this repo has no description smallweb.run
smallweb
4
fork

Configure Feed

Select the types of activity you want to include in your feed.

add back on-demand-tls

pomdtr 5e2b46a9 a7d1dd9a

+77 -47
+77 -47
cmd/up.go
··· 1 1 package cmd 2 2 3 3 import ( 4 + "context" 4 5 "crypto/tls" 5 6 "encoding/json" 6 7 "errors" ··· 44 45 func NewCmdUp() *cobra.Command { 45 46 var flags struct { 46 47 cron bool 47 - httpAddr string 48 + addr string 48 49 sshAddr string 49 50 sshHostKey string 50 51 tlsCert string 51 52 tlsKey string 52 53 acmdnsCreds string 54 + onDemandTLS bool 53 55 } 54 56 55 57 cmd := &cobra.Command{ ··· 102 104 workers: make(map[string]*worker.Worker), 103 105 }) 104 106 107 + var tlsConfig *tls.Config 105 108 if flags.acmdnsCreds != "" { 106 109 credentialPath := filepath.Join(xdg.DataHome, "smallweb", "acmedns", "credentials.json") 107 110 if _, err := os.Stat(credentialPath); err != nil { ··· 134 137 135 138 domains := []string{k.String("domain"), fmt.Sprintf("*.%s", k.String("domain"))} 136 139 for customDomain, target := range k.StringMap("customDomains") { 140 + domains = append(domains, customDomain) 137 141 if target == "*" { 138 - domains = append(domains, customDomain, fmt.Sprintf("*.%s", customDomain)) 139 - continue 142 + domains = append(domains, fmt.Sprintf("*.%s", customDomain)) 140 143 } 144 + } 141 145 142 - domains = append(domains, customDomain) 146 + c, err := certmagic.TLS(domains) 147 + if err != nil { 148 + return fmt.Errorf("failed to get tls config: %v", err) 143 149 } 144 150 145 - fmt.Fprintf(cmd.ErrOrStderr(), "Serving *.%s from %s...\n", k.String("domain"), utils.AddTilde(k.String("dir"))) 146 - go certmagic.HTTPS([]string{ 147 - k.String("domain"), 148 - fmt.Sprintf("*.%s", k.String("domain")), 149 - }, handler) 150 - } else { 151 - if email := k.String("email"); email != "" { 152 - certmagic.DefaultACME.Email = email 151 + tlsConfig = c 152 + } else if flags.onDemandTLS { 153 + certmagic.Default.OnDemand = &certmagic.OnDemandConfig{ 154 + DecisionFunc: func(ctx context.Context, name string) error { 155 + domain := k.String("domain") 156 + if name == domain { 157 + return nil 158 + } 159 + 160 + customDomains := k.StringMap("customDomains") 161 + if _, ok := customDomains[name]; ok { 162 + return nil 163 + } 164 + 165 + parts := strings.SplitN(name, ".", 2) 166 + if len(parts) != 2 { 167 + return fmt.Errorf("invalid domain: %s", name) 168 + } 169 + 170 + if parts[1] == domain { 171 + return nil 172 + } 173 + 174 + if target, ok := customDomains[parts[1]]; ok && target == "*" { 175 + return nil 176 + } 177 + 178 + return fmt.Errorf("domain not found: %s", name) 179 + }, 153 180 } 154 181 155 - addr := flags.httpAddr 156 - if addr == "" { 157 - if flags.tlsCert != "" || flags.tlsKey != "" { 158 - addr = "0.0.0.0:443" 159 - } else { 160 - addr = "localhost:7777" 161 - } 182 + c, err := certmagic.TLS(nil) 183 + if err != nil { 184 + return fmt.Errorf("failed to get tls config: %v", err) 162 185 } 163 186 164 - listener, err := getListener(addr, flags.tlsCert, flags.tlsKey) 187 + tlsConfig = c 188 + } else if flags.tlsCert != "" && flags.tlsKey != "" { 189 + cert, err := tls.LoadX509KeyPair(flags.tlsCert, flags.tlsKey) 165 190 if err != nil { 166 - return fmt.Errorf("failed to get listener: %v", err) 191 + return fmt.Errorf("failed to load tls certificate: %v", err) 192 + } 193 + 194 + tlsConfig = &tls.Config{Certificates: []tls.Certificate{cert}} 195 + } 196 + 197 + addr := flags.addr 198 + if addr == "" { 199 + if tlsConfig != nil { 200 + addr = ":443" 201 + } else { 202 + addr = ":7777" 167 203 } 204 + } 168 205 169 - fmt.Fprintf(cmd.ErrOrStderr(), "Serving *.%s from %s on %s...\n", k.String("domain"), utils.AddTilde(k.String("dir")), addr) 170 - go http.Serve(listener, handler) 206 + ln, err := getListener(addr, tlsConfig) 207 + if err != nil { 208 + return fmt.Errorf("failed to get listener: %v", err) 171 209 } 210 + 211 + fmt.Fprintf(cmd.ErrOrStderr(), "Serving *.%s from %s on %s...\n", k.String("domain"), utils.AddTilde(k.String("dir")), addr) 212 + go http.Serve(ln, handler) 172 213 173 214 if flags.cron { 174 215 fmt.Fprintln(cmd.ErrOrStderr(), "Starting cron jobs...") ··· 185 226 } 186 227 } 187 228 188 - st := storage.StorageFS{ 189 - Dir: k.String("dir"), 229 + handler := pobj.NewUploadAssetHandler(&pobj.Config{ 230 + Storage: &storage.StorageFS{ 231 + Dir: k.String("dir"), 232 + Logger: consoleLogger, 233 + }, 190 234 Logger: consoleLogger, 191 - } 192 - 193 - cfg := pobj.Config{ 194 - Storage: &st, 195 - Logger: consoleLogger, 196 - } 197 - 198 - handler := pobj.NewUploadAssetHandler(&cfg) 235 + }) 199 236 200 237 srv, err := wish.NewServer( 201 238 wish.WithAddress(flags.sshAddr), ··· 315 352 }, 316 353 } 317 354 318 - cmd.Flags().StringVar(&flags.httpAddr, "http-addr", "", "address to listen on") 355 + cmd.Flags().StringVar(&flags.addr, "addr", "", "address to listen on") 319 356 cmd.Flags().StringVar(&flags.sshAddr, "ssh-addr", "", "address to listen on for ssh/sftp") 320 357 cmd.Flags().StringVar(&flags.sshHostKey, "ssh-host-key", fmt.Sprintf("%s/.ssh/smallweb", os.Getenv("HOME")), "ssh host key") 321 358 cmd.Flags().StringVar(&flags.tlsCert, "tls-cert", "", "tls certificate file") 322 359 cmd.Flags().StringVar(&flags.tlsKey, "tls-key", "", "tls key file") 323 360 cmd.Flags().BoolVar(&flags.cron, "cron", false, "enable cron jobs") 324 - cmd.Flags().StringVar(&flags.acmdnsCreds, "acmedns-credentials", "", "acme dns credentials") 361 + cmd.Flags().StringVar(&flags.acmdnsCreds, "acmedns-credentials", "", "acmedns credentials file") 362 + cmd.Flags().BoolVar(&flags.onDemandTLS, "on-demand-tls", false, "enable on-demand tls") 325 363 326 364 cmd.MarkFlagsRequiredTogether("tls-cert", "tls-key") 327 - cmd.MarkFlagsMutuallyExclusive("acmedns-credentials", "http-addr") 328 365 cmd.MarkFlagsMutuallyExclusive("acmedns-credentials", "tls-cert") 329 366 cmd.MarkFlagsMutuallyExclusive("acmedns-credentials", "tls-key") 367 + cmd.MarkFlagsMutuallyExclusive("on-demand-tls", "tls-cert") 368 + cmd.MarkFlagsMutuallyExclusive("on-demand-tls", "tls-key") 369 + cmd.MarkFlagsMutuallyExclusive("on-demand-tls", "acmedns-credentials") 330 370 331 371 return cmd 332 372 } 333 373 334 - func getListener(addr, cert, key string) (net.Listener, error) { 335 - var config *tls.Config 336 - if cert != "" && key != "" { 337 - cert, err := tls.LoadX509KeyPair(cert, key) 338 - if err != nil { 339 - return nil, fmt.Errorf("failed to load cert: %v", err) 340 - } 341 - 342 - config = &tls.Config{Certificates: []tls.Certificate{cert}} 343 - } 344 - 374 + func getListener(addr string, config *tls.Config) (net.Listener, error) { 345 375 if strings.HasPrefix(addr, "unix/") { 346 376 socketPath := strings.TrimPrefix(addr, "unix/") 347 377