use socket passing also for TLS
Alan Pearce alan@alanpearce.eu
Fri, 28 Jun 2024 16:54:42 +0200
4 files changed, 40 insertions(+), 22 deletions(-)
M internal/listenfd/listenfd.go → internal/listenfd/listenfd.go
@@ -1,16 +1,44 @@ package listenfd import ( + "crypto/tls" "net" "os" "strconv" + "website/internal/log" "github.com/pkg/errors" ) const fdStart = 3 -func GetListener(i uint64) (net.Listener, error) { +func GetListener(i uint64, addr string) (l net.Listener, err error) { + l, err = getFDSocket(0) + if err != nil { + log.Warn("could not create listener from listenfd", "error", err) + } + + log.Debug("listener from listenfd?", "passed", l != nil) + if l == nil { + l, err = net.Listen("tcp", addr) + if err != nil { + return nil, errors.Wrap(err, "could not create listener") + } + } + + return +} + +func GetListenerTLS(i uint64, addr string, config *tls.Config) (l net.Listener, err error) { + l, err = GetListener(i, addr) + if err != nil { + return nil, err + } + + return tls.NewListener(l, config), nil +} + +func getFDSocket(i uint64) (net.Listener, error) { lfds, present := os.LookupEnv("LISTEN_FDS") if !present { return nil, nil
M internal/server/tcp.go → internal/server/tcp.go
@@ -1,26 +1,13 @@ package server import ( - "net" - "website/internal/listenfd" - "website/internal/log" - - "github.com/pkg/errors" ) func (s *Server) serveTCP() error { - l, err := listenfd.GetListener(0) + l, err := listenfd.GetListener(0, s.Addr) if err != nil { - log.Warn("could not create listener from listenfd", "error", err) - } - - log.Debug("listener from listenfd?", "passed", l != nil) - if l == nil { - l, err = net.Listen("tcp", s.Addr) - if err != nil { - return errors.Wrap(err, "could not create listener") - } + return err } return s.Serve(l)
M internal/server/tls.go → internal/server/tls.go
@@ -2,11 +2,11 @@ package server import ( "context" - "crypto/tls" "crypto/x509" "net" "net/http" "strconv" + "website/internal/listenfd" "website/internal/log" "github.com/ardanlabs/conf/v3" @@ -95,8 +95,8 @@ } tlsConfig := cfg.TLSConfig() tlsConfig.NextProtos = append([]string{"h2", "http/1.1"}, tlsConfig.NextProtos...) - sln, err := tls.Listen( - "tcp", + sln, err := listenfd.GetListenerTLS( + 0, net.JoinHostPort(s.runtimeConfig.ListenAddress, strconv.Itoa(s.runtimeConfig.TLSPort)), tlsConfig, ) @@ -104,8 +104,8 @@ if err != nil { return errors.Wrap(err, "could not bind tls socket") } - ln, err := net.Listen( - "tcp", + ln, err := listenfd.GetListener( + 1, net.JoinHostPort(s.runtimeConfig.ListenAddress, strconv.Itoa(s.runtimeConfig.Port)), ) if err != nil {
M justfile → justfile
@@ -2,6 +2,9 @@ #!/usr/bin/env cached-nix-shell #!nix-shell -i "just --justfile" docker_registry := "registry.fly.io/alanpearce-eu" +listen_address := env_var_or_default("LISTEN_ADDRESS", "::1") +tls_port := env_var_or_default("TLS_PORT", "8443") +port := env_var_or_default("PORT", "8080") default: @just --list --justfile {{ justfile() }} --unsorted @@ -24,7 +27,7 @@ templ generate go run ./cmd/build dev: - modd + systemfd -s https::{{ listen_address }}:{{ tls_port }} -s http::{{ listen_address }}:{{ port }} -- modd ci: build check-links