acme-dns/main.go

//+build !test

package main

import (
	"crypto/tls"
	"flag"
	stdlog "log"
	"net/http"
	"os"
	"strings"
	"syscall"

	"github.com/julienschmidt/httprouter"
	"github.com/miekg/dns"
	"github.com/rs/cors"
	log "github.com/sirupsen/logrus"
	"golang.org/x/crypto/acme/autocert"
)

func main() {
	// Created files are not world writable
	syscall.Umask(0077)
	configPtr := flag.String("c", "/etc/acme-dns/config.cfg", "config file location")
	flag.Parse()
	// Read global config
	var err error
	if fileIsAccessible(*configPtr) {
		log.WithFields(log.Fields{"file": *configPtr}).Info("Using config file")
		Config, err = readConfig(*configPtr)
	} else if fileIsAccessible("./config.cfg") {
		log.WithFields(log.Fields{"file": "./config.cfg"}).Info("Using config file")
		Config, err = readConfig("./config.cfg")
	} else {
		log.Errorf("Configuration file not found.")
		os.Exit(1)
	}
	if err != nil {
		log.Errorf("Encountered an error while trying to read configuration file:  %s", err)
		os.Exit(1)
	}

	setupLogging(Config.Logconfig.Format, Config.Logconfig.Level)

	// Read the default records in
	RR.Parse(Config.General)

	// Open database
	newDB := new(acmedb)
	err = newDB.Init(Config.Database.Engine, Config.Database.Connection)
	if err != nil {
		log.Errorf("Could not open database [%v]", err)
		os.Exit(1)
	} else {
		log.Info("Connected to database")
	}
	DB = newDB
	defer DB.Close()

	// Error channel for servers
	errChan := make(chan error, 1)

	// DNS server
	if strings.HasPrefix(Config.General.Proto, "both") {
		// Handle the case where DNS server should be started for both udp and tcp
		udpProto := "udp"
		tcpProto := "tcp"
		if strings.HasSuffix(Config.General.Proto, "4") {
			udpProto += "4"
			tcpProto += "4"
		} else if strings.HasSuffix(Config.General.Proto, "6") {
			udpProto += "6"
			tcpProto += "6"
		}
		dnsServerUDP := setupDNSServer(udpProto)
		dnsServerTCP := setupDNSServer(tcpProto)
		go startDNS(dnsServerUDP, errChan)
		go startDNS(dnsServerTCP, errChan)
	} else {
		dnsServer := setupDNSServer(Config.General.Proto)
		go startDNS(dnsServer, errChan)
	}

	// HTTP API
	go startHTTPAPI(errChan)

	// block waiting for error
	select {
	case err = <-errChan:
		if err != nil {
			log.Fatal(err)
		}
	}
	log.Debugf("Shutting down...")
}

func startDNS(server *dns.Server, errChan chan error) {
	// DNS server part
	dns.HandleFunc(".", handleRequest)
	log.WithFields(log.Fields{"addr": Config.General.Listen, "proto": server.Net}).Info("Listening DNS")
	err := server.ListenAndServe()
	if err != nil {
		errChan <- err
	}
}

func setupDNSServer(proto string) *dns.Server {
	return &dns.Server{Addr: Config.General.Listen, Net: proto}
}

func startHTTPAPI(errChan chan error) {
	// Setup http logger
	logger := log.New()
	logwriter := logger.Writer()
	defer logwriter.Close()
	api := httprouter.New()
	c := cors.New(cors.Options{
		AllowedOrigins:     Config.API.CorsOrigins,
		AllowedMethods:     []string{"GET", "POST"},
		OptionsPassthrough: false,
		Debug:              Config.General.Debug,
	})
	if Config.General.Debug {
		// Logwriter for saner log output
		c.Log = stdlog.New(logwriter, "", 0)
	}
	if !Config.API.DisableRegistration {
		api.POST("/register", webRegisterPost)
	}
	api.POST("/update", Auth(webUpdatePost))
	api.GET("/health", healthCheck)

	host := Config.API.IP + ":" + Config.API.Port

	cfg := &tls.Config{
		MinVersion: tls.VersionTLS12,
	}
	var err error
	switch Config.API.TLS {
	case "letsencrypt":
		m := autocert.Manager{
			Cache:      autocert.DirCache(Config.API.ACMECacheDir),
			Prompt:     autocert.AcceptTOS,
			HostPolicy: autocert.HostWhitelist(Config.API.Domain),
		}
		autocerthost := Config.API.IP + ":" + Config.API.AutocertPort
		log.WithFields(log.Fields{"autocerthost": autocerthost, "domain": Config.API.Domain}).Debug("Opening HTTP port for autocert")
		go http.ListenAndServe(autocerthost, m.HTTPHandler(nil))
		cfg.GetCertificate = m.GetCertificate
		srv := &http.Server{
			Addr:      host,
			Handler:   c.Handler(api),
			TLSConfig: cfg,
			ErrorLog:  stdlog.New(logwriter, "", 0),
		}
		log.WithFields(log.Fields{"host": host, "domain": Config.API.Domain}).Info("Listening HTTPS, using certificate from autocert")
		err = srv.ListenAndServeTLS("", "")
	case "cert":
		srv := &http.Server{
			Addr:      host,
			Handler:   c.Handler(api),
			TLSConfig: cfg,
			ErrorLog:  stdlog.New(logwriter, "", 0),
		}
		log.WithFields(log.Fields{"host": host}).Info("Listening HTTPS")
		err = srv.ListenAndServeTLS(Config.API.TLSCertFullchain, Config.API.TLSCertPrivkey)
	default:
		log.WithFields(log.Fields{"host": host}).Info("Listening HTTP")
		err = http.ListenAndServe(host, c.Handler(api))
	}
	if err != nil {
		errChan <- err
	}
}
Skip main in tests for meaningful cover stats 2016-11-28 18:20:19 +07:00			`//+build !test`

Initial commit, PoC quality 2016-11-11 21:48:00 +07:00			`package main`

			`import (`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`"crypto/tls"`
Cmd line flag `-c` for config location (#108) Add command line parsing and a flag `-c` to specify where the config file should be loaded from. 2018-09-21 17:38:23 +07:00			`"flag"`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`stdlog "log"`
			`"net/http"`
Initial commit, PoC quality 2016-11-11 21:48:00 +07:00			`"os"`
Fix Docker instructions and add option to bind both UDP and TCP DNS listeners (#130) 2018-12-13 17:19:10 +07:00			`"strings"`
Use umask 0077 across the process in order to have the created files readable only by the acme-dns user (#102) 2018-08-13 00:06:54 +07:00			`"syscall"`
Fixed iris version to v5 api (#9) 2017-01-30 17:19:22 +07:00
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`"github.com/julienschmidt/httprouter"`
Better error handling in goroutines (#122) * More robust goroutine error handling using channels * Fix tests and make startup log msg saner * Clarification to README and config file 2018-10-31 05:54:51 +07:00			`"github.com/miekg/dns"`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`"github.com/rs/cors"`
Use iris v6 and Go 1.8+ (#10) * Quick fixes to bring framework up to date * Script for test running, api tests need complete rewrite * Removed govendor from tests * Fix for AutoTLS 2017-08-02 23:25:27 +07:00			`log "github.com/sirupsen/logrus"`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`"golang.org/x/crypto/acme/autocert"`
Initial commit, PoC quality 2016-11-11 21:48:00 +07:00			`)`

			`func main() {`
Use umask 0077 across the process in order to have the created files readable only by the acme-dns user (#102) 2018-08-13 00:06:54 +07:00			`// Created files are not world writable`
			`syscall.Umask(0077)`
Cmd line flag `-c` for config location (#108) Add command line parsing and a flag `-c` to specify where the config file should be loaded from. 2018-09-21 17:38:23 +07:00			`configPtr := flag.String("c", "/etc/acme-dns/config.cfg", "config file location")`
			`flag.Parse()`
Refactoring, alpha v0.1 2016-11-13 19:50:44 +07:00			`// Read global config`
Added supplementary error checking (#99) * Added supplementary errorichecking * After running util.go through gofmt * Updated main and util * Minor updates to main and util * Slight refactoring * Add tests 2018-08-12 22:49:17 +07:00			`var err error`
Cmd line flag `-c` for config location (#108) Add command line parsing and a flag `-c` to specify where the config file should be loaded from. 2018-09-21 17:38:23 +07:00			`if fileIsAccessible(*configPtr) {`
			`log.WithFields(log.Fields{"file": *configPtr}).Info("Using config file")`
			`Config, err = readConfig(*configPtr)`
Added supplementary error checking (#99) * Added supplementary errorichecking * After running util.go through gofmt * Updated main and util * Minor updates to main and util * Slight refactoring * Add tests 2018-08-12 22:49:17 +07:00			`} else if fileIsAccessible("./config.cfg") {`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`log.WithFields(log.Fields{"file": "./config.cfg"}).Info("Using config file")`
Added supplementary error checking (#99) * Added supplementary errorichecking * After running util.go through gofmt * Updated main and util * Minor updates to main and util * Slight refactoring * Add tests 2018-08-12 22:49:17 +07:00			`Config, err = readConfig("./config.cfg")`
			`} else {`
			`log.Errorf("Configuration file not found.")`
			`os.Exit(1)`
			`}`
			`if err != nil {`
			`log.Errorf("Encountered an error while trying to read configuration file: %s", err)`
			`os.Exit(1)`
Try to read config from under /etc (#18) 2017-11-14 05:42:30 +07:00			`}`
Refactoring 2016-11-23 22:11:31 +07:00
Try to read config from under /etc (#18) 2017-11-14 05:42:30 +07:00			`setupLogging(Config.Logconfig.Format, Config.Logconfig.Level)`
Refactoring, alpha v0.1 2016-11-13 19:50:44 +07:00
			`// Read the default records in`
Try to read config from under /etc (#18) 2017-11-14 05:42:30 +07:00			`RR.Parse(Config.General)`
Initial commit, PoC quality 2016-11-11 21:48:00 +07:00
			`// Open database`
Made DB an interface 2016-11-28 04:21:46 +07:00			`newDB := new(acmedb)`
Added supplementary error checking (#99) * Added supplementary errorichecking * After running util.go through gofmt * Updated main and util * Minor updates to main and util * Slight refactoring * Add tests 2018-08-12 22:49:17 +07:00			`err = newDB.Init(Config.Database.Engine, Config.Database.Connection)`
Initial commit, PoC quality 2016-11-11 21:48:00 +07:00			`if err != nil {`
			`log.Errorf("Could not open database [%v]", err)`
			`os.Exit(1)`
Support for multiple TXT records per subdomain (#29) * Support for multiple TXT records per subdomain and database upgrade functionality * Linter fixes * Make sure the database upgrade routine works for PostgreSQL * Move subdomain query outside of the upgrade transaction 2018-01-22 14:53:07 +07:00			`} else {`
			`log.Info("Connected to database")`
Initial commit, PoC quality 2016-11-11 21:48:00 +07:00			`}`
Made DB an interface 2016-11-28 04:21:46 +07:00			`DB = newDB`
			`defer DB.Close()`
Initial commit, PoC quality 2016-11-11 21:48:00 +07:00
Better error handling in goroutines (#122) * More robust goroutine error handling using channels * Fix tests and make startup log msg saner * Clarification to README and config file 2018-10-31 05:54:51 +07:00			`// Error channel for servers`
			`errChan := make(chan error, 1)`

Refactoring 2016-11-28 02:21:38 +07:00			`// DNS server`
Fix Docker instructions and add option to bind both UDP and TCP DNS listeners (#130) 2018-12-13 17:19:10 +07:00			`if strings.HasPrefix(Config.General.Proto, "both") {`
			`// Handle the case where DNS server should be started for both udp and tcp`
			`udpProto := "udp"`
			`tcpProto := "tcp"`
			`if strings.HasSuffix(Config.General.Proto, "4") {`
			`udpProto += "4"`
			`tcpProto += "4"`
			`} else if strings.HasSuffix(Config.General.Proto, "6") {`
			`udpProto += "6"`
			`tcpProto += "6"`
			`}`
			`dnsServerUDP := setupDNSServer(udpProto)`
			`dnsServerTCP := setupDNSServer(tcpProto)`
			`go startDNS(dnsServerUDP, errChan)`
			`go startDNS(dnsServerTCP, errChan)`
			`} else {`
			`dnsServer := setupDNSServer(Config.General.Proto)`
			`go startDNS(dnsServer, errChan)`
			`}`
Initial commit, PoC quality 2016-11-11 21:48:00 +07:00
Refactoring main.go 2016-11-28 03:09:13 +07:00			`// HTTP API`
Better error handling in goroutines (#122) * More robust goroutine error handling using channels * Fix tests and make startup log msg saner * Clarification to README and config file 2018-10-31 05:54:51 +07:00			`go startHTTPAPI(errChan)`
Refactoring main.go 2016-11-28 03:09:13 +07:00
Better error handling in goroutines (#122) * More robust goroutine error handling using channels * Fix tests and make startup log msg saner * Clarification to README and config file 2018-10-31 05:54:51 +07:00			`// block waiting for error`
			`select {`
			`case err = <-errChan:`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`}`
Initial commit, PoC quality 2016-11-11 21:48:00 +07:00			`log.Debugf("Shutting down...")`
			`}`
Moved HTTP server methods to main 2016-11-28 18:09:10 +07:00
Better error handling in goroutines (#122) * More robust goroutine error handling using channels * Fix tests and make startup log msg saner * Clarification to README and config file 2018-10-31 05:54:51 +07:00			`func startDNS(server *dns.Server, errChan chan error) {`
			`// DNS server part`
			`dns.HandleFunc(".", handleRequest)`
Fix Docker instructions and add option to bind both UDP and TCP DNS listeners (#130) 2018-12-13 17:19:10 +07:00			`log.WithFields(log.Fields{"addr": Config.General.Listen, "proto": server.Net}).Info("Listening DNS")`
Better error handling in goroutines (#122) * More robust goroutine error handling using channels * Fix tests and make startup log msg saner * Clarification to README and config file 2018-10-31 05:54:51 +07:00			`err := server.ListenAndServe()`
			`if err != nil {`
			`errChan <- err`
			`}`
			`}`

Fix Docker instructions and add option to bind both UDP and TCP DNS listeners (#130) 2018-12-13 17:19:10 +07:00			`func setupDNSServer(proto string) *dns.Server {`
			`return &dns.Server{Addr: Config.General.Listen, Net: proto}`
Better error handling in goroutines (#122) * More robust goroutine error handling using channels * Fix tests and make startup log msg saner * Clarification to README and config file 2018-10-31 05:54:51 +07:00			`}`

			`func startHTTPAPI(errChan chan error) {`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`// Setup http logger`
			`logger := log.New()`
			`logwriter := logger.Writer()`
			`defer logwriter.Close()`
			`api := httprouter.New()`
			`c := cors.New(cors.Options{`
Try to read config from under /etc (#18) 2017-11-14 05:42:30 +07:00			`AllowedOrigins: Config.API.CorsOrigins,`
Moved HTTP server methods to main 2016-11-28 18:09:10 +07:00			`AllowedMethods: []string{"GET", "POST"},`
			`OptionsPassthrough: false,`
Try to read config from under /etc (#18) 2017-11-14 05:42:30 +07:00			`Debug: Config.General.Debug,`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`})`
Make cors messages respect the debug flag (#25) 2017-11-16 02:35:35 +07:00			`if Config.General.Debug {`
			`// Logwriter for saner log output`
			`c.Log = stdlog.New(logwriter, "", 0)`
			`}`
Add configuration option to disable registration endpoint (#51) 2018-03-15 04:35:39 +07:00			`if !Config.API.DisableRegistration {`
			`api.POST("/register", webRegisterPost)`
			`}`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`api.POST("/update", Auth(webUpdatePost))`
Added http health check endpoint. (#137) * Added http health check endpoint. * Fixed performing POST on GET endpoint. * Explicitly return http status 200 in health check endpoint. * Updated changelog. 2019-01-26 00:22:53 +07:00			`api.GET("/health", healthCheck)`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00
			`host := Config.API.IP + ":" + Config.API.Port`

			`cfg := &tls.Config{`
			`MinVersion: tls.VersionTLS12,`
			`}`
Better error handling in goroutines (#122) * More robust goroutine error handling using channels * Fix tests and make startup log msg saner * Clarification to README and config file 2018-10-31 05:54:51 +07:00			`var err error`
Try to read config from under /etc (#18) 2017-11-14 05:42:30 +07:00			`switch Config.API.TLS {`
Moved HTTP server methods to main 2016-11-28 18:09:10 +07:00			`case "letsencrypt":`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`m := autocert.Manager{`
Make ACME cache directory location configurable (#81) * Remove trailing whitespace from README and config * Make ACME cache directory location configurable 2018-05-14 17:42:39 +07:00			`Cache: autocert.DirCache(Config.API.ACMECacheDir),`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`Prompt: autocert.AcceptTOS,`
			`HostPolicy: autocert.HostWhitelist(Config.API.Domain),`
			`}`
Make autocert use HTTP-01 challenge instead of TLS-SNI (#36) 2018-02-01 15:53:34 +07:00			`autocerthost := Config.API.IP + ":" + Config.API.AutocertPort`
			`log.WithFields(log.Fields{"autocerthost": autocerthost, "domain": Config.API.Domain}).Debug("Opening HTTP port for autocert")`
			`go http.ListenAndServe(autocerthost, m.HTTPHandler(nil))`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`cfg.GetCertificate = m.GetCertificate`
			`srv := &http.Server{`
			`Addr: host,`
			`Handler: c.Handler(api),`
			`TLSConfig: cfg,`
			`ErrorLog: stdlog.New(logwriter, "", 0),`
			`}`
Make autocert use HTTP-01 challenge instead of TLS-SNI (#36) 2018-02-01 15:53:34 +07:00			`log.WithFields(log.Fields{"host": host, "domain": Config.API.Domain}).Info("Listening HTTPS, using certificate from autocert")`
Better error handling in goroutines (#122) * More robust goroutine error handling using channels * Fix tests and make startup log msg saner * Clarification to README and config file 2018-10-31 05:54:51 +07:00			`err = srv.ListenAndServeTLS("", "")`
Moved HTTP server methods to main 2016-11-28 18:09:10 +07:00			`case "cert":`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`srv := &http.Server{`
			`Addr: host,`
			`Handler: c.Handler(api),`
			`TLSConfig: cfg,`
			`ErrorLog: stdlog.New(logwriter, "", 0),`
			`}`
			`log.WithFields(log.Fields{"host": host}).Info("Listening HTTPS")`
Better error handling in goroutines (#122) * More robust goroutine error handling using channels * Fix tests and make startup log msg saner * Clarification to README and config file 2018-10-31 05:54:51 +07:00			`err = srv.ListenAndServeTLS(Config.API.TLSCertFullchain, Config.API.TLSCertPrivkey)`
Moved HTTP server methods to main 2016-11-28 18:09:10 +07:00			`default:`
Get rid of Iris and use julienschmidt/httprouter instead (#20) * Replace iris with httprouter * Linter fixes * Finalize iris removal * Vendor dependencies for reproducable builds * Api tests are back 2017-11-15 04:54:29 +07:00			`log.WithFields(log.Fields{"host": host}).Info("Listening HTTP")`
Better error handling in goroutines (#122) * More robust goroutine error handling using channels * Fix tests and make startup log msg saner * Clarification to README and config file 2018-10-31 05:54:51 +07:00			`err = http.ListenAndServe(host, c.Handler(api))`
			`}`
			`if err != nil {`
			`errChan <- err`
Moved HTTP server methods to main 2016-11-28 18:09:10 +07:00			`}`
			`}`