Compare commits
No commits in common. "92254047b2a718ca4bb25b9cfbc09404ec5100d7" and "dbb8e442c81955e2d2f9ecf6c60b7e0a2588d9f4" have entirely different histories.
92254047b2
...
dbb8e442c8
@ -82,6 +82,8 @@ domain:
|
||||
# External domains will have a TLS key/cert generated and signed for them, but
|
||||
# which will not be served by domani itself. The key/cert files will be placed
|
||||
# in the configured paths.
|
||||
#
|
||||
# HTTPS must be enabled for external_domains to be used.
|
||||
#external_domains:
|
||||
#example.com
|
||||
# tls_key_path: /dir/path/key.pem
|
||||
|
@ -3,6 +3,7 @@ use crate::error::unexpected::{self, Mappable};
|
||||
use crate::{origin, task_stack, util};
|
||||
|
||||
use std::sync;
|
||||
use tokio_util::sync::CancellationToken;
|
||||
|
||||
pub enum GetSettingsResult {
|
||||
Stored(domain::Settings),
|
||||
@ -182,57 +183,13 @@ impl ManagerImpl {
|
||||
config,
|
||||
});
|
||||
|
||||
const SYNC_PERIOD_SECS: u64 = 20 * 60; // 20 minutes
|
||||
|
||||
task_stack.push_spawn_periodically(
|
||||
manager.clone(),
|
||||
SYNC_PERIOD_SECS,
|
||||
|_canceller, manager| async move {
|
||||
manager
|
||||
.sync_origins()
|
||||
.await
|
||||
.or_unexpected_while("syncing origins")
|
||||
},
|
||||
);
|
||||
|
||||
if manager.can_sync_gemini_cert() {
|
||||
task_stack.push_spawn_periodically(
|
||||
manager.clone(),
|
||||
SYNC_PERIOD_SECS,
|
||||
|_canceller, manager| async move {
|
||||
manager
|
||||
.sync_gemini_certs()
|
||||
.await
|
||||
.or_unexpected_while("syncing gemini certs")
|
||||
},
|
||||
);
|
||||
}
|
||||
|
||||
if manager.can_sync_https_cert() {
|
||||
task_stack.push_spawn_periodically(
|
||||
manager.clone(),
|
||||
SYNC_PERIOD_SECS,
|
||||
|_canceller, manager| async move {
|
||||
manager
|
||||
.sync_https_certs()
|
||||
.await
|
||||
.or_unexpected_while("syncing https certs")
|
||||
},
|
||||
);
|
||||
}
|
||||
|
||||
if manager.can_sync_external_cert() {
|
||||
task_stack.push_spawn_periodically(
|
||||
manager.clone(),
|
||||
SYNC_PERIOD_SECS,
|
||||
|_canceller, manager| async move {
|
||||
manager
|
||||
.sync_external_certs()
|
||||
.await
|
||||
.or_unexpected_while("syncing external certs")
|
||||
},
|
||||
);
|
||||
task_stack.push_spawn(|canceller| {
|
||||
let manager = manager.clone();
|
||||
async move {
|
||||
manager.sync_all_domains_job(canceller).await;
|
||||
Ok(())
|
||||
}
|
||||
});
|
||||
|
||||
manager
|
||||
}
|
||||
@ -246,45 +203,12 @@ impl ManagerImpl {
|
||||
self.origin_store.sync(origin_descr)
|
||||
}
|
||||
|
||||
async fn sync_origins(&self) -> unexpected::Result<()> {
|
||||
let domains = self
|
||||
.all_domains()
|
||||
.or_unexpected_while("fetching all domains")?
|
||||
.into_iter();
|
||||
|
||||
for ManagedDomain { domain, .. } in domains {
|
||||
let settings = match self
|
||||
.get_settings(&domain)
|
||||
.map_unexpected_while(|| format!("fetching settings for {domain}"))?
|
||||
{
|
||||
GetSettingsResult::Stored(settings) => settings,
|
||||
GetSettingsResult::Builtin(config) => config.settings,
|
||||
_ => continue,
|
||||
};
|
||||
|
||||
self.sync_domain_origin(&domain, &settings.origin_descr)
|
||||
.map_unexpected_while(|| {
|
||||
format!(
|
||||
"syncing origin {:?} for domain {domain}",
|
||||
&settings.origin_descr,
|
||||
)
|
||||
})?;
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn can_sync_gemini_cert(&self) -> bool {
|
||||
self.gemini_store.is_some()
|
||||
}
|
||||
|
||||
fn sync_domain_gemini_cert(&self, domain: &domain::Name) -> unexpected::Result<()> {
|
||||
let gemini_store = self.gemini_store.as_ref().unwrap();
|
||||
|
||||
if let Some(ref gemini_store) = self.gemini_store {
|
||||
log::info!("Syncing gemini certificate for domain {domain}");
|
||||
if gemini_store
|
||||
.get_certificate(domain)
|
||||
.or_unexpected_while("checking if cert is already stored")?
|
||||
.or_unexpected()?
|
||||
.is_some()
|
||||
{
|
||||
return Ok(());
|
||||
@ -295,111 +219,100 @@ impl ManagerImpl {
|
||||
let cert = tls::Certificate::new_self_signed(&pkey, domain)
|
||||
.or_unexpected_while("creating self-signed cert")?;
|
||||
|
||||
gemini_store.set_certificate(domain, pkey, cert)
|
||||
gemini_store.set_certificate(domain, pkey, cert)?;
|
||||
}
|
||||
|
||||
async fn sync_gemini_certs(&self) -> unexpected::Result<()> {
|
||||
let domains = self
|
||||
.all_domains()
|
||||
.or_unexpected_while("fetching all domains")?
|
||||
.into_iter();
|
||||
|
||||
for ManagedDomain { domain, .. } in domains {
|
||||
match self
|
||||
.get_settings(&domain)
|
||||
.map_unexpected_while(|| format!("fetching settings for {domain}"))?
|
||||
{
|
||||
GetSettingsResult::Stored(_) => (),
|
||||
GetSettingsResult::Builtin(_) => (),
|
||||
_ => continue,
|
||||
};
|
||||
|
||||
self.sync_domain_gemini_cert(&domain)
|
||||
.map_unexpected_while(|| format!("syncing domain {domain}"))?;
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn can_sync_https_cert(&self) -> bool {
|
||||
self.acme_manager.is_some()
|
||||
}
|
||||
|
||||
async fn sync_domain_https_cert(&self, domain: &domain::Name) -> unexpected::Result<()> {
|
||||
if let Some(ref acme_manager) = self.acme_manager {
|
||||
log::info!("Syncing HTTPS certificate for domain {domain}");
|
||||
self.acme_manager
|
||||
.as_ref()
|
||||
.unwrap()
|
||||
.sync_domain(domain.clone(), None)
|
||||
.await
|
||||
}
|
||||
|
||||
async fn sync_https_certs(&self) -> unexpected::Result<()> {
|
||||
let domains = self
|
||||
.all_domains()
|
||||
.or_unexpected_while("fetching all domains")?
|
||||
.into_iter();
|
||||
|
||||
for ManagedDomain { domain, .. } in domains {
|
||||
match self
|
||||
.get_settings(&domain)
|
||||
.map_unexpected_while(|| format!("fetching settings for {domain}"))?
|
||||
{
|
||||
GetSettingsResult::Stored(_) => (),
|
||||
GetSettingsResult::Builtin(_) => (),
|
||||
GetSettingsResult::Proxied(config) => {
|
||||
if config.https_disabled {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
GetSettingsResult::Interface => (),
|
||||
_ => continue,
|
||||
};
|
||||
|
||||
self.sync_domain_https_cert(&domain)
|
||||
.await
|
||||
.map_unexpected_while(|| format!("syncing domain {domain}",))?;
|
||||
acme_manager.sync_domain(domain.clone(), None).await?;
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn can_sync_external_cert(&self) -> bool {
|
||||
self.acme_manager.is_some()
|
||||
}
|
||||
|
||||
async fn sync_external_domain(
|
||||
&self,
|
||||
domain: &domain::Name,
|
||||
config: &domain::ConfigExternalDomain,
|
||||
) -> unexpected::Result<()> {
|
||||
if let Some(ref acme_manager) = self.acme_manager {
|
||||
log::info!("Syncing HTTPS certificate for external domain {domain}");
|
||||
self.acme_manager
|
||||
.as_ref()
|
||||
.unwrap()
|
||||
acme_manager
|
||||
.sync_domain(domain.clone(), Some(config.clone()))
|
||||
.await
|
||||
.await?;
|
||||
}
|
||||
|
||||
async fn sync_external_certs(&self) -> unexpected::Result<()> {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
async fn sync_all_domains(&self) -> unexpected::Result<()> {
|
||||
let domains = self
|
||||
.all_domains()
|
||||
.or_unexpected_while("fetching all domains")?
|
||||
.into_iter();
|
||||
|
||||
for ManagedDomain { domain, .. } in domains {
|
||||
if let GetSettingsResult::External(config) = self
|
||||
let (settings, https_cert, gemini_cert) = match self
|
||||
.get_settings(&domain)
|
||||
.map_unexpected_while(|| format!("fetching settings for {domain}"))?
|
||||
{
|
||||
GetSettingsResult::Stored(settings) => (Some(settings), true, true),
|
||||
GetSettingsResult::Builtin(config) => (Some(config.settings), true, true),
|
||||
|
||||
// A proxied domain never needs gemini certs, since gemini requests will be
|
||||
// transparently proxied to the backing server anyway.
|
||||
GetSettingsResult::Proxied(config) => (None, !config.https_disabled, false),
|
||||
|
||||
GetSettingsResult::Interface => (None, true, false),
|
||||
|
||||
// External domains do their own thing, separate from the rest of this flow.
|
||||
GetSettingsResult::External(config) => {
|
||||
self.sync_external_domain(&domain, &config)
|
||||
.await
|
||||
.map_unexpected_while(|| format!("syncing external {domain}"))?;
|
||||
.map_unexpected_while(|| format!("syncing external domain {domain}"))?;
|
||||
continue;
|
||||
}
|
||||
};
|
||||
|
||||
if let Some(settings) = settings {
|
||||
self.sync_domain_origin(&domain, &settings.origin_descr)
|
||||
.map_unexpected_while(|| {
|
||||
format!(
|
||||
"syncing origin {:?} for domain {domain}",
|
||||
&settings.origin_descr,
|
||||
)
|
||||
})?;
|
||||
}
|
||||
|
||||
if gemini_cert {
|
||||
self.sync_domain_gemini_cert(&domain)
|
||||
.map_unexpected_while(|| format!("syncing gemini cert for domain {domain}"))?;
|
||||
}
|
||||
|
||||
if https_cert {
|
||||
self.sync_domain_https_cert(&domain)
|
||||
.await
|
||||
.map_unexpected_while(|| format!("syncing https cert for domain {domain}",))?;
|
||||
}
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
async fn sync_all_domains_job(&self, canceller: CancellationToken) {
|
||||
let mut interval = tokio::time::interval(tokio::time::Duration::from_secs(20 * 60));
|
||||
loop {
|
||||
tokio::select! {
|
||||
_ = canceller.cancelled() => return,
|
||||
_ = interval.tick() => if let Err(err) = self.sync_all_domains().await {
|
||||
log::error!("Failed to sync all domains: {err}")
|
||||
},
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl Manager for ManagerImpl {
|
||||
@ -478,16 +391,12 @@ impl Manager for ManagerImpl {
|
||||
|
||||
self.sync_domain_origin(&domain, &settings.origin_descr)?;
|
||||
|
||||
if self.can_sync_gemini_cert() {
|
||||
self.sync_domain_gemini_cert(&domain)
|
||||
.or_unexpected_while("syncing domain gemini cert")?;
|
||||
}
|
||||
|
||||
if self.can_sync_https_cert() {
|
||||
self.sync_domain_https_cert(&domain)
|
||||
.await
|
||||
.or_unexpected_while("syncing domain https cert")?;
|
||||
}
|
||||
|
||||
self.domain_store.set(&domain, &settings)?;
|
||||
|
||||
|
@ -74,6 +74,10 @@ async fn main() {
|
||||
}
|
||||
}
|
||||
|
||||
if !config.domain.external_domains.is_empty() && config.service.http.https_addr.is_none() {
|
||||
panic!("https must be enabled to use external_domains")
|
||||
}
|
||||
|
||||
config
|
||||
};
|
||||
|
||||
@ -83,9 +87,7 @@ async fn main() {
|
||||
return;
|
||||
};
|
||||
|
||||
let https_enabled = config.service.http.https_addr.is_some();
|
||||
let gemini_enabled = config.service.gemini.gemini_addr.is_some();
|
||||
let external_domains_enabled = !config.domain.external_domains.is_empty();
|
||||
|
||||
let origin_store = domani::origin::git::FSStore::new(&config.origin)
|
||||
.expect("git origin store initialization failed");
|
||||
@ -101,7 +103,7 @@ async fn main() {
|
||||
domani::domain::store::FSStore::new(&config.domain.store_dir_path.join("domains"))
|
||||
.expect("domain config store initialization failed");
|
||||
|
||||
let domain_acme_manager = if https_enabled || external_domains_enabled {
|
||||
let domain_acme_manager = if config.service.http.https_addr.is_some() {
|
||||
let acme_config = config
|
||||
.domain
|
||||
.acme
|
||||
|
@ -66,6 +66,8 @@ impl Service {
|
||||
where
|
||||
CertResolver: rustls::server::ResolvesServerCert + 'static,
|
||||
{
|
||||
let https_enabled = config.http.https_addr.is_some();
|
||||
|
||||
let service = sync::Arc::new(Service {
|
||||
domain_manager: domain_manager.clone(),
|
||||
cert_resolver: sync::Arc::from(cert_resolver),
|
||||
@ -77,17 +79,13 @@ impl Service {
|
||||
|
||||
task_stack.push_spawn(|canceller| tasks::listen_http(service.clone(), canceller));
|
||||
|
||||
if service.https_enabled() {
|
||||
if https_enabled {
|
||||
task_stack.push_spawn(|canceller| tasks::listen_https(service.clone(), canceller));
|
||||
}
|
||||
|
||||
service
|
||||
}
|
||||
|
||||
fn https_enabled(&self) -> bool {
|
||||
self.config.http.https_addr.is_some()
|
||||
}
|
||||
|
||||
fn serve(&self, status_code: u16, path: &str, body: Body) -> Response<Body> {
|
||||
match Response::builder()
|
||||
.status(status_code)
|
||||
@ -127,7 +125,7 @@ impl Service {
|
||||
}
|
||||
|
||||
fn presenter_http_scheme(&self) -> &str {
|
||||
if self.https_enabled() {
|
||||
if self.config.http.https_addr.is_some() {
|
||||
return "https";
|
||||
}
|
||||
"http"
|
||||
@ -544,7 +542,7 @@ impl Service {
|
||||
// - /.well-known urls
|
||||
// - proxied domains with https_disabled set on them
|
||||
// everything else must use https if possible.
|
||||
let https_upgradable = self.https_enabled() && !req_is_https;
|
||||
let https_upgradable = self.config.http.https_addr.is_some() && !req_is_https;
|
||||
|
||||
if let Some(config) = self.proxied_domains.get(&domain) {
|
||||
if config.http_url.is_none() {
|
||||
|
@ -42,34 +42,6 @@ where
|
||||
});
|
||||
}
|
||||
|
||||
pub fn push_spawn_periodically<State, F, Fut>(&mut self, state: State, period_secs: u64, f: F)
|
||||
where
|
||||
State: Clone + Send + Sync + 'static,
|
||||
Fut: futures::Future<Output = Result<(), E>> + Send + 'static,
|
||||
F: Fn(CancellationToken, State) -> Fut + Send + Sync + 'static,
|
||||
{
|
||||
let canceller = CancellationToken::new();
|
||||
let handle = {
|
||||
let canceller = canceller.clone();
|
||||
tokio::spawn(async move {
|
||||
let mut interval =
|
||||
tokio::time::interval(tokio::time::Duration::from_secs(period_secs));
|
||||
loop {
|
||||
tokio::select! {
|
||||
_ = canceller.cancelled() => return Ok(()),
|
||||
_ = interval.tick() => if let Err(err) = f(canceller.clone(), state.clone()).await {
|
||||
log::error!("Failed to sync all domains: {err}")
|
||||
},
|
||||
}
|
||||
}
|
||||
})
|
||||
};
|
||||
self.push(async move {
|
||||
canceller.cancel();
|
||||
handle.await.expect("failed to join task")
|
||||
});
|
||||
}
|
||||
|
||||
/// stop will process all operations which have been pushed onto the stack in the reverse order
|
||||
/// they were pushed.
|
||||
pub async fn stop(mut self) -> Result<(), E> {
|
||||
|
Loading…
Reference in New Issue
Block a user