From e29149ae9b0cd31f38beb38b0f4ea4e1599f4d93 Mon Sep 17 00:00:00 2001 From: Alan Pearce Date: Fri, 28 Jun 2024 16:54:42 +0200 Subject: use socket passing also for TLS --- internal/listenfd/listenfd.go | 30 +++++++++++++++++++++++++++++- internal/server/tcp.go | 17 ++--------------- internal/server/tls.go | 10 +++++----- justfile | 5 ++++- 4 files changed, 40 insertions(+), 22 deletions(-) diff --git a/internal/listenfd/listenfd.go b/internal/listenfd/listenfd.go index 7d020b0..72259aa 100644 --- a/internal/listenfd/listenfd.go +++ b/internal/listenfd/listenfd.go @@ -1,16 +1,44 @@ package listenfd import ( + "crypto/tls" "net" "os" "strconv" + "website/internal/log" "github.com/pkg/errors" ) const fdStart = 3 -func GetListener(i uint64) (net.Listener, error) { +func GetListener(i uint64, addr string) (l net.Listener, err error) { + l, err = getFDSocket(0) + if err != nil { + log.Warn("could not create listener from listenfd", "error", err) + } + + log.Debug("listener from listenfd?", "passed", l != nil) + if l == nil { + l, err = net.Listen("tcp", addr) + if err != nil { + return nil, errors.Wrap(err, "could not create listener") + } + } + + return +} + +func GetListenerTLS(i uint64, addr string, config *tls.Config) (l net.Listener, err error) { + l, err = GetListener(i, addr) + if err != nil { + return nil, err + } + + return tls.NewListener(l, config), nil +} + +func getFDSocket(i uint64) (net.Listener, error) { lfds, present := os.LookupEnv("LISTEN_FDS") if !present { return nil, nil diff --git a/internal/server/tcp.go b/internal/server/tcp.go index 4dc3314..b38da3d 100644 --- a/internal/server/tcp.go +++ b/internal/server/tcp.go @@ -1,26 +1,13 @@ package server import ( - "net" - "website/internal/listenfd" - "website/internal/log" - - "github.com/pkg/errors" ) func (s *Server) serveTCP() error { - l, err := listenfd.GetListener(0) + l, err := listenfd.GetListener(0, s.Addr) if err != nil { - log.Warn("could not create listener from listenfd", "error", err) - } - - log.Debug("listener from listenfd?", "passed", l != nil) - if l == nil { - l, err = net.Listen("tcp", s.Addr) - if err != nil { - return errors.Wrap(err, "could not create listener") - } + return err } return s.Serve(l) diff --git a/internal/server/tls.go b/internal/server/tls.go index f538f88..565958f 100644 --- a/internal/server/tls.go +++ b/internal/server/tls.go @@ -2,11 +2,11 @@ package server import ( "context" - "crypto/tls" "crypto/x509" "net" "net/http" "strconv" + "website/internal/listenfd" "website/internal/log" "github.com/ardanlabs/conf/v3" @@ -95,8 +95,8 @@ func (s *Server) serveTLS() (err error) { tlsConfig := cfg.TLSConfig() tlsConfig.NextProtos = append([]string{"h2", "http/1.1"}, tlsConfig.NextProtos...) - sln, err := tls.Listen( - "tcp", + sln, err := listenfd.GetListenerTLS( + 0, net.JoinHostPort(s.runtimeConfig.ListenAddress, strconv.Itoa(s.runtimeConfig.TLSPort)), tlsConfig, ) @@ -104,8 +104,8 @@ func (s *Server) serveTLS() (err error) { return errors.Wrap(err, "could not bind tls socket") } - ln, err := net.Listen( - "tcp", + ln, err := listenfd.GetListener( + 1, net.JoinHostPort(s.runtimeConfig.ListenAddress, strconv.Itoa(s.runtimeConfig.Port)), ) if err != nil { diff --git a/justfile b/justfile index f799c1b..aab1b65 100755 --- a/justfile +++ b/justfile @@ -2,6 +2,9 @@ #!nix-shell -i "just --justfile" docker_registry := "registry.fly.io/alanpearce-eu" +listen_address := env_var_or_default("LISTEN_ADDRESS", "::1") +tls_port := env_var_or_default("TLS_PORT", "8443") +port := env_var_or_default("PORT", "8080") default: @just --list --justfile {{ justfile() }} --unsorted @@ -24,7 +27,7 @@ build: go run ./cmd/build dev: - modd + systemfd -s https::{{ listen_address }}:{{ tls_port }} -s http::{{ listen_address }}:{{ port }} -- modd ci: build check-links -- cgit 1.4.1