From e14a6fd651f34c4fb300784d45a486527f1e3a20 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Fri, 6 Nov 2015 01:00:22 +0000 Subject: [PATCH] use caddy if available --- lib/local-server.js | 30 +++++++++++ lib/spawn-caddy.js | 127 ++++++++++++++++++++++++++++++++++++++++++++ master.js | 88 ++++++++++++++++++++++++------ worker.js | 6 ++- 4 files changed, 233 insertions(+), 18 deletions(-) create mode 100644 lib/local-server.js create mode 100644 lib/spawn-caddy.js diff --git a/lib/local-server.js b/lib/local-server.js new file mode 100644 index 0000000..9c6fa7b --- /dev/null +++ b/lib/local-server.js @@ -0,0 +1,30 @@ +'use strict'; + +module.exports.create = function (port, promiseApp) { + var PromiseA = require('bluebird'); + + return new PromiseA(function (resolve, reject) { + var server = require('http').createServer(); + + server.on('error', reject); + server.listen(port, 'localhost', function () { + console.log("Listening", server.address()); + resolve(server); + }); + + // Get up and listening as absolutely quickly as possible + server.on('request', function (req, res) { + // TODO move to caddy parser? + if (/(^|\.)proxyable\./.test(req.headers.host)) { + // device-id-12345678.proxyable.myapp.mydomain.com => myapp.mydomain.com + // proxyable.myapp.mydomain.com => myapp.mydomain.com + // TODO myapp.mydomain.com.proxyable.com => myapp.mydomain.com + req.headers.host = req.headers.host.replace(/.*\.?proxyable\./, ''); + } + + promiseApp().then(function (app) { + app(req, res); + }); + }); + }); +}; diff --git a/lib/spawn-caddy.js b/lib/spawn-caddy.js new file mode 100644 index 0000000..a0d0d2a --- /dev/null +++ b/lib/spawn-caddy.js @@ -0,0 +1,127 @@ +'use strict'; + +module.exports.create = function (/*config*/) { + var PromiseA = require('bluebird'); + var spawn = require('child_process').spawn; + var path = require('path'); + var caddypath = '/usr/local/bin/caddy'; + var caddyfilepath = path.join(__dirname, '..', 'Caddyfile'); + var sitespath = path.join(__dirname, '..', 'sites-enabled'); + var caddy; + var fs = require('fs'); + + + // TODO this should be expanded to include proxies a la proxydyn + function writeCaddyfile(conf) { + return new PromiseA(function (resolve, reject) { + fs.readdir(sitespath, function (err, nodes) { + if (err) { + reject(err); + return; + } + + conf.domains = nodes.filter(function (node) { + return /\./.test(node) && !/(^\.)|([\/\:\\])/.test(node); + }); + + var contents = tplCaddyfile(conf); + fs.writeFile(caddyfilepath, contents, 'utf8', function (err) { + if (err) { + reject(err); + return; + } + + resolve(); + }); + }); + }); + } + + function tplCaddyfile(conf) { + var contents = []; + + conf.domains.forEach(function (hostname) { + var content = ""; + + content+= "https://" + hostname + " {\n" + + " gzip\n" + + " tls " + + "/srv/walnut/certs/live/" + hostname + "/fullchain.pem " + + "/srv/walnut/certs/live/" + hostname + "/privkey.pem\n" + ; + + if (conf.locked) { + content += " root /srv/walnut/init.public/\n"; + } else { + content += " root /srv/walnut/sites-enabled/" + hostname + "/\n"; + } + + content += + " proxy /api http://localhost:" + conf.localPort.toString() + "\n" + // # TODO internal + + "}"; + + contents.push(content); + }); + + return contents.join('\n\n'); + } + + function spawnCaddy(conf) { + console.log('[CADDY] start'); + return writeCaddyfile(conf).then(function () { + if (caddy) { + caddy.kill('SIGUSR1'); + return; + + // TODO caddy.kill('SIGKILL'); if SIGTERM fails + // https://github.com/mholt/caddy/issues/107 + // SIGUSR1 + + //caddy.kill('SIGTERM'); + } + + caddy = spawn(caddypath, ['-conf', caddyfilepath], { stdio: ['ignore', 'pipe', 'pipe'] }); + caddy.stdout.on('data', function (str) { + console.error('[Caddy]', str.toString('utf8')); + }); + + caddy.stderr.on('data', function (errstr) { + console.error('[Caddy]', errstr.toString('utf8')); + }); + + caddy.on('close', function (code, signal) { + // TODO catch if caddy doesn't exist + console.log('[Caddy]'); + console.log(code, signal); + caddy = null; + setTimeout(function () { + spawnCaddy(conf); + }, 1 * 1000); + }); + + return caddy; + }); + } + + function sighup() { + if (caddy) { + caddy.kill('SIGUSR1'); + return; + } + + // sudo kill -s SIGUSR1 `cat caddy.pid` + fs.readFileAsync('/srv/walnut/caddy.pid', 'utf8').then(function (pid) { + console.log('[caddy] pid', pid); + caddy = spawn('/bin/kill', ['-s', 'SIGUSR1', pid]); + }); + } + + return { + spawn: spawnCaddy + , update: function (conf) { + return writeCaddyfile(conf).then(sighup); + } + , sighup: sighup + }; +}; diff --git a/master.js b/master.js index dbd8127..664a41c 100644 --- a/master.js +++ b/master.js @@ -3,11 +3,15 @@ console.log('\n\n\n[MASTER] Welcome to WALNUT!'); var PromiseA = require('bluebird'); +var fs = PromiseA.promisifyAll(require('fs')); var cluster = require('cluster'); -var numCores = require('os').cpus().length; -var securePort = process.argv[2] || 443; -var insecurePort = process.argv[3] || 80; -var secureServer; +var numForks = 0; +var numCores = Math.min(2, require('os').cpus().length); +var securePort = process.argv[2] || 443; // 443 +var insecurePort = process.argv[3] || 80; // 80 +var localPort = securePort; +var caddy; +var masterServer; var rootMasterKey; var redirects = require('./redirects.json'); @@ -17,9 +21,17 @@ var path = require('path'); var certPaths = [path.join(__dirname, 'certs', 'live')]; var promiseServer; var masterApp; +var caddyConf = { localPort: 4080, locked: true }; //console.log('\n.'); +function fork() { + if (numForks < numCores) { + numForks += 1; + cluster.fork(); + } +} + // Note that this function will be called async, after promiseServer is returned // it seems like a circular dependency, but it isn't... not exactly anyway function promiseApps() { @@ -27,17 +39,27 @@ function promiseApps() { return PromiseA.resolve(masterApp); } - masterApp = promiseServer.then(function (_secureServer) { - secureServer = _secureServer; - console.log("[MASTER] Listening on https://localhost:" + secureServer.address().port, '\n'); + masterApp = promiseServer.then(function (_masterServer) { + masterServer = _masterServer; + console.log("[MASTER] Listening on https://localhost:" + masterServer.address().port, '\n'); return require('./lib/unlock-device').create().then(function (result) { result.promise.then(function (_rootMasterKey) { var i; + caddyConf.locked = false; + if (caddy) { + caddy.update(caddyConf); + } rootMasterKey = _rootMasterKey; + if (numCores <= 2) { + // we're on one core, stagger the remaning + fork(); + return; + } + for (i = 0; i < numCores; i += 1) { - cluster.fork(); + fork(); } }); @@ -52,30 +74,61 @@ function promiseApps() { // TODO have a fallback server than can download and apply an update? require('./lib/insecure-server').create(securePort, insecurePort, redirects); //console.log('\n.'); -promiseServer = require('./lib/sni-server').create(certPaths, securePort, promiseApps); +promiseServer = fs.existsAsync('/usr/local/bin/caddy').then(function () { + console.log("Caddy is not present"); + // Caddy DOES NOT exist, use our node sni-server + return require('./lib/sni-server').create(certPaths, localPort, promiseApps); +}, function () { + console.log("Caddy is present (assumed running)"); + // Caddy DOES exist, use our http server without sni + localPort = caddyConf.localPort; + caddy = require('./lib/spawn-caddy').create(); + + return caddy.spawn(caddyConf).then(function () { + console.log("caddy has spawned"); + //return caddy.update(caddyConf).then(function () { + // console.log("caddy is updating"); + + setInterval(function () { + console.log('SIGUSR1 to caddy'); + return caddy.update(caddyConf); + }, 60 * 1000); + + return require('./lib/local-server').create(localPort, promiseApps); + //}); + }); +}); + //console.log('\n.'); cluster.on('online', function (worker) { console.log('[MASTER] Worker ' + worker.process.pid + ' is online'); - if (secureServer) { + fork(); + + if (masterServer) { // NOTE: it's possible that this could survive idle for a while through keep-alive // should default to connection: close - secureServer.close(); - secureServer = null; + masterServer.close(); + masterServer = null; setTimeout(function () { // TODO use `id' to find user's uid / gid and set to file // TODO set immediately? - process.setgid(1000); - process.setuid(1000); + if (!caddy) { + // TODO what about caddy + process.setgid(1000); + process.setuid(1000); + } }, 1000); } + console.log("securePort", securePort); worker.send({ type: 'init' - , securePort: securePort - , certPaths: certPaths + , securePort: localPort + , certPaths: caddy ? null : certPaths }); + worker.on('message', function (msg) { console.log('message from worker'); console.log(msg); @@ -83,8 +136,9 @@ cluster.on('online', function (worker) { }); cluster.on('exit', function (worker, code, signal) { + numForks -= 1; console.log('[MASTER] Worker ' + worker.process.pid + ' died with code: ' + code + ', and signal: ' + signal); - cluster.fork(); + fork(); }); // TODO delegate to workers diff --git a/worker.js b/worker.js index c1dadd3..22c8ffc 100644 --- a/worker.js +++ b/worker.js @@ -188,7 +188,11 @@ function init(info) { return workerApp; } - promiseServer = require('./lib/sni-server').create(info.certPaths, info.securePort, promiseApps); + if (info.certPaths) { + promiseServer = require('./lib/sni-server').create(info.certPaths, info.securePort, promiseApps); + } else { + promiseServer = require('./lib/local-server').create(info.securePort, promiseApps); + } } process.on('message', function (msg) {