mirror of https://github.com/perkeep/perkeep.git
428 lines
12 KiB
Go
428 lines
12 KiB
Go
/*
|
|
Copyright 2011 Google Inc.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
// The camlistored binary is the Camlistore server.
|
|
package main // import "camlistore.org/server/camlistored"
|
|
|
|
import (
|
|
"flag"
|
|
"fmt"
|
|
"io"
|
|
"io/ioutil"
|
|
"log"
|
|
"net"
|
|
"net/http"
|
|
"os"
|
|
"os/signal"
|
|
"path/filepath"
|
|
"runtime"
|
|
"strconv"
|
|
"strings"
|
|
"syscall"
|
|
"time"
|
|
|
|
"camlistore.org/pkg/buildinfo"
|
|
"camlistore.org/pkg/env"
|
|
"camlistore.org/pkg/httputil"
|
|
"camlistore.org/pkg/netutil"
|
|
"camlistore.org/pkg/osutil"
|
|
"camlistore.org/pkg/serverinit"
|
|
"camlistore.org/pkg/webserver"
|
|
|
|
// VM environments:
|
|
"camlistore.org/pkg/osutil/gce" // for init side-effects + LogWriter
|
|
|
|
// Storage options:
|
|
"camlistore.org/pkg/blobserver/blobpacked"
|
|
_ "camlistore.org/pkg/blobserver/cond"
|
|
_ "camlistore.org/pkg/blobserver/diskpacked"
|
|
_ "camlistore.org/pkg/blobserver/encrypt"
|
|
_ "camlistore.org/pkg/blobserver/google/cloudstorage"
|
|
_ "camlistore.org/pkg/blobserver/google/drive"
|
|
_ "camlistore.org/pkg/blobserver/localdisk"
|
|
_ "camlistore.org/pkg/blobserver/mongo"
|
|
_ "camlistore.org/pkg/blobserver/proxycache"
|
|
_ "camlistore.org/pkg/blobserver/remote"
|
|
_ "camlistore.org/pkg/blobserver/replica"
|
|
_ "camlistore.org/pkg/blobserver/s3"
|
|
_ "camlistore.org/pkg/blobserver/shard"
|
|
// Indexers: (also present themselves as storage targets)
|
|
"camlistore.org/pkg/index"
|
|
// KeyValue implementations:
|
|
_ "camlistore.org/pkg/sorted/kvfile"
|
|
_ "camlistore.org/pkg/sorted/leveldb"
|
|
_ "camlistore.org/pkg/sorted/mongo"
|
|
_ "camlistore.org/pkg/sorted/mysql"
|
|
_ "camlistore.org/pkg/sorted/postgres"
|
|
"camlistore.org/pkg/sorted/sqlite" // for sqlite.CompiledIn()
|
|
|
|
// Handlers:
|
|
_ "camlistore.org/pkg/search"
|
|
_ "camlistore.org/pkg/server" // UI, publish, etc
|
|
|
|
// Importers:
|
|
_ "camlistore.org/pkg/importer/allimporters"
|
|
|
|
// Licence:
|
|
_ "camlistore.org/pkg/camlegal"
|
|
|
|
"go4.org/legal"
|
|
"go4.org/wkfs"
|
|
)
|
|
|
|
var (
|
|
flagVersion = flag.Bool("version", false, "show version")
|
|
flagLegal = flag.Bool("legal", false, "show licenses")
|
|
flagConfigFile = flag.String("configfile", "",
|
|
"Config file to use, relative to the Camlistore configuration directory root. "+
|
|
"If blank, the default is used or auto-generated. "+
|
|
"If it starts with 'http:' or 'https:', it is fetched from the network.")
|
|
flagListen = flag.String("listen", "", "host:port to listen on, or :0 to auto-select. If blank, the value in the config will be used instead.")
|
|
flagOpenBrowser = flag.Bool("openbrowser", true, "Launches the UI on startup")
|
|
flagReindex = flag.Bool("reindex", false, "Reindex all blobs on startup")
|
|
flagRecovery = flag.Bool("recovery", false, "Recovery mode: rebuild the blobpacked meta index if needed. The tasks performed by the recovery mode might change in the future.")
|
|
flagPollParent bool
|
|
)
|
|
|
|
func init() {
|
|
if debug, _ := strconv.ParseBool(os.Getenv("CAMLI_DEBUG")); debug {
|
|
flag.BoolVar(&flagPollParent, "pollparent", false, "Camlistored regularly polls its parent process to detect if it has been orphaned, and terminates in that case. Mainly useful for tests.")
|
|
}
|
|
}
|
|
|
|
func exitf(pattern string, args ...interface{}) {
|
|
if !strings.HasSuffix(pattern, "\n") {
|
|
pattern = pattern + "\n"
|
|
}
|
|
fmt.Fprintf(os.Stderr, pattern, args...)
|
|
osExit(1)
|
|
}
|
|
|
|
func slurpURL(urls string, limit int64) ([]byte, error) {
|
|
res, err := http.Get(urls)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer res.Body.Close()
|
|
return ioutil.ReadAll(io.LimitReader(res.Body, limit))
|
|
}
|
|
|
|
// loadConfig returns the server's parsed config file, locating it using the provided arg.
|
|
//
|
|
// The arg may be of the form:
|
|
// - empty, to mean automatic (will write a default high-level config if
|
|
// no cloud config is available)
|
|
// - a filepath absolute or relative to the user's configuration directory,
|
|
// - a URL
|
|
func loadConfig(arg string) (conf *serverinit.Config, isNewConfig bool, err error) {
|
|
if strings.HasPrefix(arg, "http://") || strings.HasPrefix(arg, "https://") {
|
|
contents, err := slurpURL(arg, 256<<10)
|
|
if err != nil {
|
|
return nil, false, err
|
|
}
|
|
conf, err = serverinit.Load(contents)
|
|
return conf, false, err
|
|
}
|
|
var absPath string
|
|
switch {
|
|
case arg == "":
|
|
absPath = osutil.UserServerConfigPath()
|
|
_, err = wkfs.Stat(absPath)
|
|
if err != nil {
|
|
if !os.IsNotExist(err) {
|
|
return
|
|
}
|
|
conf, err = serverinit.DefaultEnvConfig()
|
|
if err != nil || conf != nil {
|
|
return
|
|
}
|
|
err = wkfs.MkdirAll(osutil.CamliConfigDir(), 0700)
|
|
if err != nil {
|
|
return
|
|
}
|
|
log.Printf("Generating template config file %s", absPath)
|
|
if err = serverinit.WriteDefaultConfigFile(absPath, sqlite.CompiledIn()); err == nil {
|
|
isNewConfig = true
|
|
}
|
|
}
|
|
case filepath.IsAbs(arg):
|
|
absPath = arg
|
|
default:
|
|
absPath = filepath.Join(osutil.CamliConfigDir(), arg)
|
|
}
|
|
conf, err = serverinit.LoadFile(absPath)
|
|
return
|
|
}
|
|
|
|
// 1) We do not want to force the user to buy a cert.
|
|
// 2) We still want our client (camput) to be able to
|
|
// verify the cert's authenticity.
|
|
// 3) We want to avoid MITM attacks and warnings in
|
|
// the browser.
|
|
// Using a simple self-signed won't do because of 3),
|
|
// as Chrome offers no way to set a self-signed as
|
|
// trusted when importing it. (same on android).
|
|
// We could have created a self-signed CA (that we
|
|
// would import in the browsers) and create another
|
|
// cert (signed by that CA) which would be the one
|
|
// used in camlistore.
|
|
// We're doing even simpler: create a self-signed
|
|
// CA and directly use it as a self-signed cert
|
|
// (and install it as a CA in the browsers).
|
|
// 2) is satisfied by doing our own checks,
|
|
// See pkg/client
|
|
func setupTLS(ws *webserver.Server, config *serverinit.Config, hostname string) {
|
|
cert, key := config.OptionalString("httpsCert", ""), config.OptionalString("httpsKey", "")
|
|
if !config.OptionalBool("https", true) {
|
|
return
|
|
}
|
|
if (cert != "") != (key != "") {
|
|
exitf("httpsCert and httpsKey must both be either present or absent")
|
|
}
|
|
|
|
defCert := osutil.DefaultTLSCert()
|
|
defKey := osutil.DefaultTLSKey()
|
|
const hint = "You must add this certificate's fingerprint to your client's trusted certs list to use it. Like so:\n\"trustedCerts\": [\"%s\"],"
|
|
if cert == defCert && key == defKey {
|
|
_, err1 := wkfs.Stat(cert)
|
|
_, err2 := wkfs.Stat(key)
|
|
if err1 != nil || err2 != nil {
|
|
if os.IsNotExist(err1) || os.IsNotExist(err2) {
|
|
sig, err := httputil.GenSelfTLSFiles(hostname, defCert, defKey)
|
|
if err != nil {
|
|
exitf("Could not generate self-signed TLS cert: %q", err)
|
|
}
|
|
log.Printf(hint, sig)
|
|
} else {
|
|
exitf("Could not stat cert or key: %q, %q", err1, err2)
|
|
}
|
|
}
|
|
}
|
|
// Always generate new certificates if the config's httpsCert and httpsKey are empty.
|
|
if cert == "" && key == "" {
|
|
sig, err := httputil.GenSelfTLSFiles(hostname, defCert, defKey)
|
|
if err != nil {
|
|
exitf("Could not generate self signed creds: %q", err)
|
|
}
|
|
log.Printf(hint, sig)
|
|
cert = defCert
|
|
key = defKey
|
|
}
|
|
data, err := wkfs.ReadFile(cert)
|
|
if err != nil {
|
|
exitf("Failed to read pem certificate: %s", err)
|
|
}
|
|
sig, err := httputil.CertFingerprint(data)
|
|
if err != nil {
|
|
exitf("certificate error: %v", err)
|
|
}
|
|
log.Printf("TLS enabled, with SHA-256 certificate fingerprint: %v", sig)
|
|
ws.SetTLS(cert, key)
|
|
}
|
|
|
|
var osExit = os.Exit // testing hook
|
|
|
|
func handleSignals(shutdownc <-chan io.Closer) {
|
|
c := make(chan os.Signal, 1)
|
|
signal.Notify(c, syscall.SIGHUP)
|
|
signal.Notify(c, syscall.SIGINT)
|
|
for {
|
|
sig := <-c
|
|
sysSig, ok := sig.(syscall.Signal)
|
|
if !ok {
|
|
log.Fatal("Not a unix signal")
|
|
}
|
|
switch sysSig {
|
|
case syscall.SIGHUP:
|
|
log.Print("SIGHUP: restarting camli")
|
|
err := osutil.RestartProcess()
|
|
if err != nil {
|
|
log.Fatal("Failed to restart: " + err.Error())
|
|
}
|
|
case syscall.SIGINT:
|
|
log.Print("Got SIGINT: shutting down")
|
|
donec := make(chan bool)
|
|
go func() {
|
|
cl := <-shutdownc
|
|
if err := cl.Close(); err != nil {
|
|
exitf("Error shutting down: %v", err)
|
|
}
|
|
donec <- true
|
|
}()
|
|
select {
|
|
case <-donec:
|
|
log.Printf("Shut down.")
|
|
osExit(0)
|
|
case <-time.After(2 * time.Second):
|
|
exitf("Timeout shutting down. Exiting uncleanly.")
|
|
}
|
|
default:
|
|
log.Fatal("Received another signal, should not happen.")
|
|
}
|
|
}
|
|
}
|
|
|
|
// listenAndBaseURL finds the configured, default, or inferred listen address
|
|
// and base URL from the command-line flags and provided config.
|
|
func listenAndBaseURL(config *serverinit.Config) (listen, baseURL string) {
|
|
baseURL = config.OptionalString("baseURL", "")
|
|
listen = *flagListen
|
|
listenConfig := config.OptionalString("listen", "")
|
|
// command-line takes priority over config
|
|
if listen == "" {
|
|
listen = listenConfig
|
|
if listen == "" {
|
|
exitf("\"listen\" needs to be specified either in the config or on the command line")
|
|
}
|
|
}
|
|
return
|
|
}
|
|
|
|
func redirectFromHTTP(base string) {
|
|
http.ListenAndServe(":80", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
http.Redirect(w, r, base, http.StatusFound)
|
|
}))
|
|
}
|
|
|
|
// certHostname figures out the name to use for the TLS certificates, using baseURL
|
|
// and falling back to the listen address if baseURL is empty or invalid.
|
|
func certHostname(listen, baseURL string) (string, error) {
|
|
hostPort, err := netutil.HostPort(baseURL)
|
|
if err != nil {
|
|
hostPort = listen
|
|
}
|
|
hostname, _, err := net.SplitHostPort(hostPort)
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to find hostname for cert from address %q: %v", hostPort, err)
|
|
}
|
|
return hostname, nil
|
|
}
|
|
|
|
// main wraps Main so tests (which generate their own func main) can still run Main.
|
|
func main() {
|
|
Main(nil, nil)
|
|
}
|
|
|
|
// Main sends on up when it's running, and shuts down when it receives from down.
|
|
func Main(up chan<- struct{}, down <-chan struct{}) {
|
|
flag.Parse()
|
|
|
|
if *flagVersion {
|
|
fmt.Fprintf(os.Stderr, "camlistored version: %s\nGo version: %s (%s/%s)\n",
|
|
buildinfo.Version(), runtime.Version(), runtime.GOOS, runtime.GOARCH)
|
|
return
|
|
}
|
|
if *flagLegal {
|
|
for _, l := range legal.Licenses() {
|
|
fmt.Fprintln(os.Stderr, l)
|
|
}
|
|
return
|
|
}
|
|
if *flagRecovery {
|
|
blobpacked.SetRecovery()
|
|
}
|
|
if env.OnGCE() {
|
|
log.SetOutput(gce.LogWriter())
|
|
}
|
|
|
|
if *flagReindex {
|
|
index.SetImpendingReindex()
|
|
}
|
|
|
|
log.Printf("Starting camlistored version %s; Go %s (%s/%s)", buildinfo.Version(), runtime.Version(),
|
|
runtime.GOOS, runtime.GOARCH)
|
|
|
|
shutdownc := make(chan io.Closer, 1) // receives io.Closer to cleanly shut down
|
|
go handleSignals(shutdownc)
|
|
|
|
// In case we're running in a Docker container with no
|
|
// filesytem from which to load the root CAs, this
|
|
// conditionally installs a static set if necessary. We do
|
|
// this before we load the config file, which might come from
|
|
// an https URL.
|
|
httputil.InstallCerts()
|
|
|
|
config, isNewConfig, err := loadConfig(*flagConfigFile)
|
|
if err != nil {
|
|
exitf("Error loading config file: %v", err)
|
|
}
|
|
|
|
ws := webserver.New()
|
|
listen, baseURL := listenAndBaseURL(config)
|
|
|
|
hostname, err := certHostname(listen, baseURL)
|
|
if err != nil {
|
|
exitf("Bad baseURL or listen address: %v", err)
|
|
}
|
|
setupTLS(ws, config, hostname)
|
|
|
|
err = ws.Listen(listen)
|
|
if err != nil {
|
|
exitf("Listen: %v", err)
|
|
}
|
|
|
|
if baseURL == "" {
|
|
baseURL = ws.ListenURL()
|
|
}
|
|
|
|
shutdownCloser, err := config.InstallHandlers(ws, baseURL, *flagReindex, nil)
|
|
if err != nil {
|
|
exitf("Error parsing config: %v", err)
|
|
}
|
|
shutdownc <- shutdownCloser
|
|
|
|
urlToOpen := baseURL
|
|
if !isNewConfig {
|
|
// user may like to configure the server at the initial startup,
|
|
// open UI if this is not the first run with a new config file.
|
|
urlToOpen += config.UIPath
|
|
}
|
|
|
|
if *flagOpenBrowser {
|
|
go osutil.OpenURL(urlToOpen)
|
|
}
|
|
|
|
go ws.Serve()
|
|
if flagPollParent {
|
|
osutil.DieOnParentDeath()
|
|
}
|
|
|
|
if err := config.StartApps(); err != nil {
|
|
exitf("StartApps: %v", err)
|
|
}
|
|
|
|
for appName, appURL := range config.AppURL() {
|
|
addr, err := netutil.HostPort(appURL)
|
|
if err != nil {
|
|
log.Printf("Could not get app %v address: %v", appName, err)
|
|
continue
|
|
}
|
|
if err := netutil.AwaitReachable(addr, 5*time.Second); err != nil {
|
|
log.Printf("Could not reach app %v: %v", appName, err)
|
|
}
|
|
}
|
|
log.Printf("Available on %s", urlToOpen)
|
|
|
|
if env.OnGCE() && strings.HasPrefix(baseURL, "https://") {
|
|
go redirectFromHTTP(baseURL)
|
|
}
|
|
|
|
// Block forever, except during tests.
|
|
up <- struct{}{}
|
|
<-down
|
|
osExit(0)
|
|
}
|