2019-10-15 16:39:51 +03:00
// Copyright 2019 The Gitea Authors. All rights reserved.
2022-11-27 21:20:29 +03:00
// SPDX-License-Identifier: MIT
2019-10-15 16:39:51 +03:00
// This code is highly inspired by endless go
package graceful
import (
"crypto/tls"
"net"
"os"
"strings"
"sync"
2020-02-07 12:08:09 +03:00
"sync/atomic"
2019-10-15 16:39:51 +03:00
"syscall"
"time"
"code.gitea.io/gitea/modules/log"
2022-08-21 21:20:43 +03:00
"code.gitea.io/gitea/modules/proxyprotocol"
2021-06-11 00:25:25 +03:00
"code.gitea.io/gitea/modules/setting"
2019-10-15 16:39:51 +03:00
)
2023-11-15 17:02:46 +03:00
// GetListener returns a net listener
// This determines the implementation of net.Listener which the server will use,
// so that downstreams could provide their own Listener, such as with a hidden service or a p2p network
Allow the use of alternative net.Listener implementations by downstreams (#25855)
This is a simple PR which moves the `GetListener` function to a
`DefaultGetListener` function, and changes `GetListener` to be a
variable which by default points to the `DefaultGetListener` function.
This allows people who may exist quasi-downstream of Gitea to create
alternate "GetListener" functions, with identical signatures, which
return different implementations of the `net.Listener` interface. This
approach is expressly intended to be non-invasive and have the least
possible impact on the gitea codebase. A previous version of this idea
was rejected before: https://github.com/go-gitea/gitea/issues/15544 but
because of issues like: https://github.com/go-gitea/gitea/issues/22335 I
**really** think that recommending people configure proxies by hand is
exactly the wrong way to do things(This is why there is a Tor Browser.).
This tiny change lets me put proper hidden service configuration into
single `i2p.go` file which lives in `modules/graceful/` and which never
has to be checked in to your codebase or affect your dependencies or
bloat your project in any way, it can live on a branch in my fork and
I'll fast-forward every release and never the twain shall meet.
The main use-case for this is to listen on Peer-to-Peer networks and
Hidden Services directly without error-prone and cumbersome
port-forwarding configuration. For instance, I might implement an
"I2PGetListener" as follows:
```Go
// adapted from i2p.go which is unchecked-in in my modules/graceful/ directory
import "github.com/eyedeekay/onramp"
var garlic = &onramp.Garlic{}
func I2PGetListener(network, address string) (net.Listener, error) {
// Add a deferral to say that we've tried to grab a listener
defer GetManager().InformCleanup()
switch network {
case "tcp", "tcp4", "tcp6", "i2p", "i2pt":
return garlic.Listen()
case "unix", "unixpacket":
// I2P isn't really a replacement for the stuff you use Unix sockets for and it's also not an anonymity risk, so treat them normally
unixAddr, err := net.ResolveUnixAddr(network, address)
if err != nil {
return nil, err
}
return GetListenerUnix(network, unixAddr)
default:
return nil, net.UnknownNetworkError(network)
}
}
```
I could then substitute that GetListener function and be 50% of the way
to having a fully-functioning gitea-over-hidden-services instance
without any additional configuration(The other 50% doesn't require any
code-changes on gitea's part).
There are 2 advantages here, one being convenience, first this turns
hidden services into a zero-configuration option for self-hosting gitea,
and second safety, these Go libraries are passing around
hidden-service-only versions of the net.Addr struct, they're using
hidden-service-only versions of the sockets, which are both expressly
designed to never require access to any information outside the hidden
service network, manipulating the application so it reveals information
about the host becomes much more difficult, and some attacks become
nearly impossible. It also opens up TLS-over-Hidden Services support
which is niche right now, of course, but in a future where gitea
instances federate if hidden services want to be part of the federation
they're probably going to need TLS certificates. They don't need to be
painful to set up.
This doesn't fix an open issue, but it might affect:
- https://github.com/go-gitea/gitea/issues/22335 - my `i2p.go` file
actually has a mod that fixes this but it requires adding a handful of
new dependencies to gitea and isn't compatible with the normal way you
guys recommend using a proxy so I don't think it's ready to send to you
as a PR, but if I can find a non-invasive way to fix it I will.
- https://github.com/go-gitea/gitea/issues/18240
I hereby agree to the Code of Conduct published here:
https://github.com/go-gitea/gitea/blob/8b89563bf1031089a218e6d05dc61047281b35ee/CODE_OF_CONDUCT.md
I have read and understood the recommendations published here:
https://github.com/go-gitea/gitea/blob/8b89563bf1031089a218e6d05dc61047281b35ee/CONTRIBUTING.md
Thank you for your consideration.
---------
Co-authored-by: eyedeekay <idk@mulder>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-07-24 10:18:17 +03:00
var GetListener = DefaultGetListener
2019-10-15 16:39:51 +03:00
// ServeFunction represents a listen.Accept loop
type ServeFunction = func ( net . Listener ) error
// Server represents our graceful server
type Server struct {
2021-06-11 00:25:25 +03:00
network string
address string
listener net . Listener
wg sync . WaitGroup
state state
lock * sync . RWMutex
BeforeBegin func ( network , address string )
OnShutdown func ( )
PerWriteTimeout time . Duration
PerWritePerKbTimeout time . Duration
2019-10-23 18:32:19 +03:00
}
2019-10-15 16:39:51 +03:00
// NewServer creates a server on network at provided address
2021-03-08 05:43:59 +03:00
func NewServer ( network , address , name string ) * Server {
2019-12-15 12:51:28 +03:00
if GetManager ( ) . IsChild ( ) {
2021-03-08 05:43:59 +03:00
log . Info ( "Restarting new %s server: %s:%s on PID: %d" , name , network , address , os . Getpid ( ) )
2019-10-15 16:39:51 +03:00
} else {
2021-03-08 05:43:59 +03:00
log . Info ( "Starting new %s server: %s:%s on PID: %d" , name , network , address , os . Getpid ( ) )
2019-10-15 16:39:51 +03:00
}
srv := & Server {
2021-06-11 00:25:25 +03:00
wg : sync . WaitGroup { } ,
state : stateInit ,
lock : & sync . RWMutex { } ,
network : network ,
address : address ,
PerWriteTimeout : setting . PerWriteTimeout ,
PerWritePerKbTimeout : setting . PerWritePerKbTimeout ,
2019-10-15 16:39:51 +03:00
}
srv . BeforeBegin = func ( network , addr string ) {
log . Debug ( "Starting server on %s:%s (PID: %d)" , network , addr , syscall . Getpid ( ) )
}
return srv
}
// ListenAndServe listens on the provided network address and then calls Serve
// to handle requests on incoming connections.
2022-08-21 21:20:43 +03:00
func ( srv * Server ) ListenAndServe ( serve ServeFunction , useProxyProtocol bool ) error {
2019-11-21 21:32:02 +03:00
go srv . awaitShutdown ( )
2019-10-15 16:39:51 +03:00
2022-08-21 21:20:43 +03:00
listener , err := GetListener ( srv . network , srv . address )
2019-10-15 16:39:51 +03:00
if err != nil {
log . Error ( "Unable to GetListener: %v" , err )
return err
}
2022-08-21 21:20:43 +03:00
// we need to wrap the listener to take account of our lifecycle
listener = newWrappedListener ( listener , srv )
// Now we need to take account of ProxyProtocol settings...
if useProxyProtocol {
listener = & proxyprotocol . Listener {
Listener : listener ,
ProxyHeaderTimeout : setting . ProxyProtocolHeaderTimeout ,
AcceptUnknown : setting . ProxyProtocolAcceptUnknown ,
}
}
srv . listener = listener
2019-10-15 16:39:51 +03:00
srv . BeforeBegin ( srv . network , srv . address )
return srv . Serve ( serve )
}
// ListenAndServeTLSConfig listens on the provided network address and then calls
// Serve to handle requests on incoming TLS connections.
2022-08-21 21:20:43 +03:00
func ( srv * Server ) ListenAndServeTLSConfig ( tlsConfig * tls . Config , serve ServeFunction , useProxyProtocol , proxyProtocolTLSBridging bool ) error {
2019-11-21 21:32:02 +03:00
go srv . awaitShutdown ( )
2019-10-15 16:39:51 +03:00
2021-11-20 09:12:43 +03:00
if tlsConfig . MinVersion == 0 {
tlsConfig . MinVersion = tls . VersionTLS12
}
2020-09-03 01:37:49 +03:00
2022-08-21 21:20:43 +03:00
listener , err := GetListener ( srv . network , srv . address )
2019-10-15 16:39:51 +03:00
if err != nil {
log . Error ( "Unable to get Listener: %v" , err )
return err
}
2022-08-21 21:20:43 +03:00
// we need to wrap the listener to take account of our lifecycle
listener = newWrappedListener ( listener , srv )
// Now we need to take account of ProxyProtocol settings... If we're not bridging then we expect that the proxy will forward the connection to us
if useProxyProtocol && ! proxyProtocolTLSBridging {
listener = & proxyprotocol . Listener {
Listener : listener ,
ProxyHeaderTimeout : setting . ProxyProtocolHeaderTimeout ,
AcceptUnknown : setting . ProxyProtocolAcceptUnknown ,
}
}
// Now handle the tls protocol
listener = tls . NewListener ( listener , tlsConfig )
// Now if we're bridging then we need the proxy to tell us who we're bridging for...
if useProxyProtocol && proxyProtocolTLSBridging {
listener = & proxyprotocol . Listener {
Listener : listener ,
ProxyHeaderTimeout : setting . ProxyProtocolHeaderTimeout ,
AcceptUnknown : setting . ProxyProtocolAcceptUnknown ,
}
}
2019-10-15 16:39:51 +03:00
2022-08-21 21:20:43 +03:00
srv . listener = listener
2019-10-15 16:39:51 +03:00
srv . BeforeBegin ( srv . network , srv . address )
return srv . Serve ( serve )
}
// Serve accepts incoming HTTP connections on the wrapped listener l, creating a new
// service goroutine for each. The service goroutines read requests and then call
// handler to reply to them. Handler is typically nil, in which case the
// DefaultServeMux is used.
//
// In addition to the standard Serve behaviour each connection is added to a
// sync.Waitgroup so that all outstanding connections can be served before shutting
// down the server.
func ( srv * Server ) Serve ( serve ServeFunction ) error {
defer log . Debug ( "Serve() returning... (PID: %d)" , syscall . Getpid ( ) )
srv . setState ( stateRunning )
2019-12-15 12:51:28 +03:00
GetManager ( ) . RegisterServer ( )
2019-10-15 16:39:51 +03:00
err := serve ( srv . listener )
log . Debug ( "Waiting for connections to finish... (PID: %d)" , syscall . Getpid ( ) )
srv . wg . Wait ( )
srv . setState ( stateTerminate )
2019-12-15 12:51:28 +03:00
GetManager ( ) . ServerDone ( )
2019-10-15 16:39:51 +03:00
// use of closed means that the listeners are closed - i.e. we should be shutting down - return nil
2020-10-20 00:03:08 +03:00
if err == nil || strings . Contains ( err . Error ( ) , "use of closed" ) || strings . Contains ( err . Error ( ) , "http: Server closed" ) {
2019-10-15 16:39:51 +03:00
return nil
}
return err
}
func ( srv * Server ) getState ( ) state {
srv . lock . RLock ( )
defer srv . lock . RUnlock ( )
return srv . state
}
func ( srv * Server ) setState ( st state ) {
srv . lock . Lock ( )
defer srv . lock . Unlock ( )
srv . state = st
}
2019-11-21 21:32:02 +03:00
type filer interface {
File ( ) ( * os . File , error )
}
2019-10-15 16:39:51 +03:00
type wrappedListener struct {
net . Listener
stopped bool
server * Server
}
func newWrappedListener ( l net . Listener , srv * Server ) * wrappedListener {
return & wrappedListener {
Listener : l ,
server : srv ,
}
}
func ( wl * wrappedListener ) Accept ( ) ( net . Conn , error ) {
var c net . Conn
// Set keepalive on TCPListeners connections.
if tcl , ok := wl . Listener . ( * net . TCPListener ) ; ok {
tc , err := tcl . AcceptTCP ( )
if err != nil {
return nil , err
}
_ = tc . SetKeepAlive ( true ) // see http.tcpKeepAliveListener
_ = tc . SetKeepAlivePeriod ( 3 * time . Minute ) // see http.tcpKeepAliveListener
c = tc
} else {
var err error
c , err = wl . Listener . Accept ( )
if err != nil {
return nil , err
}
}
2020-02-07 12:08:09 +03:00
closed := int32 ( 0 )
2021-10-12 23:55:18 +03:00
c = & wrappedConn {
2021-06-11 00:25:25 +03:00
Conn : c ,
server : wl . server ,
closed : & closed ,
perWriteTimeout : wl . server . PerWriteTimeout ,
perWritePerKbTimeout : wl . server . PerWritePerKbTimeout ,
2019-10-15 16:39:51 +03:00
}
wl . server . wg . Add ( 1 )
return c , nil
}
func ( wl * wrappedListener ) Close ( ) error {
if wl . stopped {
return syscall . EINVAL
}
wl . stopped = true
return wl . Listener . Close ( )
}
func ( wl * wrappedListener ) File ( ) ( * os . File , error ) {
// returns a dup(2) - FD_CLOEXEC flag *not* set so the listening socket can be passed to child processes
return wl . Listener . ( filer ) . File ( )
}
type wrappedConn struct {
net . Conn
2021-06-11 00:25:25 +03:00
server * Server
closed * int32
deadline time . Time
perWriteTimeout time . Duration
perWritePerKbTimeout time . Duration
2019-10-15 16:39:51 +03:00
}
2021-10-12 23:55:18 +03:00
func ( w * wrappedConn ) Write ( p [ ] byte ) ( n int , err error ) {
2021-06-11 00:25:25 +03:00
if w . perWriteTimeout > 0 {
minTimeout := time . Duration ( len ( p ) / 1024 ) * w . perWritePerKbTimeout
minDeadline := time . Now ( ) . Add ( minTimeout ) . Add ( w . perWriteTimeout )
w . deadline = w . deadline . Add ( minTimeout )
if minDeadline . After ( w . deadline ) {
w . deadline = minDeadline
}
_ = w . Conn . SetWriteDeadline ( w . deadline )
2021-05-14 15:26:03 +03:00
}
return w . Conn . Write ( p )
}
2021-10-12 23:55:18 +03:00
func ( w * wrappedConn ) Close ( ) error {
2020-02-07 12:08:09 +03:00
if atomic . CompareAndSwapInt32 ( w . closed , 0 , 1 ) {
2020-04-27 03:01:06 +03:00
defer func ( ) {
if err := recover ( ) ; err != nil {
select {
case <- GetManager ( ) . IsHammer ( ) :
// Likely deadlocked request released at hammertime
log . Warn ( "Panic during connection close! %v. Likely there has been a deadlocked request which has been released by forced shutdown." , err )
default :
log . Error ( "Panic during connection close! %v" , err )
}
}
} ( )
2019-10-15 16:39:51 +03:00
w . server . wg . Done ( )
}
2020-02-07 12:08:09 +03:00
return w . Conn . Close ( )
2019-10-15 16:39:51 +03:00
}