self.serve(200, "token.txt", key.into());
}
}
// Serving domani challenges similarly takes priority.
if method == Method::GET && path == "/.well-known/domani-challenge" {
match self
.domain_manager
.get_domain_checker_challenge_token(&domain)
{
Ok(Some(token)) => return self.serve(200, "token.txt", token.into()),
Ok(None) => return self.render_error_page(404, "Token not found"),
Err(e) => {
return self.internal_error(
format!("failed to get token for domain {}: {e}", domain).as_str(),
)
}
}
}
if let Some(proxied_domain_config) = self.config.http.proxied_domains.get(&domain) {
return service::http::proxy::serve_http_request(
proxied_domain_config,
client_ip,
req,
req_is_https,
)
.await
.unwrap_or_else(|e| {
self.internal_error(
format!(
"serving {domain} via proxy {}: {e}",
proxied_domain_config.url.as_ref()
)
.as_str(),
)
});
}
if Some(&domain) == self.config.interface_domain.as_ref() {
return self.serve_interface(req).await;
}
self.serve_origin(domain, req).await
}
} }
fn strip_port(host: &str) -> &str { fn strip_port(host: &str) -> &str {

View File

@ -13,7 +13,13 @@ pub async fn listen_http(
canceller: CancellationToken, canceller: CancellationToken,
) -> Result<(), unexpected::Error> { ) -> Result<(), unexpected::Error> {
let addr = service.config.http.http_addr.clone(); let addr = service.config.http.http_addr.clone();
let primary_domain = service.config.primary_domain.clone();
// only used for logging
let listen_host = service
.config
.interface_domain
.clone()
.map_or(addr.ip().to_string(), |ref d| d.as_str().to_string());
let make_service = hyper::service::make_service_fn(move |conn: &AddrStream| { let make_service = hyper::service::make_service_fn(move |conn: &AddrStream| {
let service = service.clone(); let service = service.clone();
@ -31,11 +37,7 @@ pub async fn listen_http(
async move { Ok::<_, convert::Infallible>(hyper_service) } async move { Ok::<_, convert::Infallible>(hyper_service) }
}); });
log::info!( log::info!("Listening on http://{}:{}", listen_host, addr.port(),);
"Listening on http://{}:{}",
primary_domain.as_str(),
addr.port(),
);
let server = hyper::Server::bind(&addr).serve(make_service); let server = hyper::Server::bind(&addr).serve(make_service);
let graceful = server.with_graceful_shutdown(async { let graceful = server.with_graceful_shutdown(async {
@ -51,7 +53,13 @@ pub async fn listen_https(
) -> Result<(), unexpected::Error> { ) -> Result<(), unexpected::Error> {
let cert_resolver = service.cert_resolver.clone(); let cert_resolver = service.cert_resolver.clone();
let addr = service.config.http.https_addr.unwrap().clone(); let addr = service.config.http.https_addr.unwrap().clone();
let primary_domain = service.config.primary_domain.clone();
// only used for logging
let listen_host = service
.config
.interface_domain
.clone()
.map_or(addr.ip().to_string(), |ref d| d.as_str().to_string());
let make_service = hyper::service::make_service_fn(move |conn: &TlsStream<AddrStream>| { let make_service = hyper::service::make_service_fn(move |conn: &TlsStream<AddrStream>| {
let service = service.clone(); let service = service.clone();
@ -91,11 +99,7 @@ pub async fn listen_https(
let incoming = hyper::server::accept::from_stream(incoming); let incoming = hyper::server::accept::from_stream(incoming);
log::info!( log::info!("Listening on https://{}:{}", listen_host, addr.port());
"Listening on https://{}:{}",
primary_domain.as_str(),
addr.port()
);
let server = hyper::Server::builder(incoming).serve(make_service); let server = hyper::Server::builder(incoming).serve(make_service);