AdGuardHome/internal/home/web.go

231 lines
6.2 KiB
Go
Raw Normal View History

2020-02-19 15:24:55 +03:00
package home
import (
"context"
"crypto/tls"
"net"
"net/http"
"strconv"
"sync"
"time"
2020-02-19 15:24:55 +03:00
"github.com/AdguardTeam/AdGuardHome/internal/util"
2020-02-19 15:24:55 +03:00
"github.com/AdguardTeam/golibs/log"
"github.com/NYTimes/gziphandler"
"github.com/gobuffalo/packr"
)
const (
// ReadTimeout is the maximum duration for reading the entire request,
// including the body.
ReadTimeout = 10 * time.Second
// ReadHeaderTimeout is the amount of time allowed to read request
// headers.
ReadHeaderTimeout = 10 * time.Second
// WriteTimeout is the maximum duration before timing out writes of the
// response.
WriteTimeout = 10 * time.Second
)
type webConfig struct {
2020-02-19 15:24:55 +03:00
firstRun bool
BindHost string
BindPort int
PortHTTPS int
// ReadTimeout is an option to pass to http.Server for setting an
// appropriate field.
ReadTimeout time.Duration
// ReadHeaderTimeout is an option to pass to http.Server for setting an
// appropriate field.
ReadHeaderTimeout time.Duration
// WriteTimeout is an option to pass to http.Server for setting an
// appropriate field.
WriteTimeout time.Duration
2020-02-19 15:24:55 +03:00
}
// HTTPSServer - HTTPS Server
type HTTPSServer struct {
server *http.Server
cond *sync.Cond
condLock sync.Mutex
shutdown bool // if TRUE, don't restart the server
enabled bool
cert tls.Certificate
}
// Web - module object
type Web struct {
conf *webConfig
2020-02-19 15:24:55 +03:00
forceHTTPS bool
portHTTPS int
httpServer *http.Server // HTTP module
httpsServer HTTPSServer // HTTPS module
}
// CreateWeb - create module
func CreateWeb(conf *webConfig) *Web {
2020-04-15 15:17:57 +03:00
log.Info("Initialize web module")
2020-02-19 15:24:55 +03:00
w := Web{}
w.conf = conf
// Initialize and run the admin Web interface
box := packr.NewBox("../../build/static")
2020-02-19 15:24:55 +03:00
// if not configured, redirect / to /install.html, otherwise redirect /install.html to /
Context.mux.Handle("/", postInstallHandler(optionalAuthHandler(gziphandler.GzipHandler(http.FileServer(box)))))
2020-02-19 15:24:55 +03:00
// add handlers for /install paths, we only need them when we're not configured yet
if conf.firstRun {
log.Info("This is the first launch of AdGuard Home, redirecting everything to /install.html ")
Context.mux.Handle("/install.html", preInstallHandler(http.FileServer(box)))
2020-02-19 15:24:55 +03:00
w.registerInstallHandlers()
} else {
registerControlHandlers()
}
w.httpsServer.cond = sync.NewCond(&w.httpsServer.condLock)
return &w
}
// WebCheckPortAvailable - check if port is available
// BUT: if we are already using this port, no need
func WebCheckPortAvailable(port int) bool {
alreadyRunning := false
if Context.web.httpsServer.server != nil {
alreadyRunning = true
}
if !alreadyRunning {
err := util.CheckPortAvailable(config.BindHost, port)
if err != nil {
return false
}
}
return true
}
// TLSConfigChanged - called when TLS configuration has changed
2020-04-05 18:34:43 +03:00
func (web *Web) TLSConfigChanged(tlsConf tlsConfigSettings) {
2020-02-19 15:24:55 +03:00
log.Debug("Web: applying new TLS configuration")
2020-04-05 18:34:43 +03:00
web.conf.PortHTTPS = tlsConf.PortHTTPS
web.forceHTTPS = (tlsConf.ForceHTTPS && tlsConf.Enabled && tlsConf.PortHTTPS != 0)
web.portHTTPS = tlsConf.PortHTTPS
2020-02-19 15:24:55 +03:00
enabled := tlsConf.Enabled &&
tlsConf.PortHTTPS != 0 &&
len(tlsConf.PrivateKeyData) != 0 &&
len(tlsConf.CertificateChainData) != 0
var cert tls.Certificate
var err error
if enabled {
cert, err = tls.X509KeyPair(tlsConf.CertificateChainData, tlsConf.PrivateKeyData)
if err != nil {
log.Fatal(err)
}
}
2020-04-05 18:34:43 +03:00
web.httpsServer.cond.L.Lock()
if web.httpsServer.server != nil {
_ = web.httpsServer.server.Shutdown(context.TODO())
2020-02-19 15:24:55 +03:00
}
2020-04-05 18:34:43 +03:00
web.httpsServer.enabled = enabled
web.httpsServer.cert = cert
web.httpsServer.cond.Broadcast()
web.httpsServer.cond.L.Unlock()
2020-02-19 15:24:55 +03:00
}
// Start - start serving HTTP requests
2020-04-05 18:34:43 +03:00
func (web *Web) Start() {
2020-02-19 15:24:55 +03:00
// for https, we have a separate goroutine loop
go web.tlsServerLoop()
2020-02-19 15:24:55 +03:00
// this loop is used as an ability to change listening host and/or port
2020-04-05 18:34:43 +03:00
for !web.httpsServer.shutdown {
2020-02-19 15:24:55 +03:00
printHTTPAddresses("http")
// we need to have new instance, because after Shutdown() the Server is not usable
2020-04-05 18:34:43 +03:00
address := net.JoinHostPort(web.conf.BindHost, strconv.Itoa(web.conf.BindPort))
web.httpServer = &http.Server{
ErrorLog: log.StdLog("web: http", log.DEBUG),
Addr: address,
Handler: withMiddlewares(Context.mux, limitRequestBody),
ReadTimeout: web.conf.ReadTimeout,
ReadHeaderTimeout: web.conf.ReadHeaderTimeout,
WriteTimeout: web.conf.WriteTimeout,
2020-02-19 15:24:55 +03:00
}
2020-04-05 18:34:43 +03:00
err := web.httpServer.ListenAndServe()
2020-02-19 15:24:55 +03:00
if err != http.ErrServerClosed {
cleanupAlways()
log.Fatal(err)
}
// We use ErrServerClosed as a sign that we need to rebind on new address, so go back to the start of the loop
}
}
// Close - stop HTTP server, possibly waiting for all active connections to be closed
2020-04-05 18:34:43 +03:00
func (web *Web) Close() {
2020-02-19 15:24:55 +03:00
log.Info("Stopping HTTP server...")
2020-04-05 18:34:43 +03:00
web.httpsServer.cond.L.Lock()
web.httpsServer.shutdown = true
web.httpsServer.cond.L.Unlock()
if web.httpsServer.server != nil {
_ = web.httpsServer.server.Shutdown(context.TODO())
2020-02-19 15:24:55 +03:00
}
2020-04-05 18:34:43 +03:00
if web.httpServer != nil {
_ = web.httpServer.Shutdown(context.TODO())
2020-02-19 15:24:55 +03:00
}
log.Info("Stopped HTTP server")
}
func (web *Web) tlsServerLoop() {
2020-02-19 15:24:55 +03:00
for {
2020-04-05 18:34:43 +03:00
web.httpsServer.cond.L.Lock()
if web.httpsServer.shutdown {
web.httpsServer.cond.L.Unlock()
2020-02-19 15:24:55 +03:00
break
}
// this mechanism doesn't let us through until all conditions are met
2020-04-05 18:34:43 +03:00
for !web.httpsServer.enabled { // sleep until necessary data is supplied
web.httpsServer.cond.Wait()
if web.httpsServer.shutdown {
web.httpsServer.cond.L.Unlock()
2020-02-19 15:24:55 +03:00
return
}
}
2020-04-05 18:34:43 +03:00
web.httpsServer.cond.L.Unlock()
2020-02-19 15:24:55 +03:00
// prepare HTTPS server
2020-04-05 18:34:43 +03:00
address := net.JoinHostPort(web.conf.BindHost, strconv.Itoa(web.conf.PortHTTPS))
web.httpsServer.server = &http.Server{
ErrorLog: log.StdLog("web: https", log.DEBUG),
Addr: address,
2020-02-19 15:24:55 +03:00
TLSConfig: &tls.Config{
2020-04-05 18:34:43 +03:00
Certificates: []tls.Certificate{web.httpsServer.cert},
2020-02-19 15:24:55 +03:00
MinVersion: tls.VersionTLS12,
RootCAs: Context.tlsRoots,
CipherSuites: Context.tlsCiphers,
2020-02-19 15:24:55 +03:00
},
Handler: Context.mux,
ReadTimeout: web.conf.ReadTimeout,
ReadHeaderTimeout: web.conf.ReadHeaderTimeout,
WriteTimeout: web.conf.WriteTimeout,
2020-02-19 15:24:55 +03:00
}
printHTTPAddresses("https")
2020-04-05 18:34:43 +03:00
err := web.httpsServer.server.ListenAndServeTLS("", "")
2020-02-19 15:24:55 +03:00
if err != http.ErrServerClosed {
cleanupAlways()
log.Fatal(err)
}
}
}