let fly terminate TLS They have enough information to get private keys anyway
7 files changed, 9 insertions(+), 272 deletions(-)
M fly.toml → fly.toml
@@ -8,18 +8,11 @@ primary_region = "ams" [env] SERVER_PORT = "8080" - SERVER_TLS_PORT = "8443" SERVER_LISTEN_ADDRESS = "::" - SERVER_TLS = "true" - POWERDNS_SERVER_URL = "https://pdns.alanpearce.eu" - # POWERDNS_API_TOKEN = "from fly secret" WEBSITE_SOURCE = "/data/website" WEBSITE_DESTINATION = "/data/public" WEBSITE_VCS_REMOTE_URL = "https://git.alanpearce.eu/website.git" GOMEMLIMIT = "200MiB" - REDIS_ADDRESS = "redis.alanpearce.eu:6379" - REDIS_TLS_ENABLED = "true" - REDIS_TLS_INSECURE = "false" [[services]] internal_port = 8080@@ -31,20 +24,13 @@ [[services.ports]] port = 80 -[[services]] - internal_port = 8443 - [[services.ports]] + handler = [ "tls" ] port = 443 - [services.concurrency] - type = "requests" - soft_limit = 15000 - [[services.http_checks]] grace_period = "10s" - protocol = "https" - tls_server_name = "alanpearce.eu" + protocol = "http" interval = "10s" method = "GET" timeout = "1s"
M go.mod → go.mod
@@ -7,8 +7,6 @@ github.com/BurntSushi/toml v1.4.0 github.com/PuerkitoBio/goquery v1.10.1 github.com/a-h/templ v0.3.833 github.com/adrg/frontmatter v0.2.0 - github.com/alanpearce/certmagic v0.21.5-0.20241130183548-380075cf3bb8 - github.com/alanpearce/certmagic-storage-redis v1.5.1 github.com/andybalholm/brotli v1.1.0 github.com/antchfx/xmlquery v1.4.1 github.com/antchfx/xpath v1.3.1@@ -20,7 +18,6 @@ github.com/fatih/structtag v1.2.0 github.com/fsnotify/fsnotify v1.7.0 github.com/go-git/go-git/v5 v5.12.0 github.com/kevinpollet/nego v0.0.0-20211010160919-a65cd48cee43 - github.com/libdns/powerdns v0.1.3 github.com/osdevisnot/sorvor v0.4.4 github.com/snabb/sitemap v1.0.4 github.com/stefanfritsch/goldmark-fences v1.0.0@@ -41,13 +38,9 @@ github.com/benpate/domain v0.2.2 // indirect github.com/benpate/exp v0.8.3 // indirect github.com/benpate/remote v0.16.0 // indirect github.com/benpate/rosetta v0.21.2 // indirect - github.com/bsm/redislock v0.9.4 // indirect - github.com/caddyserver/zerossl v0.1.3 // indirect - github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/cloudflare/circl v1.3.9 // indirect github.com/cyphar/filepath-securejoin v0.2.5 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.5.0 // indirect@@ -55,33 +48,23 @@ github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/gorilla/css v1.0.1 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect - github.com/klauspost/cpuid/v2 v2.2.9 // indirect - github.com/libdns/libdns v0.2.2 // indirect - github.com/mholt/acmez/v2 v2.0.3 // indirect github.com/microcosm-cc/bluemonday v1.0.26 // indirect - github.com/miekg/dns v1.1.62 // indirect - github.com/mittwald/go-powerdns v0.6.6 // indirect github.com/onsi/gomega v1.34.2 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/redis/go-redis/v9 v9.7.0 // indirect github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect github.com/skeema/knownhosts v1.2.2 // indirect github.com/snabb/diagio v1.0.4 // indirect github.com/sykesm/zap-logfmt v0.0.4 // indirect github.com/thessem/zap-prettyconsole v0.5.0 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect - github.com/zeebo/blake3 v0.2.4 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect golang.org/x/crypto v0.31.0 // indirect - golang.org/x/mod v0.22.0 // indirect golang.org/x/net v0.33.0 // indirect - golang.org/x/sync v0.10.0 // indirect golang.org/x/sys v0.28.0 // indirect golang.org/x/text v0.21.0 // indirect - golang.org/x/tools v0.27.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect moul.io/zapfilter v1.7.0 // indirect
M go.sum → go.sum
@@ -16,10 +16,6 @@ github.com/a-h/templ v0.3.833 h1:L/KOk/0VvVTBegtE0fp2RJQiBm7/52Zxv5fqlEHiQUU= github.com/a-h/templ v0.3.833/go.mod h1:cAu4AiZhtJfBjMY0HASlyzvkrtjnHWPeEsyGK2YYmfk= github.com/adrg/frontmatter v0.2.0 h1:/DgnNe82o03riBd1S+ZDjd43wAmC6W35q67NHeLkPd4= github.com/adrg/frontmatter v0.2.0/go.mod h1:93rQCj3z3ZlwyxxpQioRKC1wDLto4aXHrbqIsnH9wmE= -github.com/alanpearce/certmagic v0.21.5-0.20241130183548-380075cf3bb8 h1:zXMqLbPaaGw3+N5yS49xqcoPt9q6C9SvJ211yVNcz5s= -github.com/alanpearce/certmagic v0.21.5-0.20241130183548-380075cf3bb8/go.mod h1:DyLSMKw5IvmPRa6Tbv7z9NAr0A+IQDlYGVsGIDCwzdA= -github.com/alanpearce/certmagic-storage-redis v1.5.1 h1:PIA2Tim/IDoMhpj5AoJ8yB/LuZ+luinP2xm+1Pg7qnM= -github.com/alanpearce/certmagic-storage-redis v1.5.1/go.mod h1:8PVJ3OyplDaLfU1JTJ3yTD0qcYVHVO+ppVLE42OY27k= github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= github.com/andybalholm/cascadia v1.3.3 h1:AG2YHrzJIm4BZ19iwJ/DAua6Btl3IwJX+VI4kktS1LM=@@ -49,17 +45,7 @@ github.com/benpate/remote v0.16.0 h1:YFXsLRjJNBPAVSZTEsgaOG7kMSHYn36z/1DmsrZU/FY= github.com/benpate/remote v0.16.0/go.mod h1:6OeZOYeEUyF0HDFaL1QPY9yboU3EvGYTNdABiRBNiF0= github.com/benpate/rosetta v0.21.2 h1:tBIfVzCv7vyLBZtF0ETAHDsvIKc28hCVBbLL7QE42pw= github.com/benpate/rosetta v0.21.2/go.mod h1:xH4gwL4OANy3PiaRq/ED4R9tU3oZ9atvH/nBzVLIfBg= -github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs= -github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c= -github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA= -github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0= -github.com/bsm/redislock v0.9.4 h1:X/Wse1DPpiQgHbVYRE9zv6m070UcKoOGekgvpNhiSvw= -github.com/bsm/redislock v0.9.4/go.mod h1:Epf7AJLiSFwLCiZcfi6pWFO/8eAYrYpQXFxEDPoDeAk= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= -github.com/caddyserver/zerossl v0.1.3 h1:onS+pxp3M8HnHpN5MMbOMyNjmTheJyWRaZYwn+YTAyA= -github.com/caddyserver/zerossl v0.1.3/go.mod h1:CxA0acn7oEGO6//4rtrRjYgEoa4MFw/XofZnrYwGqG4= -github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= -github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cloudflare/circl v1.3.9 h1:QFrlgFYf2Qpi8bSpVPK1HBvWpx16v/1TZivyo7pGuBE= github.com/cloudflare/circl v1.3.9/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU=@@ -73,8 +59,6 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/deckarep/golang-set/v2 v2.6.0 h1:XfcQbWM1LlMB8BsJ8N9vW5ehnnPVIw0je80NsVHagjM= github.com/deckarep/golang-set/v2 v2.6.0/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4= -github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= -github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=@@ -105,8 +89,6 @@ github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/gorilla/css v1.0.1 h1:ntNaBIghp6JmvWnxbZKANoLyuXTPZ4cAMlo6RyhlbO8= github.com/gorilla/css v1.0.1/go.mod h1:BvnYkspnSzMmwRK+b8/xgNPLiIuNZr6vbZBTPQ2A3b0= -github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw= -github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=@@ -114,8 +96,6 @@ github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kevinpollet/nego v0.0.0-20211010160919-a65cd48cee43 h1:Pdirg1gwhEcGjMLyuSxGn9664p+P8J9SrfMgpFwrDyg= github.com/kevinpollet/nego v0.0.0-20211010160919-a65cd48cee43/go.mod h1:ahLMuLCUyDdXqtqGyuwGev7/PGtO7r7ocvdwDuEN/3E= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/cpuid/v2 v2.2.9 h1:66ze0taIn2H33fBvCkXuv9BmCwDfafmiIVpKV9kKGuY= -github.com/klauspost/cpuid/v2 v2.2.9/go.mod h1:rqkxqrZ1EhYM9G+hXH7YdowN5R5RGN6NK4QwQ3WMXF8= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=@@ -123,19 +103,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/libdns/libdns v0.2.2 h1:O6ws7bAfRPaBsgAYt8MDe2HcNBGC29hkZ9MX2eUSX3s= -github.com/libdns/libdns v0.2.2/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ= -github.com/libdns/powerdns v0.1.3 h1:rRD/P0g/9Ru8cu4eGxiLp8GrMZTkj+BnNwIevTkUphM= -github.com/libdns/powerdns v0.1.3/go.mod h1:xUy794+JpPeN9tM6PC1JITdetgRfRnPH1UFTrd2Eu2Y= -github.com/mholt/acmez/v2 v2.0.3 h1:CgDBlEwg3QBp6s45tPQmFIBrkRIkBT4rW4orMM6p4sw= -github.com/mholt/acmez/v2 v2.0.3/go.mod h1:pQ1ysaDeGrIMvJ9dfJMk5kJNkn7L2sb3UhyrX6Q91cw= github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3rQ0k/Khz58= github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02CGwkhd72Xdqh78TWs= -github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ= -github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ= -github.com/mittwald/go-powerdns v0.6.6 h1:yQcuszhl98+jJgELjD5ecfxCQWoshhnArexpwrwQxLY= -github.com/mittwald/go-powerdns v0.6.6/go.mod h1:adWJ860laOgm14afg+7V0nCa5NQT37oEYe2HRhoS/CA= -github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms= github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/osdevisnot/sorvor v0.4.4 h1:hcMWsWOKpUtDUE3F7dra1Jf12ftLHfgDcxlyPeVlz0Y=@@ -149,8 +118,6 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/redis/go-redis/v9 v9.7.0 h1:HhLSs+B6O021gwzl+locl0zEDnyNkxMtf/Z3NNBMa9E= -github.com/redis/go-redis/v9 v9.7.0/go.mod h1:f6zhXITC7JUJIlPEiBOTXxJgPLdZcA93GewI7inzyWw= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=@@ -185,12 +152,6 @@ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/yuin/goldmark v1.7.4 h1:BDXOHExt+A7gwPCJgPIIq7ENvceR7we7rOS9TNoLZeg= github.com/yuin/goldmark v1.7.4/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E= -github.com/zeebo/assert v1.1.0 h1:hU1L1vLTHsnO8x8c9KAR5GmM5QscxHg5RNU5z5qbUWY= -github.com/zeebo/assert v1.1.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0= -github.com/zeebo/blake3 v0.2.4 h1:KYQPkhpRtcqh0ssGYcKLG1JYvddkEA8QwCM/yBqhaZI= -github.com/zeebo/blake3 v0.2.4/go.mod h1:7eeQ6d2iXWRGF6npfaxl2CU+xy2Fjo2gxeyZGCRUjcE= -github.com/zeebo/pcg v1.0.1 h1:lyqfGeWiv4ahac6ttHs+I5hwtH/+1mrhlCtVNQM2kHo= -github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4= gitlab.com/tozd/go/errors v0.8.1 h1:RfylffRAsl3PbDdHNUBEkTleTCiL/RIT+Ef8p0HRNCI= gitlab.com/tozd/go/errors v0.8.1/go.mod h1:PvIdUMLpPwxr+KEBxghQaCMydHXGYdJQn/PhdMqYREY= go.alanpearce.eu/x v0.0.0-20241203124832-a29434dba11a h1:NUv3AzGxwMVSq26takww8/nyl+sPO2BsESoVSU8G49U=@@ -234,8 +195,6 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= -golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=@@ -262,7 +221,6 @@ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=@@ -326,8 +284,6 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o= -golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=@@ -337,8 +293,6 @@ gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/h2non/gock.v1 v1.0.14 h1:fTeu9fcUvSnLNacYvYI54h+1/XEteDyHvrVCZEEEYNM= -gopkg.in/h2non/gock.v1 v1.0.14/go.mod h1:sX4zAkdYX1TRGJ2JY156cFspQn4yRWn6p9EMdODlynE= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
M internal/server/server.go → internal/server/server.go
@@ -25,11 +25,6 @@ type Options struct { ListenAddress string `conf:"default:localhost"` Port int `conf:"default:8080,short:p"` - TLS bool `conf:"default:false"` - TLSPort int `conf:"default:8443"` - - ACMEIssuer string - ACMEIssuerCert string Domains []string `conf:"-"` WildcardDomains []string `conf:"-"`@@ -79,14 +74,6 @@ } s.mux.Handle("/", app.Handler) } -func (s *Server) serve(tls bool) error { - if tls { - return s.serveTLS() - } - - return s.serveTCP() -} - func (s *Server) Start() error { top := http.NewServeMux() top.Handle("/",@@ -107,7 +94,7 @@ IdleTimeout: IdleTimeout, Handler: top, } - if err := s.serve(s.options.TLS); err != http.ErrServerClosed { + if err := s.serveTCP(); err != http.ErrServerClosed { return errors.WithMessage(err, "error creating/closing server") }
D internal/server/tls.go
@@ -1,173 +0,0 @@ -package server - -import ( - "context" - "crypto/x509" - "net" - "net/http" - "slices" - "strconv" - "strings" - - "go.alanpearce.eu/x/listenfd" - - "github.com/alanpearce/certmagic" - certmagic_redis "github.com/alanpearce/certmagic-storage-redis" - "github.com/ardanlabs/conf/v3" - "github.com/libdns/powerdns" - "gitlab.com/tozd/go/errors" -) - -type redisConfig struct { - Address string `conf:"required"` - Username string `conf:"default:default"` - Password string `conf:"required"` - EncryptionKey string `conf:"required"` - KeyPrefix string `conf:"default:certmagic"` - TLSEnabled bool `conf:"default:false"` - TLSInsecure bool `conf:"default:false"` -} - -func (s *Server) serveTLS() (err error) { - log := s.log.Named("tls") - - wildcardDomains := slices.Clone(s.options.WildcardDomains) - certificateDomains := slices.Clone(s.options.Domains) - - if len(certificateDomains) == 0 { - return errors.New("no TLS without domains") - } - - certmagic.HTTPPort = s.options.Port - certmagic.HTTPSPort = s.options.TLSPort - certmagic.Default.Logger = log.GetLogger().Named("certmagic") - cfg := certmagic.NewDefault() - - acme := &certmagic.DefaultACME - acme.Logger = certmagic.Default.Logger - acme.Agreed = true - acme.ListenHost = strings.Trim(s.options.ListenAddress, "[]") - - if s.options.ACMEIssuer != "" { - cp, err := x509.SystemCertPool() - if err != nil { - log.Warn("could not get system certificate pool", "error", err) - cp = x509.NewCertPool() - } - - if cacert := s.options.ACMEIssuerCert; cacert != "" { - cp.AppendCertsFromPEM([]byte(cacert)) - } - - // caddy's ACME server (step-ca) doesn't specify an OCSP server - cfg.OCSP.DisableStapling = true - - acme.CA = s.options.ACMEIssuer - acme.TrustedRoots = cp - acme.DisableTLSALPNChallenge = true - } else { - rc := &redisConfig{} - _, err = conf.Parse("REDIS", rc) - if err != nil { - return errors.WithMessage(err, "could not parse redis config") - } - - pdns := &powerdns.Provider{} - _, err = conf.Parse("POWERDNS", pdns) - if err != nil { - return errors.WithMessage(err, "could not parse PowerDNS ACME config") - } - - acme.DNS01Solver = &certmagic.DNS01Solver{ - DNSManager: certmagic.DNSManager{ - DNSProvider: pdns, - Logger: cfg.Logger, - }, - } - - if len(wildcardDomains) > 0 { - certificateDomains = append(certificateDomains, wildcardDomains...) - } - - rs := certmagic_redis.New() - rs.Address = []string{rc.Address} - rs.Username = rc.Username - rs.Password = rc.Password - rs.EncryptionKey = rc.EncryptionKey - rs.KeyPrefix = rc.KeyPrefix - rs.TlsEnabled = rc.TLSEnabled - rs.TlsInsecure = rc.TLSInsecure - - cfg.Storage = rs - err = rs.ProvisionCertMagic(context.TODO(), log.GetLogger()) - if err != nil { - return errors.WithMessage(err, "could not provision redis storage") - } - } - - ln, err := listenfd.GetListener( - 1, - net.JoinHostPort(s.options.ListenAddress, strconv.Itoa(s.options.Port)), - log.Named("listenfd"), - ) - if err != nil { - return errors.WithMessage(err, "could not bind plain socket") - } - - go func(ln net.Listener, srv *http.Server) { - httpMux := http.NewServeMux() - httpMux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { - if certmagic.LooksLikeHTTPChallenge(r) && - acme.HandleHTTPChallenge(w, r) { - return - } - if slices.Contains(s.options.Domains, r.Host) { - url := r.URL - url.Scheme = "https" - url.Host = r.Host - http.Redirect(w, r, url.String(), http.StatusMovedPermanently) - } else { - http.NotFound(w, r) - } - }) - srv.Handler = httpMux - - if err := srv.Serve(ln); err != nil && !errors.Is(err, http.ErrServerClosed) { - log.Error("error in http handler", "error", err) - } - }(ln, &http.Server{ - ReadHeaderTimeout: ReadHeaderTimeout, - ReadTimeout: ReadTimeout, - WriteTimeout: WriteTimeout, - IdleTimeout: IdleTimeout, - }) - - log.Debug( - "starting certmagic", - "http_port", - s.options.Port, - "https_port", - s.options.TLSPort, - "domains", - certificateDomains, - ) - cfg.Issuers = []certmagic.Issuer{certmagic.NewACMEIssuer(cfg, *acme)} - err = cfg.ManageAsync(context.TODO(), certificateDomains) - if err != nil { - return errors.WithMessage(err, "could not enable TLS") - } - tlsConfig := cfg.TLSConfig() - tlsConfig.NextProtos = append([]string{"h2", "http/1.1"}, tlsConfig.NextProtos...) - - sln, err := listenfd.GetListenerTLS( - 0, - net.JoinHostPort(s.options.ListenAddress, strconv.Itoa(s.options.TLSPort)), - tlsConfig, - log.Named("listenfd"), - ) - if err != nil { - return errors.WithMessage(err, "could not bind tls socket") - } - - return s.server.Serve(sln) -}
M justfile → justfile
@@ -4,7 +4,6 @@ docker_registry := "registry.fly.io/alanpearce-eu" docker-tag := env_var_or_default("DOCKER_TAG", `date -u +%Y%m%d%H%M%S` + "-" + `git rev-parse --short HEAD`) listen_address := env_var_or_default("SERVER_LISTEN_ADDRESS", "::1") -tls_port := env_var_or_default("SERVER_TLS_PORT", "8443") port := env_var_or_default("SERVER_PORT", "8080") website_repo := env_var_or_default("SOURCE", "../website")@@ -29,7 +28,7 @@ templ generate SOURCE={{ website_repo }} go run ./cmd/build {{ BUILD_FLAGS }} dev: - systemfd -s https::{{ listen_address }}:{{ tls_port }} -s http::{{ listen_address }}:{{ port }} -- modd + systemfd -s http::{{ listen_address }}:{{ port }} -- modd ci: build check-links
M taplo.toml → taplo.toml
@@ -1,7 +1,8 @@ #:schema taplo://taplo.toml [formatting] - indent_tables = true - indent_entries = true - array_auto_collapse = false - compact_arrays = false + indent_string = " " + indent_tables = true + indent_entries = true + array_auto_collapse = false + compact_arrays = false