acme-dns/main.go
Joona Hoikkala aa3e7e1b75
Migrate over to certmagic from using autocert (#190)
* Use certmagic for challenge validation

* WIP

* Get the correct key

* Override preflight check logic

* Fix logging for imported packages and tidy config.cfg

* Fix test and add docstrings

* Update README
2019-10-20 22:52:19 +03:00

214 lines
6.0 KiB
Go

//+build !test
package main
import (
"crypto/tls"
"flag"
stdlog "log"
"net/http"
"os"
"strings"
"syscall"
"github.com/go-acme/lego/v3/challenge/dns01"
legolog "github.com/go-acme/lego/v3/log"
"github.com/julienschmidt/httprouter"
"github.com/mholt/certmagic"
"github.com/rs/cors"
log "github.com/sirupsen/logrus"
)
func main() {
// Created files are not world writable
syscall.Umask(0077)
configPtr := flag.String("c", "/etc/acme-dns/config.cfg", "config file location")
flag.Parse()
// Read global config
var err error
if fileIsAccessible(*configPtr) {
log.WithFields(log.Fields{"file": *configPtr}).Info("Using config file")
Config, err = readConfig(*configPtr)
} else if fileIsAccessible("./config.cfg") {
log.WithFields(log.Fields{"file": "./config.cfg"}).Info("Using config file")
Config, err = readConfig("./config.cfg")
} else {
log.Errorf("Configuration file not found.")
os.Exit(1)
}
if err != nil {
log.Errorf("Encountered an error while trying to read configuration file: %s", err)
os.Exit(1)
}
setupLogging(Config.Logconfig.Format, Config.Logconfig.Level)
// Open database
newDB := new(acmedb)
err = newDB.Init(Config.Database.Engine, Config.Database.Connection)
if err != nil {
log.Errorf("Could not open database [%v]", err)
os.Exit(1)
} else {
log.Info("Connected to database")
}
DB = newDB
defer DB.Close()
// Error channel for servers
errChan := make(chan error, 1)
// DNS server
dnsservers := make([]*DNSServer, 0)
if strings.HasPrefix(Config.General.Proto, "both") {
// Handle the case where DNS server should be started for both udp and tcp
udpProto := "udp"
tcpProto := "tcp"
if strings.HasSuffix(Config.General.Proto, "4") {
udpProto += "4"
tcpProto += "4"
} else if strings.HasSuffix(Config.General.Proto, "6") {
udpProto += "6"
tcpProto += "6"
}
dnsServerUDP := NewDNSServer(DB, Config.General.Listen, udpProto, Config.General.Domain)
dnsservers = append(dnsservers, dnsServerUDP)
dnsServerUDP.ParseRecords(Config)
dnsServerTCP := NewDNSServer(DB, Config.General.Listen, tcpProto, Config.General.Domain)
dnsservers = append(dnsservers, dnsServerTCP)
// No need to parse records from config again
dnsServerTCP.Domains = dnsServerUDP.Domains
dnsServerTCP.SOA = dnsServerUDP.SOA
go dnsServerUDP.Start(errChan)
go dnsServerTCP.Start(errChan)
} else {
dnsServer := NewDNSServer(DB, Config.General.Listen, Config.General.Proto, Config.General.Domain)
dnsservers = append(dnsservers, dnsServer)
dnsServer.ParseRecords(Config)
go dnsServer.Start(errChan)
}
// HTTP API
go startHTTPAPI(errChan, Config, dnsservers)
// block waiting for error
select {
case err = <-errChan:
if err != nil {
log.Fatal(err)
}
}
log.Debugf("Shutting down...")
}
func startHTTPAPI(errChan chan error, config DNSConfig, dnsservers []*DNSServer) {
// Setup http logger
logger := log.New()
logwriter := logger.Writer()
defer logwriter.Close()
// Setup logging for different dependencies to log with logrus
// Certmagic
stdlog.SetOutput(logwriter)
// Lego
legolog.Logger = logger
api := httprouter.New()
c := cors.New(cors.Options{
AllowedOrigins: Config.API.CorsOrigins,
AllowedMethods: []string{"GET", "POST"},
OptionsPassthrough: false,
Debug: Config.General.Debug,
})
if Config.General.Debug {
// Logwriter for saner log output
c.Log = stdlog.New(logwriter, "", 0)
}
if !Config.API.DisableRegistration {
api.POST("/register", webRegisterPost)
}
api.POST("/update", Auth(webUpdatePost))
api.GET("/health", healthCheck)
host := Config.API.IP + ":" + Config.API.Port
// TLS specific general settings
cfg := &tls.Config{
MinVersion: tls.VersionTLS12,
}
provider := NewChallengeProvider(dnsservers)
// Override the validation options to mitigate issues with (lack of) 1:1 nat reflection
// for some network setups.
dnsopts := dns01.WrapPreCheck(func(_, _, _ string, _ dns01.PreCheckFunc) (bool, error) {
return true, nil
})
storage := certmagic.FileStorage{Path: Config.API.ACMECacheDir}
magicconf := certmagic.Config{
Agreed: true,
CA: certmagic.LetsEncryptStagingCA,
DNSProvider: &provider,
DNSChallengeOption: dnsopts,
DefaultServerName: Config.General.Domain,
Storage: &storage,
}
cache := certmagic.NewCache(certmagic.CacheOptions{
GetConfigForCert: func(cert certmagic.Certificate) (certmagic.Config, error) {
return magicconf, nil
},
})
var err error
switch Config.API.TLS {
case "letsencryptstaging":
magicconf.CA = certmagic.LetsEncryptStagingCA
certcfg := certmagic.New(cache, magicconf)
err = certcfg.ManageSync([]string{Config.General.Domain})
if err != nil {
errChan <- err
return
}
cfg.GetCertificate = certcfg.GetCertificate
srv := &http.Server{
Addr: host,
Handler: c.Handler(api),
TLSConfig: cfg,
ErrorLog: stdlog.New(logwriter, "", 0),
}
log.WithFields(log.Fields{"host": host, "domain": Config.General.Domain}).Info("Listening HTTPS")
err = srv.ListenAndServeTLS("", "")
case "letsencrypt":
magicconf.CA = certmagic.LetsEncryptProductionCA
certcfg := certmagic.New(cache, magicconf)
err = certcfg.ManageSync([]string{Config.General.Domain})
if err != nil {
errChan <- err
return
}
cfg.GetCertificate = certcfg.GetCertificate
srv := &http.Server{
Addr: host,
Handler: c.Handler(api),
TLSConfig: cfg,
ErrorLog: stdlog.New(logwriter, "", 0),
}
log.WithFields(log.Fields{"host": host, "domain": Config.General.Domain}).Info("Listening HTTPS")
err = srv.ListenAndServeTLS("", "")
case "cert":
srv := &http.Server{
Addr: host,
Handler: c.Handler(api),
TLSConfig: cfg,
ErrorLog: stdlog.New(logwriter, "", 0),
}
log.WithFields(log.Fields{"host": host}).Info("Listening HTTPS")
err = srv.ListenAndServeTLS(Config.API.TLSCertFullchain, Config.API.TLSCertPrivkey)
default:
log.WithFields(log.Fields{"host": host}).Info("Listening HTTP")
err = http.ListenAndServe(host, c.Handler(api))
}
if err != nil {
errChan <- err
}
}