// Copyright 2014 The Gogs Authors. All rights reserved. // Use of this source code is governed by a MIT-style // license that can be found in the LICENSE file. package cmd import ( "fmt" "net" "net/http" "net/http/fcgi" _ "net/http/pprof" // Used for debugging if enabled and a web server is running "os" "strings" "code.gitea.io/gitea/modules/graceful" "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/routers" "code.gitea.io/gitea/routers/routes" context2 "github.com/gorilla/context" "github.com/unknwon/com" "github.com/urfave/cli" "golang.org/x/crypto/acme/autocert" ini "gopkg.in/ini.v1" ) // CmdWeb represents the available web sub-command. var CmdWeb = cli.Command{ Name: "web", Usage: "Start Gitea web server", Description: `Gitea web server is the only thing you need to run, and it takes care of all the other things for you`, Action: runWeb, Flags: []cli.Flag{ cli.StringFlag{ Name: "port, p", Value: "3000", Usage: "Temporary port number to prevent conflict", }, cli.StringFlag{ Name: "pid, P", Value: "/var/run/gitea.pid", Usage: "Custom pid file path", }, }, } func runHTTPRedirector() { source := fmt.Sprintf("%s:%s", setting.HTTPAddr, setting.PortToRedirect) dest := strings.TrimSuffix(setting.AppURL, "/") log.Info("Redirecting: %s to %s", source, dest) handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { target := dest + r.URL.Path if len(r.URL.RawQuery) > 0 { target += "?" + r.URL.RawQuery } http.Redirect(w, r, target, http.StatusTemporaryRedirect) }) var err = runHTTP(source, context2.ClearHandler(handler)) if err != nil { log.Fatal("Failed to start port redirection: %v", err) } } func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error { certManager := autocert.Manager{ Prompt: autocert.AcceptTOS, HostPolicy: autocert.HostWhitelist(domain), Cache: autocert.DirCache(directory), Email: email, } go func() { log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect) // all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here) var err = runHTTP(setting.HTTPAddr+":"+setting.PortToRedirect, certManager.HTTPHandler(http.HandlerFunc(runLetsEncryptFallbackHandler))) if err != nil { log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err) } }() return runHTTPSWithTLSConfig(listenAddr, certManager.TLSConfig(), context2.ClearHandler(m)) } func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) { if r.Method != "GET" && r.Method != "HEAD" { http.Error(w, "Use HTTPS", http.StatusBadRequest) return } // Remove the trailing slash at the end of setting.AppURL, the request // URI always contains a leading slash, which would result in a double // slash target := strings.TrimRight(setting.AppURL, "/") + r.URL.RequestURI() http.Redirect(w, r, target, http.StatusFound) } func runWeb(ctx *cli.Context) error { if os.Getppid() > 1 && len(os.Getenv("LISTEN_FDS")) > 0 { log.Info("Restarting Gitea on PID: %d from parent PID: %d", os.Getpid(), os.Getppid()) } else { log.Info("Starting Gitea on PID: %d", os.Getpid()) } // Set pid file setting if ctx.IsSet("pid") { setting.CustomPID = ctx.String("pid") } // Perform global initialization routers.GlobalInit() // Set up Macaron m := routes.NewMacaron() routes.RegisterRoutes(m) // Flag for port number in case first time run conflict. if ctx.IsSet("port") { setting.AppURL = strings.Replace(setting.AppURL, setting.HTTPPort, ctx.String("port"), 1) setting.HTTPPort = ctx.String("port") switch setting.Protocol { case setting.UnixSocket: case setting.FCGI: default: // Save LOCAL_ROOT_URL if port changed cfg := ini.Empty() if com.IsFile(setting.CustomConf) { // Keeps custom settings if there is already something. if err := cfg.Append(setting.CustomConf); err != nil { return fmt.Errorf("Failed to load custom conf '%s': %v", setting.CustomConf, err) } } defaultLocalURL := string(setting.Protocol) + "://" if setting.HTTPAddr == "0.0.0.0" { defaultLocalURL += "localhost" } else { defaultLocalURL += setting.HTTPAddr } defaultLocalURL += ":" + setting.HTTPPort + "/" cfg.Section("server").Key("LOCAL_ROOT_URL").SetValue(defaultLocalURL) if err := cfg.SaveTo(setting.CustomConf); err != nil { return fmt.Errorf("Error saving generated JWT Secret to custom config: %v", err) } } } listenAddr := setting.HTTPAddr if setting.Protocol != setting.UnixSocket { listenAddr += ":" + setting.HTTPPort } log.Info("Listen: %v://%s%s", setting.Protocol, listenAddr, setting.AppSubURL) if setting.LFS.StartServer { log.Info("LFS server enabled") } if setting.EnablePprof { go func() { log.Info("Starting pprof server on localhost:6060") log.Info("%v", http.ListenAndServe("localhost:6060", nil)) }() } var err error switch setting.Protocol { case setting.HTTP: NoHTTPRedirector() err = runHTTP(listenAddr, context2.ClearHandler(m)) case setting.HTTPS: if setting.EnableLetsEncrypt { err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, context2.ClearHandler(m)) break } if setting.RedirectOtherPort { go runHTTPRedirector() } else { NoHTTPRedirector() } err = runHTTPS(listenAddr, setting.CertFile, setting.KeyFile, context2.ClearHandler(m)) case setting.FCGI: NoHTTPRedirector() // FCGI listeners are provided as stdin - this is orthogonal to the LISTEN_FDS approach // in graceful and systemD NoMainListener() var listener net.Listener listener, err = net.Listen("tcp", listenAddr) if err != nil { log.Fatal("Failed to bind %s: %v", listenAddr, err) } defer func() { if err := listener.Close(); err != nil { log.Fatal("Failed to stop server: %v", err) } }() err = fcgi.Serve(listener, context2.ClearHandler(m)) case setting.UnixSocket: // This could potentially be inherited using LISTEN_FDS but currently // these cannot be inherited NoHTTPRedirector() NoMainListener() if err := os.Remove(listenAddr); err != nil && !os.IsNotExist(err) { log.Fatal("Failed to remove unix socket directory %s: %v", listenAddr, err) } var listener *net.UnixListener listener, err = net.ListenUnix("unix", &net.UnixAddr{Name: listenAddr, Net: "unix"}) if err != nil { break // Handle error after switch } // FIXME: add proper implementation of signal capture on all protocols // execute this on SIGTERM or SIGINT: listener.Close() if err = os.Chmod(listenAddr, os.FileMode(setting.UnixSocketPermission)); err != nil { log.Fatal("Failed to set permission of unix socket: %v", err) } err = http.Serve(listener, context2.ClearHandler(m)) default: log.Fatal("Invalid protocol: %s", setting.Protocol) } if err != nil { log.Critical("Failed to start server: %v", err) } log.Info("HTTP Listener: %s Closed", listenAddr) graceful.Manager.WaitForServers() graceful.Manager.WaitForTerminate() log.Close() return nil }