about summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorAlan Pearce2024-06-28 16:54:42 +0200
committerAlan Pearce2024-06-28 16:54:42 +0200
commite29149ae9b0cd31f38beb38b0f4ea4e1599f4d93 (patch)
tree40f9f63157ad14d953a900f0971791c874c0a1ce
parent5dcf04d83605f5cfe1bf83c0a4c296bae47c3365 (diff)
downloadwebsite-e29149ae9b0cd31f38beb38b0f4ea4e1599f4d93.tar.lz
website-e29149ae9b0cd31f38beb38b0f4ea4e1599f4d93.tar.zst
website-e29149ae9b0cd31f38beb38b0f4ea4e1599f4d93.zip
use socket passing also for TLS
-rw-r--r--internal/listenfd/listenfd.go30
-rw-r--r--internal/server/tcp.go17
-rw-r--r--internal/server/tls.go10
-rwxr-xr-xjustfile5
4 files changed, 40 insertions, 22 deletions
diff --git a/internal/listenfd/listenfd.go b/internal/listenfd/listenfd.go
index 7d020b0..72259aa 100644
--- a/internal/listenfd/listenfd.go
+++ b/internal/listenfd/listenfd.go
@@ -1,16 +1,44 @@
 package listenfd
 
 import (
+	"crypto/tls"
 	"net"
 	"os"
 	"strconv"
+	"website/internal/log"
 
 	"github.com/pkg/errors"
 )
 
 const fdStart = 3
 
-func GetListener(i uint64) (net.Listener, error) {
+func GetListener(i uint64, addr string) (l net.Listener, err error) {
+	l, err = getFDSocket(0)
+	if err != nil {
+		log.Warn("could not create listener from listenfd", "error", err)
+	}
+
+	log.Debug("listener from listenfd?", "passed", l != nil)
+	if l == nil {
+		l, err = net.Listen("tcp", addr)
+		if err != nil {
+			return nil, errors.Wrap(err, "could not create listener")
+		}
+	}
+
+	return
+}
+
+func GetListenerTLS(i uint64, addr string, config *tls.Config) (l net.Listener, err error) {
+	l, err = GetListener(i, addr)
+	if err != nil {
+		return nil, err
+	}
+
+	return tls.NewListener(l, config), nil
+}
+
+func getFDSocket(i uint64) (net.Listener, error) {
 	lfds, present := os.LookupEnv("LISTEN_FDS")
 	if !present {
 		return nil, nil
diff --git a/internal/server/tcp.go b/internal/server/tcp.go
index 4dc3314..b38da3d 100644
--- a/internal/server/tcp.go
+++ b/internal/server/tcp.go
@@ -1,26 +1,13 @@
 package server
 
 import (
-	"net"
-
 	"website/internal/listenfd"
-	"website/internal/log"
-
-	"github.com/pkg/errors"
 )
 
 func (s *Server) serveTCP() error {
-	l, err := listenfd.GetListener(0)
+	l, err := listenfd.GetListener(0, s.Addr)
 	if err != nil {
-		log.Warn("could not create listener from listenfd", "error", err)
-	}
-
-	log.Debug("listener from listenfd?", "passed", l != nil)
-	if l == nil {
-		l, err = net.Listen("tcp", s.Addr)
-		if err != nil {
-			return errors.Wrap(err, "could not create listener")
-		}
+		return err
 	}
 
 	return s.Serve(l)
diff --git a/internal/server/tls.go b/internal/server/tls.go
index f538f88..565958f 100644
--- a/internal/server/tls.go
+++ b/internal/server/tls.go
@@ -2,11 +2,11 @@ package server
 
 import (
 	"context"
-	"crypto/tls"
 	"crypto/x509"
 	"net"
 	"net/http"
 	"strconv"
+	"website/internal/listenfd"
 	"website/internal/log"
 
 	"github.com/ardanlabs/conf/v3"
@@ -95,8 +95,8 @@ func (s *Server) serveTLS() (err error) {
 	tlsConfig := cfg.TLSConfig()
 	tlsConfig.NextProtos = append([]string{"h2", "http/1.1"}, tlsConfig.NextProtos...)
 
-	sln, err := tls.Listen(
-		"tcp",
+	sln, err := listenfd.GetListenerTLS(
+		0,
 		net.JoinHostPort(s.runtimeConfig.ListenAddress, strconv.Itoa(s.runtimeConfig.TLSPort)),
 		tlsConfig,
 	)
@@ -104,8 +104,8 @@ func (s *Server) serveTLS() (err error) {
 		return errors.Wrap(err, "could not bind tls socket")
 	}
 
-	ln, err := net.Listen(
-		"tcp",
+	ln, err := listenfd.GetListener(
+		1,
 		net.JoinHostPort(s.runtimeConfig.ListenAddress, strconv.Itoa(s.runtimeConfig.Port)),
 	)
 	if err != nil {
diff --git a/justfile b/justfile
index f799c1b..aab1b65 100755
--- a/justfile
+++ b/justfile
@@ -2,6 +2,9 @@
 #!nix-shell -i "just --justfile"
 
 docker_registry := "registry.fly.io/alanpearce-eu"
+listen_address := env_var_or_default("LISTEN_ADDRESS", "::1")
+tls_port := env_var_or_default("TLS_PORT", "8443")
+port := env_var_or_default("PORT", "8080")
 
 default:
 	@just --list --justfile {{ justfile() }} --unsorted
@@ -24,7 +27,7 @@ build:
 	go run ./cmd/build
 
 dev:
-	modd
+	systemfd -s https::{{ listen_address }}:{{ tls_port }} -s http::{{ listen_address }}:{{ port }} -- modd
 
 ci: build check-links