From f896c1a9ac5efd45a859667fd98f25a1684b234b Mon Sep 17 00:00:00 2001 From: Ingo Oppermann Date: Mon, 10 Oct 2022 14:54:35 +0200 Subject: [PATCH] Fix datarhei/restreamer#425 --- app/api/api.go | 155 +++++++++++++++++++++++++------------------------ 1 file changed, 80 insertions(+), 75 deletions(-) diff --git a/app/api/api.go b/app/api/api.go index 647da500..6daff68f 100644 --- a/app/api/api.go +++ b/app/api/api.go @@ -649,98 +649,102 @@ func (a *api) start() error { var autocertManager *certmagic.Config - if cfg.TLS.Enable && cfg.TLS.Auto { - if len(cfg.Host.Name) == 0 { - return fmt.Errorf("at least one host must be provided in host.name or RS_HOST_NAME") - } + if cfg.TLS.Enable { + if cfg.TLS.Auto { + if len(cfg.Host.Name) == 0 { + return fmt.Errorf("at least one host must be provided in host.name or RS_HOST_NAME") + } - certmagic.DefaultACME.Agreed = true - certmagic.DefaultACME.Email = cfg.TLS.Email - certmagic.DefaultACME.CA = certmagic.LetsEncryptProductionCA - certmagic.DefaultACME.DisableHTTPChallenge = false - certmagic.DefaultACME.DisableTLSALPNChallenge = true - certmagic.DefaultACME.Logger = nil + certmagic.DefaultACME.Agreed = true + certmagic.DefaultACME.Email = cfg.TLS.Email + certmagic.DefaultACME.CA = certmagic.LetsEncryptProductionCA + certmagic.DefaultACME.DisableHTTPChallenge = false + certmagic.DefaultACME.DisableTLSALPNChallenge = true + certmagic.DefaultACME.Logger = nil - certmagic.Default.Storage = &certmagic.FileStorage{ - Path: cfg.DB.Dir + "/cert", - } - certmagic.Default.DefaultServerName = cfg.Host.Name[0] - certmagic.Default.Logger = nil - certmagic.Default.OnEvent = func(event string, data interface{}) { - message := "" - - switch data := data.(type) { - case string: - message = data - case fmt.Stringer: - message = data.String() + certmagic.Default.Storage = &certmagic.FileStorage{ + Path: cfg.DB.Dir + "/cert", } + certmagic.Default.DefaultServerName = cfg.Host.Name[0] + certmagic.Default.Logger = nil + certmagic.Default.OnEvent = func(event string, data interface{}) { + message := "" + + switch data := data.(type) { + case string: + message = data + case fmt.Stringer: + message = data.String() + } - if len(message) != 0 { - a.log.logger.core.WithComponent("certmagic").Info().WithField("event", event).Log(message) + if len(message) != 0 { + a.log.logger.core.WithComponent("certmagic").Info().WithField("event", event).Log(message) + } } - } - magic := certmagic.NewDefault() - acme := certmagic.NewACMEIssuer(magic, certmagic.DefaultACME) + magic := certmagic.NewDefault() + acme := certmagic.NewACMEIssuer(magic, certmagic.DefaultACME) - magic.Issuers = []certmagic.Issuer{acme} + magic.Issuers = []certmagic.Issuer{acme} - autocertManager = magic + autocertManager = magic - // Start temporary http server on configured port - tempserver := &gohttp.Server{ - Addr: cfg.Address, - Handler: acme.HTTPChallengeHandler(gohttp.HandlerFunc(func(w gohttp.ResponseWriter, r *gohttp.Request) { - w.WriteHeader(gohttp.StatusNotFound) - })), - ReadTimeout: 10 * time.Second, - WriteTimeout: 10 * time.Second, - MaxHeaderBytes: 1 << 20, - } + // Start temporary http server on configured port + tempserver := &gohttp.Server{ + Addr: cfg.Address, + Handler: acme.HTTPChallengeHandler(gohttp.HandlerFunc(func(w gohttp.ResponseWriter, r *gohttp.Request) { + w.WriteHeader(gohttp.StatusNotFound) + })), + ReadTimeout: 10 * time.Second, + WriteTimeout: 10 * time.Second, + MaxHeaderBytes: 1 << 20, + } - wg := sync.WaitGroup{} - wg.Add(1) + wg := sync.WaitGroup{} + wg.Add(1) - go func() { - tempserver.ListenAndServe() - wg.Done() - }() + go func() { + tempserver.ListenAndServe() + wg.Done() + }() - var certerror bool + var certerror bool - // For each domain, get the certificate - for _, host := range cfg.Host.Name { - logger := a.log.logger.core.WithComponent("Let's Encrypt").WithField("host", host) - logger.Info().Log("Acquiring certificate ...") + // For each domain, get the certificate + for _, host := range cfg.Host.Name { + logger := a.log.logger.core.WithComponent("Let's Encrypt").WithField("host", host) + logger.Info().Log("Acquiring certificate ...") - ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(5*time.Minute)) + ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(5*time.Minute)) - err := autocertManager.ManageSync(ctx, []string{host}) + err := autocertManager.ManageSync(ctx, []string{host}) - cancel() + cancel() - if err != nil { - logger.Error().WithField("error", err).Log("Failed to acquire certificate") - certerror = true - break - } + if err != nil { + logger.Error().WithField("error", err).Log("Failed to acquire certificate") + certerror = true + break + } - logger.Info().Log("Successfully acquired certificate") - } + logger.Info().Log("Successfully acquired certificate") + } - // Shut down the temporary http server - tempserver.Close() + // Shut down the temporary http server + tempserver.Close() - wg.Wait() + wg.Wait() - if certerror { - a.log.logger.core.Warn().Log("Continuing with disabled TLS") - autocertManager = nil - cfg.TLS.Enable = false + if certerror { + a.log.logger.core.Warn().Log("Continuing with disabled TLS") + autocertManager = nil + cfg.TLS.Enable = false + } else { + cfg.TLS.CertFile = "" + cfg.TLS.KeyFile = "" + } } else { - cfg.TLS.CertFile = "" - cfg.TLS.KeyFile = "" + a.log.logger.core.Info().Log("Enabling TLS with cert and key files") } } @@ -756,14 +760,15 @@ func (a *api) start() error { Collector: a.sessions.Collector("rtmp"), } - if autocertManager != nil && cfg.RTMP.EnableTLS { - config.TLSConfig = &tls.Config{ - GetCertificate: autocertManager.GetCertificate, - } - + if cfg.RTMP.EnableTLS { config.Logger = config.Logger.WithComponent("RTMP/S") a.log.logger.rtmps = a.log.logger.core.WithComponent("RTMPS").WithField("address", cfg.RTMP.AddressTLS) + if autocertManager != nil { + config.TLSConfig = &tls.Config{ + GetCertificate: autocertManager.GetCertificate, + } + } } rtmpserver, err := rtmp.New(config)