apps/core
1
0
Fork 0
mirror of https://github.com/datarhei/core.git synced 2025-10-05 07:57:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix datarhei/restreamer#425

Browse Source
This commit is contained in:
Ingo Oppermann
2022-10-10 14:54:35 +02:00
parent eb57fb5e70
commit f896c1a9ac
1 changed files with 91 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

177
app/api/api.go
View File

@@ -649,98 +649,102 @@ func (a *api) start() error {
var autocertManager *certmagic.Config var autocertManager *certmagic.Config
if cfg.TLS.Enable && cfg.TLS.Auto { if cfg.TLS.Enable {
if len(cfg.Host.Name) == 0 { if cfg.TLS.Auto {
return fmt.Errorf("at least one host must be provided in host.name or RS_HOST_NAME") if len(cfg.Host.Name) == 0 {
} return fmt.Errorf("at least one host must be provided in host.name or RS_HOST_NAME")
certmagic.DefaultACME.Agreed = true
certmagic.DefaultACME.Email = cfg.TLS.Email
certmagic.DefaultACME.CA = certmagic.LetsEncryptProductionCA
certmagic.DefaultACME.DisableHTTPChallenge = false
certmagic.DefaultACME.DisableTLSALPNChallenge = true
certmagic.DefaultACME.Logger = nil
certmagic.Default.Storage = &certmagic.FileStorage{
Path: cfg.DB.Dir + "/cert",
}
certmagic.Default.DefaultServerName = cfg.Host.Name[0]
certmagic.Default.Logger = nil
certmagic.Default.OnEvent = func(event string, data interface{}) {
message := ""
switch data := data.(type) {
case string:
message = data
case fmt.Stringer:
message = data.String()
} }
if len(message) != 0 { certmagic.DefaultACME.Agreed = true
a.log.logger.core.WithComponent("certmagic").Info().WithField("event", event).Log(message) certmagic.DefaultACME.Email = cfg.TLS.Email
certmagic.DefaultACME.CA = certmagic.LetsEncryptProductionCA
certmagic.DefaultACME.DisableHTTPChallenge = false
certmagic.DefaultACME.DisableTLSALPNChallenge = true
certmagic.DefaultACME.Logger = nil
certmagic.Default.Storage = &certmagic.FileStorage{
Path: cfg.DB.Dir + "/cert",
} }
} certmagic.Default.DefaultServerName = cfg.Host.Name[0]
certmagic.Default.Logger = nil
certmagic.Default.OnEvent = func(event string, data interface{}) {
message := ""
magic := certmagic.NewDefault() switch data := data.(type) {
acme := certmagic.NewACMEIssuer(magic, certmagic.DefaultACME) case string:
message = data
case fmt.Stringer:
message = data.String()
}
magic.Issuers = []certmagic.Issuer{acme} if len(message) != 0 {
a.log.logger.core.WithComponent("certmagic").Info().WithField("event", event).Log(message)
autocertManager = magic }
// Start temporary http server on configured port
tempserver := &gohttp.Server{
Addr: cfg.Address,
Handler: acme.HTTPChallengeHandler(gohttp.HandlerFunc(func(w gohttp.ResponseWriter, r *gohttp.Request) {
w.WriteHeader(gohttp.StatusNotFound)
})),
ReadTimeout: 10 * time.Second,
WriteTimeout: 10 * time.Second,
MaxHeaderBytes: 1 << 20,
}
wg := sync.WaitGroup{}
wg.Add(1)
go func() {
tempserver.ListenAndServe()
wg.Done()
}()
var certerror bool
// For each domain, get the certificate
for _, host := range cfg.Host.Name {
logger := a.log.logger.core.WithComponent("Let's Encrypt").WithField("host", host)
logger.Info().Log("Acquiring certificate ...")
ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(5*time.Minute))
err := autocertManager.ManageSync(ctx, []string{host})
cancel()
if err != nil {
logger.Error().WithField("error", err).Log("Failed to acquire certificate")
certerror = true
break
} }
logger.Info().Log("Successfully acquired certificate") magic := certmagic.NewDefault()
} acme := certmagic.NewACMEIssuer(magic, certmagic.DefaultACME)
// Shut down the temporary http server magic.Issuers = []certmagic.Issuer{acme}
tempserver.Close()
wg.Wait() autocertManager = magic
if certerror { // Start temporary http server on configured port
a.log.logger.core.Warn().Log("Continuing with disabled TLS") tempserver := &gohttp.Server{
autocertManager = nil Addr: cfg.Address,
cfg.TLS.Enable = false Handler: acme.HTTPChallengeHandler(gohttp.HandlerFunc(func(w gohttp.ResponseWriter, r *gohttp.Request) {
w.WriteHeader(gohttp.StatusNotFound)
})),
ReadTimeout: 10 * time.Second,
WriteTimeout: 10 * time.Second,
MaxHeaderBytes: 1 << 20,
}
wg := sync.WaitGroup{}
wg.Add(1)
go func() {
tempserver.ListenAndServe()
wg.Done()
}()
var certerror bool
// For each domain, get the certificate
for _, host := range cfg.Host.Name {
logger := a.log.logger.core.WithComponent("Let's Encrypt").WithField("host", host)
logger.Info().Log("Acquiring certificate ...")
ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(5*time.Minute))
err := autocertManager.ManageSync(ctx, []string{host})
cancel()
if err != nil {
logger.Error().WithField("error", err).Log("Failed to acquire certificate")
certerror = true
break
}
logger.Info().Log("Successfully acquired certificate")
}
// Shut down the temporary http server
tempserver.Close()
wg.Wait()
if certerror {
a.log.logger.core.Warn().Log("Continuing with disabled TLS")
autocertManager = nil
cfg.TLS.Enable = false
} else {
cfg.TLS.CertFile = ""
cfg.TLS.KeyFile = ""
}
} else { } else {
cfg.TLS.CertFile = "" a.log.logger.core.Info().Log("Enabling TLS with cert and key files")
cfg.TLS.KeyFile = ""
} }
} }
@@ -756,14 +760,15 @@ func (a *api) start() error {
Collector: a.sessions.Collector("rtmp"), Collector: a.sessions.Collector("rtmp"),
} }
if autocertManager != nil && cfg.RTMP.EnableTLS { if cfg.RTMP.EnableTLS {
config.TLSConfig = &tls.Config{
GetCertificate: autocertManager.GetCertificate,
}
config.Logger = config.Logger.WithComponent("RTMP/S") config.Logger = config.Logger.WithComponent("RTMP/S")
a.log.logger.rtmps = a.log.logger.core.WithComponent("RTMPS").WithField("address", cfg.RTMP.AddressTLS) a.log.logger.rtmps = a.log.logger.core.WithComponent("RTMPS").WithField("address", cfg.RTMP.AddressTLS)
if autocertManager != nil {
config.TLSConfig = &tls.Config{
GetCertificate: autocertManager.GetCertificate,
}
}
} }
rtmpserver, err := rtmp.New(config) rtmpserver, err := rtmp.New(config)