miniflux-v2/daemon/server.go

// Copyright 2018 Frédéric Guillot. All rights reserved.
// Use of this source code is governed by the Apache 2.0
// license that can be found in the LICENSE file.

package daemon // import "miniflux.app/daemon"

import (
	"crypto/tls"
	"net/http"
	"time"

	"miniflux.app/config"
	"miniflux.app/logger"
	"miniflux.app/reader/feed"
	"miniflux.app/scheduler"
	"miniflux.app/storage"

	"golang.org/x/crypto/acme/autocert"
)

func newServer(cfg *config.Config, store *storage.Storage, pool *scheduler.WorkerPool, feedHandler *feed.Handler) *http.Server {
	certFile := cfg.CertFile()
	keyFile := cfg.KeyFile()
	certDomain := cfg.CertDomain()
	certCache := cfg.CertCache()
	server := &http.Server{
		ReadTimeout:  30 * time.Second,
		WriteTimeout: 30 * time.Second,
		IdleTimeout:  60 * time.Second,
		Addr:         cfg.ListenAddr(),
		Handler:      routes(cfg, store, feedHandler, pool),
	}

	if certDomain != "" && certCache != "" {
		cfg.IsHTTPS = true
		server.Addr = ":https"
		certManager := autocert.Manager{
			Cache:      autocert.DirCache(certCache),
			Prompt:     autocert.AcceptTOS,
			HostPolicy: autocert.HostWhitelist(certDomain),
		}

		// Handle http-01 challenge.
		s := &http.Server{
			Handler: certManager.HTTPHandler(nil),
			Addr:    ":http",
		}
		go s.ListenAndServe()

		go func() {
			logger.Info(`Listening on "%s" by using auto-configured certificate for "%s"`, server.Addr, certDomain)
			if err := server.Serve(certManager.Listener()); err != http.ErrServerClosed {
				logger.Fatal(`Server failed to start: %v`, err)
			}
		}()
	} else if certFile != "" && keyFile != "" {
		cfg.IsHTTPS = true

		// See https://blog.cloudflare.com/exposing-go-on-the-internet/
		// And https://wiki.mozilla.org/Security/Server_Side_TLS
		server.TLSConfig = &tls.Config{
			MinVersion: tls.VersionTLS12,
			PreferServerCipherSuites: true,
			CurvePreferences: []tls.CurveID{
				tls.CurveP256,
				tls.X25519,
			},
			CipherSuites: []uint16{
				tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
				tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
				tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
				tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
				tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
				tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
			},
		}

		go func() {
			logger.Info(`Listening on "%s" by using certificate "%s" and key "%s"`, server.Addr, certFile, keyFile)
			if err := server.ListenAndServeTLS(certFile, keyFile); err != http.ErrServerClosed {
				logger.Fatal(`Server failed to start: %v`, err)
			}
		}()
	} else {
		go func() {
			logger.Info(`Listening on "%s" without TLS`, server.Addr)
			if err := server.ListenAndServe(); err != http.ErrServerClosed {
				logger.Fatal(`Server failed to start: %v`, err)
			}
		}()
	}

	return server
}
Refactor packages to have more idiomatic code base 2018-01-03 07:04:48 +01:00			`// Copyright 2018 Frédéric Guillot. All rights reserved.`
First commit 2017-11-20 06:10:04 +01:00			`// Use of this source code is governed by the Apache 2.0`
			`// license that can be found in the LICENSE file.`

Use canonical imports 2018-08-25 06:51:50 +02:00			`package daemon // import "miniflux.app/daemon"`
First commit 2017-11-20 06:10:04 +01:00
			`import (`
Add the possibility to use TLS 2017-11-22 20:16:48 +01:00			`"crypto/tls"`
First commit 2017-11-20 06:10:04 +01:00			`"net/http"`
			`"time"`
Add bookmarklet 2017-11-22 04:37:47 +01:00
Use canonical imports 2018-08-25 06:51:50 +02:00			`"miniflux.app/config"`
			`"miniflux.app/logger"`
			`"miniflux.app/reader/feed"`
			`"miniflux.app/scheduler"`
			`"miniflux.app/storage"`
First commit 2017-11-20 06:10:04 +01:00
Refactor packages to have more idiomatic code base 2018-01-03 07:04:48 +01:00			`"golang.org/x/crypto/acme/autocert"`
			`)`
Add the possibility to use TLS 2017-11-22 20:16:48 +01:00
Simplify locale package usage (refactoring) 2018-09-23 00:04:55 +02:00			`func newServer(cfg config.Config, store storage.Storage, pool scheduler.WorkerPool, feedHandler feed.Handler) *http.Server {`
Add functions to get config values 2018-01-16 03:08:30 +01:00			`certFile := cfg.CertFile()`
			`keyFile := cfg.KeyFile()`
			`certDomain := cfg.CertDomain()`
			`certCache := cfg.CertCache()`
First commit 2017-11-20 06:10:04 +01:00			`server := &http.Server{`
Increase read/write timeout for HTTP server 2018-04-14 22:52:53 +02:00			`ReadTimeout: 30 * time.Second,`
			`WriteTimeout: 30 * time.Second,`
First commit 2017-11-20 06:10:04 +01:00			`IdleTimeout: 60 * time.Second,`
Add functions to get config values 2018-01-16 03:08:30 +01:00			`Addr: cfg.ListenAddr(),`
Simplify locale package usage (refactoring) 2018-09-23 00:04:55 +02:00			`Handler: routes(cfg, store, feedHandler, pool),`
First commit 2017-11-20 06:10:04 +01:00			`}`

Add Let's Encrypt integration 2017-11-22 22:11:01 +01:00			`if certDomain != "" && certCache != "" {`
Add configurable HTTPS flag for secure cookie flag 2017-12-29 05:34:18 +01:00			`cfg.IsHTTPS = true`
Add Let's Encrypt integration 2017-11-22 22:11:01 +01:00			`server.Addr = ":https"`
			`certManager := autocert.Manager{`
			`Cache: autocert.DirCache(certCache),`
			`Prompt: autocert.AcceptTOS,`
			`HostPolicy: autocert.HostWhitelist(certDomain),`
First commit 2017-11-20 06:10:04 +01:00			`}`
Add the possibility to use TLS 2017-11-22 20:16:48 +01:00
Add support for Let's Encrypt http-01 challenge 2018-02-05 03:05:45 +01:00			`// Handle http-01 challenge.`
			`s := &http.Server{`
			`Handler: certManager.HTTPHandler(nil),`
			`Addr: ":http",`
			`}`
			`go s.ListenAndServe()`

Add Let's Encrypt integration 2017-11-22 22:11:01 +01:00			`go func() {`
Add logger 2017-12-16 03:55:57 +01:00			logger.Info(`Listening on "%s" by using auto-configured certificate for "%s"`, server.Addr, certDomain)
Avoid displaying an error when shutting down the daemon 2018-09-09 06:20:24 +02:00			`if err := server.Serve(certManager.Listener()); err != http.ErrServerClosed {`
			logger.Fatal(`Server failed to start: %v`, err)
			`}`
Add Let's Encrypt integration 2017-11-22 22:11:01 +01:00			`}()`
			`} else if certFile != "" && keyFile != "" {`
Add configurable HTTPS flag for secure cookie flag 2017-12-29 05:34:18 +01:00			`cfg.IsHTTPS = true`
Add Let's Encrypt integration 2017-11-22 22:11:01 +01:00
Use predefined Ciphers when TLS is configured 2018-09-09 06:43:45 +02:00			`// See https://blog.cloudflare.com/exposing-go-on-the-internet/`
			`// And https://wiki.mozilla.org/Security/Server_Side_TLS`
			`server.TLSConfig = &tls.Config{`
			`MinVersion: tls.VersionTLS12,`
			`PreferServerCipherSuites: true,`
			`CurvePreferences: []tls.CurveID{`
			`tls.CurveP256,`
			`tls.X25519,`
			`},`
			`CipherSuites: []uint16{`
			`tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,`
			`tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,`
			`tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,`
			`tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,`
			`tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,`
			`tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,`
			`},`
			`}`

Add the possibility to use TLS 2017-11-22 20:16:48 +01:00			`go func() {`
Add logger 2017-12-16 03:55:57 +01:00			logger.Info(`Listening on "%s" by using certificate "%s" and key "%s"`, server.Addr, certFile, keyFile)
Avoid displaying an error when shutting down the daemon 2018-09-09 06:20:24 +02:00			`if err := server.ListenAndServeTLS(certFile, keyFile); err != http.ErrServerClosed {`
			logger.Fatal(`Server failed to start: %v`, err)
			`}`
Add the possibility to use TLS 2017-11-22 20:16:48 +01:00			`}()`
			`} else {`
			`go func() {`
Add logger 2017-12-16 03:55:57 +01:00			logger.Info(`Listening on "%s" without TLS`, server.Addr)
Avoid displaying an error when shutting down the daemon 2018-09-09 06:20:24 +02:00			`if err := server.ListenAndServe(); err != http.ErrServerClosed {`
			logger.Fatal(`Server failed to start: %v`, err)
			`}`
Add the possibility to use TLS 2017-11-22 20:16:48 +01:00			`}()`
			`}`
First commit 2017-11-20 06:10:04 +01:00
			`return server`
			`}`