2023-01-30 16:27:06 +03:00
// Package http provides HTTP listeners/servers, for
// autoconfiguration/autodiscovery, the account and admin web interface and
// MTA-STS policies.
package http
import (
2023-03-01 00:12:27 +03:00
"context"
2023-01-30 16:27:06 +03:00
"crypto/tls"
"fmt"
golog "log"
"net"
"net/http"
change mox to start as root, bind to network sockets, then drop to regular unprivileged mox user
makes it easier to run on bsd's, where you cannot (easily?) let non-root users
bind to ports <1024. starting as root also paves the way for future improvements
with privilege separation.
unfortunately, this requires changes to how you start mox. though mox will help
by automatically fix up dir/file permissions/ownership.
if you start mox from the systemd unit file, you should update it so it starts
as root and adds a few additional capabilities:
# first update the mox binary, then, as root:
./mox config printservice >mox.service
systemctl daemon-reload
systemctl restart mox
journalctl -f -u mox &
# you should see mox start up, with messages about fixing permissions on dirs/files.
if you used the recommended config/ and data/ directory, in a directory just for
mox, and with the mox user called "mox", this should be enough.
if you don't want mox to modify dir/file permissions, set "NoFixPermissions:
true" in mox.conf.
if you named the mox user something else than mox, e.g. "_mox", add "User: _mox"
to mox.conf.
if you created a shared service user as originally suggested, you may want to
get rid of that as it is no longer useful and may get in the way. e.g. if you
had /home/service/mox with a "service" user, that service user can no longer
access any files: only mox and root can.
this also adds scripts for building mox docker images for alpine-supported
platforms.
the "restart" subcommand has been removed. it wasn't all that useful and got in
the way.
and another change: when adding a domain while mtasts isn't enabled, don't add
the per-domain mtasts config, as it would cause failure to add the domain.
based on report from setting up mox on openbsd from mteege.
and based on issue #3. thanks for the feedback!
2023-02-27 14:19:55 +03:00
"os"
2023-03-01 00:12:27 +03:00
"path"
"sort"
2023-01-30 16:27:06 +03:00
"strings"
"time"
_ "net/http/pprof"
2023-03-01 00:12:27 +03:00
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promauto"
2023-01-30 16:27:06 +03:00
"github.com/prometheus/client_golang/prometheus/promhttp"
2023-03-04 02:49:02 +03:00
"github.com/mjl-/mox/autotls"
2023-01-30 16:27:06 +03:00
"github.com/mjl-/mox/config"
"github.com/mjl-/mox/dns"
"github.com/mjl-/mox/mlog"
"github.com/mjl-/mox/mox-"
2023-03-01 00:12:27 +03:00
"github.com/mjl-/mox/ratelimit"
2023-01-30 16:27:06 +03:00
)
var xlog = mlog . New ( "http" )
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
performance of server), another for duration until full response is sent to
client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
and hitting "save", the changes take effect immediately. the page itself
doesn't look very well-designed (many input fields, makes it look messy). i
have an idea to improve it (explained in admin.html as todo) by making the
layout look just like the config file. not urgent though.
i've already changed my websites/webapps over.
the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 20:15:54 +03:00
var (
// metricRequest tracks performance (time to write response header) of server.
metricRequest = promauto . NewHistogramVec (
prometheus . HistogramOpts {
Name : "mox_httpserver_request_duration_seconds" ,
Help : "HTTP(s) server request with handler name, protocol, method, result codes, and duration until response status code is written, in seconds." ,
Buckets : [ ] float64 { 0.001 , 0.005 , 0.01 , 0.05 , 0.100 , 0.5 , 1 , 5 , 10 , 20 , 30 , 60 , 120 } ,
} ,
[ ] string {
"handler" , // Name from webhandler, can be empty.
"proto" , // "http" or "https"
"method" , // "(unknown)" and otherwise only common verbs
"code" ,
} ,
)
// metricResponse tracks performance of entire request as experienced by users,
// which also depends on their connection speed, so not necessarily something you
// could act on.
metricResponse = promauto . NewHistogramVec (
prometheus . HistogramOpts {
Name : "mox_httpserver_response_duration_seconds" ,
Help : "HTTP(s) server response with handler name, protocol, method, result codes, and duration of entire response, in seconds." ,
Buckets : [ ] float64 { 0.001 , 0.005 , 0.01 , 0.05 , 0.100 , 0.5 , 1 , 5 , 10 , 20 , 30 , 60 , 120 } ,
} ,
[ ] string {
"handler" , // Name from webhandler, can be empty.
"proto" , // "http" or "https"
"method" , // "(unknown)" and otherwise only common verbs
"code" ,
} ,
)
2023-03-01 00:12:27 +03:00
)
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
performance of server), another for duration until full response is sent to
client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
and hitting "save", the changes take effect immediately. the page itself
doesn't look very well-designed (many input fields, makes it look messy). i
have an idea to improve it (explained in admin.html as todo) by making the
layout look just like the config file. not urgent though.
i've already changed my websites/webapps over.
the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 20:15:54 +03:00
// todo: automatic gzip on responses, if client supports it, content is not already compressed. in case of static file only if it isn't too large. skip for certain response content-types (image/*, video/*), or file extensions if there is no identifying content-type. if cpu load isn't too high. if first N kb look compressible and come in quickly enough after first byte (e.g. within 100ms). always flush after 100ms to prevent stalled real-time connections.
2023-03-01 00:12:27 +03:00
// http.ResponseWriter that writes access log and tracks metrics at end of response.
type loggingWriter struct {
W http . ResponseWriter // Calls are forwarded.
Start time . Time
R * http . Request
Handler string // Set by router.
// Set by handlers.
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
performance of server), another for duration until full response is sent to
client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
and hitting "save", the changes take effect immediately. the page itself
doesn't look very well-designed (many input fields, makes it look messy). i
have an idea to improve it (explained in admin.html as todo) by making the
layout look just like the config file. not urgent though.
i've already changed my websites/webapps over.
the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 20:15:54 +03:00
StatusCode int
Size int64
WriteErr error
2023-03-01 00:12:27 +03:00
}
func ( w * loggingWriter ) Header ( ) http . Header {
return w . W . Header ( )
}
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
performance of server), another for duration until full response is sent to
client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
and hitting "save", the changes take effect immediately. the page itself
doesn't look very well-designed (many input fields, makes it look messy). i
have an idea to improve it (explained in admin.html as todo) by making the
layout look just like the config file. not urgent though.
i've already changed my websites/webapps over.
the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 20:15:54 +03:00
func ( w * loggingWriter ) setStatusCode ( statusCode int ) {
if w . StatusCode != 0 {
return
}
w . StatusCode = statusCode
method := metricHTTPMethod ( w . R . Method )
proto := "http"
if w . R . TLS != nil {
proto = "https"
}
metricRequest . WithLabelValues ( w . Handler , proto , method , fmt . Sprintf ( "%d" , w . StatusCode ) ) . Observe ( float64 ( time . Since ( w . Start ) ) / float64 ( time . Second ) )
}
2023-03-01 00:12:27 +03:00
func ( w * loggingWriter ) Write ( buf [ ] byte ) ( int , error ) {
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
performance of server), another for duration until full response is sent to
client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
and hitting "save", the changes take effect immediately. the page itself
doesn't look very well-designed (many input fields, makes it look messy). i
have an idea to improve it (explained in admin.html as todo) by making the
layout look just like the config file. not urgent though.
i've already changed my websites/webapps over.
the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 20:15:54 +03:00
if w . Size == 0 {
w . setStatusCode ( http . StatusOK )
}
2023-03-01 00:12:27 +03:00
n , err := w . W . Write ( buf )
if n > 0 {
w . Size += int64 ( n )
}
if err != nil && w . WriteErr == nil {
w . WriteErr = err
}
return n , err
}
func ( w * loggingWriter ) WriteHeader ( statusCode int ) {
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
performance of server), another for duration until full response is sent to
client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
and hitting "save", the changes take effect immediately. the page itself
doesn't look very well-designed (many input fields, makes it look messy). i
have an idea to improve it (explained in admin.html as todo) by making the
layout look just like the config file. not urgent though.
i've already changed my websites/webapps over.
the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 20:15:54 +03:00
w . setStatusCode ( statusCode )
2023-03-01 00:12:27 +03:00
w . W . WriteHeader ( statusCode )
}
var tlsVersions = map [ uint16 ] string {
tls . VersionTLS10 : "tls1.0" ,
tls . VersionTLS11 : "tls1.1" ,
tls . VersionTLS12 : "tls1.2" ,
tls . VersionTLS13 : "tls1.3" ,
}
func metricHTTPMethod ( method string ) string {
// https://www.iana.org/assignments/http-methods/http-methods.xhtml
method = strings . ToLower ( method )
switch method {
case "acl" , "baseline-control" , "bind" , "checkin" , "checkout" , "connect" , "copy" , "delete" , "get" , "head" , "label" , "link" , "lock" , "merge" , "mkactivity" , "mkcalendar" , "mkcol" , "mkredirectref" , "mkworkspace" , "move" , "options" , "orderpatch" , "patch" , "post" , "pri" , "propfind" , "proppatch" , "put" , "rebind" , "report" , "search" , "trace" , "unbind" , "uncheckout" , "unlink" , "unlock" , "update" , "updateredirectref" , "version-control" :
return method
}
return "(other)"
}
func ( w * loggingWriter ) Done ( ) {
method := metricHTTPMethod ( w . R . Method )
proto := "http"
if w . R . TLS != nil {
proto = "https"
}
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
performance of server), another for duration until full response is sent to
client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
and hitting "save", the changes take effect immediately. the page itself
doesn't look very well-designed (many input fields, makes it look messy). i
have an idea to improve it (explained in admin.html as todo) by making the
layout look just like the config file. not urgent though.
i've already changed my websites/webapps over.
the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 20:15:54 +03:00
metricResponse . WithLabelValues ( w . Handler , proto , method , fmt . Sprintf ( "%d" , w . StatusCode ) ) . Observe ( float64 ( time . Since ( w . Start ) ) / float64 ( time . Second ) )
2023-03-01 00:12:27 +03:00
tlsinfo := "plain"
if w . R . TLS != nil {
if v , ok := tlsVersions [ w . R . TLS . Version ] ; ok {
tlsinfo = v
} else {
tlsinfo = "(other)"
}
}
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
performance of server), another for duration until full response is sent to
client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
and hitting "save", the changes take effect immediately. the page itself
doesn't look very well-designed (many input fields, makes it look messy). i
have an idea to improve it (explained in admin.html as todo) by making the
layout look just like the config file. not urgent though.
i've already changed my websites/webapps over.
the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 20:15:54 +03:00
xlog . WithContext ( w . R . Context ( ) ) . Debugx ( "http request" , w . WriteErr ,
mlog . Field ( "httpaccess" , "" ) ,
mlog . Field ( "handler" , w . Handler ) ,
mlog . Field ( "method" , method ) ,
mlog . Field ( "url" , w . R . URL ) ,
mlog . Field ( "host" , w . R . Host ) ,
mlog . Field ( "duration" , time . Since ( w . Start ) ) ,
mlog . Field ( "size" , w . Size ) ,
mlog . Field ( "statuscode" , w . StatusCode ) ,
mlog . Field ( "proto" , strings . ToLower ( w . R . Proto ) ) ,
mlog . Field ( "remoteaddr" , w . R . RemoteAddr ) ,
mlog . Field ( "tlsinfo" , tlsinfo ) ,
mlog . Field ( "useragent" , w . R . Header . Get ( "User-Agent" ) ) ,
mlog . Field ( "referrr" , w . R . Header . Get ( "Referrer" ) ) ,
)
2023-03-01 00:12:27 +03:00
}
2023-01-30 16:27:06 +03:00
// Set some http headers that should prevent potential abuse. Better safe than sorry.
2023-03-12 13:52:15 +03:00
func safeHeaders ( fn http . Handler ) http . Handler {
return http . HandlerFunc ( func ( w http . ResponseWriter , r * http . Request ) {
2023-01-30 16:27:06 +03:00
h := w . Header ( )
h . Set ( "X-Frame-Options" , "deny" )
h . Set ( "X-Content-Type-Options" , "nosniff" )
h . Set ( "Content-Security-Policy" , "default-src 'self' 'unsafe-inline' data:" )
h . Set ( "Referrer-Policy" , "same-origin" )
2023-03-12 13:52:15 +03:00
fn . ServeHTTP ( w , r )
} )
2023-01-30 16:27:06 +03:00
}
2023-03-01 00:12:27 +03:00
// Built-in handlers, e.g. mta-sts and autoconfig.
type pathHandler struct {
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
performance of server), another for duration until full response is sent to
client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
and hitting "save", the changes take effect immediately. the page itself
doesn't look very well-designed (many input fields, makes it look messy). i
have an idea to improve it (explained in admin.html as todo) by making the
layout look just like the config file. not urgent though.
i've already changed my websites/webapps over.
the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 20:15:54 +03:00
Name string // For logging/metrics.
HostMatch func ( dom dns . Domain ) bool // If not nil, called to see if domain of requests matches. Only called if requested host is a valid domain.
Path string // Path to register, like on http.ServeMux.
2023-03-12 13:52:15 +03:00
Handler http . Handler
2023-03-01 00:12:27 +03:00
}
type serve struct {
2023-03-10 19:55:37 +03:00
Kinds [ ] string // Type of handler and protocol (e.g. acme-tls-alpn-01, account-http, admin-https).
2023-03-01 00:12:27 +03:00
TLSConfig * tls . Config
PathHandlers [ ] pathHandler // Sorted, longest first.
Webserver bool // Whether serving WebHandler. PathHandlers are always evaluated before WebHandlers.
}
2023-03-12 13:52:15 +03:00
// Handle registers a named handler for a path and optional host. If path ends with
// a slash, it is used as prefix match, otherwise a full path match is required. If
// hostOpt is set, only requests to those host are handled by this handler.
func ( s * serve ) Handle ( name string , hostMatch func ( dns . Domain ) bool , path string , fn http . Handler ) {
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
performance of server), another for duration until full response is sent to
client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
and hitting "save", the changes take effect immediately. the page itself
doesn't look very well-designed (many input fields, makes it look messy). i
have an idea to improve it (explained in admin.html as todo) by making the
layout look just like the config file. not urgent though.
i've already changed my websites/webapps over.
the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 20:15:54 +03:00
s . PathHandlers = append ( s . PathHandlers , pathHandler { name , hostMatch , path , fn } )
2023-03-01 00:12:27 +03:00
}
var (
limiterConnectionrate = & ratelimit . Limiter {
WindowLimits : [ ] ratelimit . WindowLimit {
{
Window : time . Minute ,
Limits : [ ... ] int64 { 1000 , 3000 , 9000 } ,
} ,
{
Window : time . Hour ,
Limits : [ ... ] int64 { 5000 , 15000 , 45000 } ,
} ,
} ,
}
)
// ServeHTTP is the starting point for serving HTTP requests. It dispatches to the
// right pathHandler or WebHandler, and it generates access logs and tracks
// metrics.
func ( s * serve ) ServeHTTP ( xw http . ResponseWriter , r * http . Request ) {
now := time . Now ( )
// Rate limiting as early as possible.
ipstr , _ , err := net . SplitHostPort ( r . RemoteAddr )
if err != nil {
xlog . Debugx ( "split host:port client remoteaddr" , err , mlog . Field ( "remoteaddr" , r . RemoteAddr ) )
} else if ip := net . ParseIP ( ipstr ) ; ip == nil {
xlog . Debug ( "parsing ip for client remoteaddr" , mlog . Field ( "remoteaddr" , r . RemoteAddr ) )
} else if ! limiterConnectionrate . Add ( ip , now , 1 ) {
method := metricHTTPMethod ( r . Method )
proto := "http"
if r . TLS != nil {
proto = "https"
}
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
performance of server), another for duration until full response is sent to
client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
and hitting "save", the changes take effect immediately. the page itself
doesn't look very well-designed (many input fields, makes it look messy). i
have an idea to improve it (explained in admin.html as todo) by making the
layout look just like the config file. not urgent though.
i've already changed my websites/webapps over.
the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 20:15:54 +03:00
metricRequest . WithLabelValues ( "(ratelimited)" , proto , method , "429" ) . Observe ( 0 )
2023-03-01 00:12:27 +03:00
// No logging, that's just noise.
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
performance of server), another for duration until full response is sent to
client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
and hitting "save", the changes take effect immediately. the page itself
doesn't look very well-designed (many input fields, makes it look messy). i
have an idea to improve it (explained in admin.html as todo) by making the
layout look just like the config file. not urgent though.
i've already changed my websites/webapps over.
the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 20:15:54 +03:00
http . Error ( xw , "429 - too many auth attempts" , http . StatusTooManyRequests )
2023-03-01 00:12:27 +03:00
return
}
ctx := context . WithValue ( r . Context ( ) , mlog . CidKey , mox . Cid ( ) )
r = r . WithContext ( ctx )
nw := & loggingWriter {
W : xw ,
Start : now ,
R : r ,
}
defer nw . Done ( )
// Cleanup path, removing ".." and ".". Keep any trailing slash.
trailingPath := strings . HasSuffix ( r . URL . Path , "/" )
if r . URL . Path == "" {
r . URL . Path = "/"
}
r . URL . Path = path . Clean ( r . URL . Path )
if r . URL . Path == "." {
r . URL . Path = "/"
}
if trailingPath && ! strings . HasSuffix ( r . URL . Path , "/" ) {
r . URL . Path += "/"
}
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
performance of server), another for duration until full response is sent to
client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
and hitting "save", the changes take effect immediately. the page itself
doesn't look very well-designed (many input fields, makes it look messy). i
have an idea to improve it (explained in admin.html as todo) by making the
layout look just like the config file. not urgent though.
i've already changed my websites/webapps over.
the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 20:15:54 +03:00
var dom dns . Domain
host := r . Host
nhost , _ , err := net . SplitHostPort ( host )
if err == nil {
host = nhost
}
// host could be an IP, some handles may match, not an error.
dom , domErr := dns . ParseDomain ( host )
2023-03-01 00:12:27 +03:00
for _ , h := range s . PathHandlers {
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
performance of server), another for duration until full response is sent to
client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
and hitting "save", the changes take effect immediately. the page itself
doesn't look very well-designed (many input fields, makes it look messy). i
have an idea to improve it (explained in admin.html as todo) by making the
layout look just like the config file. not urgent though.
i've already changed my websites/webapps over.
the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 20:15:54 +03:00
if h . HostMatch != nil && ( domErr != nil || ! h . HostMatch ( dom ) ) {
continue
}
2023-03-01 00:12:27 +03:00
if r . URL . Path == h . Path || strings . HasSuffix ( h . Path , "/" ) && strings . HasPrefix ( r . URL . Path , h . Path ) {
nw . Handler = h . Name
2023-03-12 13:52:15 +03:00
h . Handler . ServeHTTP ( nw , r )
2023-03-01 00:12:27 +03:00
return
}
}
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
performance of server), another for duration until full response is sent to
client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
and hitting "save", the changes take effect immediately. the page itself
doesn't look very well-designed (many input fields, makes it look messy). i
have an idea to improve it (explained in admin.html as todo) by making the
layout look just like the config file. not urgent though.
i've already changed my websites/webapps over.
the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 20:15:54 +03:00
if s . Webserver && domErr == nil {
if WebHandle ( nw , r , dom ) {
2023-03-01 00:12:27 +03:00
return
}
}
nw . Handler = "(nomatch)"
http . NotFound ( nw , r )
}
change mox to start as root, bind to network sockets, then drop to regular unprivileged mox user
makes it easier to run on bsd's, where you cannot (easily?) let non-root users
bind to ports <1024. starting as root also paves the way for future improvements
with privilege separation.
unfortunately, this requires changes to how you start mox. though mox will help
by automatically fix up dir/file permissions/ownership.
if you start mox from the systemd unit file, you should update it so it starts
as root and adds a few additional capabilities:
# first update the mox binary, then, as root:
./mox config printservice >mox.service
systemctl daemon-reload
systemctl restart mox
journalctl -f -u mox &
# you should see mox start up, with messages about fixing permissions on dirs/files.
if you used the recommended config/ and data/ directory, in a directory just for
mox, and with the mox user called "mox", this should be enough.
if you don't want mox to modify dir/file permissions, set "NoFixPermissions:
true" in mox.conf.
if you named the mox user something else than mox, e.g. "_mox", add "User: _mox"
to mox.conf.
if you created a shared service user as originally suggested, you may want to
get rid of that as it is no longer useful and may get in the way. e.g. if you
had /home/service/mox with a "service" user, that service user can no longer
access any files: only mox and root can.
this also adds scripts for building mox docker images for alpine-supported
platforms.
the "restart" subcommand has been removed. it wasn't all that useful and got in
the way.
and another change: when adding a domain while mtasts isn't enabled, don't add
the per-domain mtasts config, as it would cause failure to add the domain.
based on report from setting up mox on openbsd from mteege.
and based on issue #3. thanks for the feedback!
2023-02-27 14:19:55 +03:00
// Listen binds to sockets for HTTP listeners, including those required for ACME to
// generate TLS certificates. It stores the listeners so Serve can start serving them.
func Listen ( ) {
2023-01-30 16:27:06 +03:00
for name , l := range mox . Conf . Static . Listeners {
2023-03-01 00:12:27 +03:00
portServe := map [ int ] * serve { }
2023-01-30 16:27:06 +03:00
2023-03-01 00:12:27 +03:00
var ensureServe func ( https bool , port int , kind string ) * serve
ensureServe = func ( https bool , port int , kind string ) * serve {
s := portServe [ port ]
if s == nil {
s = & serve { nil , nil , nil , false }
portServe [ port ] = s
2023-01-30 16:27:06 +03:00
}
2023-03-01 00:12:27 +03:00
s . Kinds = append ( s . Kinds , kind )
2023-02-18 18:53:06 +03:00
if https && l . TLS . ACME != "" {
2023-03-01 00:12:27 +03:00
s . TLSConfig = l . TLS . ACMEConfig
2023-01-30 16:27:06 +03:00
} else if https {
2023-03-01 00:12:27 +03:00
s . TLSConfig = l . TLS . Config
2023-01-30 16:27:06 +03:00
if l . TLS . ACME != "" {
2023-03-01 00:12:27 +03:00
tlsport := config . Port ( mox . Conf . Static . ACME [ l . TLS . ACME ] . Port , 443 )
ensureServe ( true , tlsport , "acme-tls-alpn-01" )
2023-01-30 16:27:06 +03:00
}
}
return s
}
2023-02-23 01:22:42 +03:00
if l . TLS != nil && l . TLS . ACME != "" && ( l . SMTP . Enabled && ! l . SMTP . NoSTARTTLS || l . Submissions . Enabled || l . IMAPS . Enabled ) {
2023-03-01 00:12:27 +03:00
port := config . Port ( mox . Conf . Static . ACME [ l . TLS . ACME ] . Port , 443 )
2023-03-10 19:55:37 +03:00
ensureServe ( true , port , "acme-tls-alpn-01" )
2023-01-30 16:27:06 +03:00
}
2023-02-13 15:53:47 +03:00
if l . AccountHTTP . Enabled {
2023-03-01 00:12:27 +03:00
port := config . Port ( l . AccountHTTP . Port , 80 )
2023-03-12 13:52:15 +03:00
path := "/"
if l . AccountHTTP . Path != "" {
path = l . AccountHTTP . Path
}
2023-03-20 14:49:40 +03:00
srv := ensureServe ( false , port , "account-http at " + path )
2023-03-12 13:52:15 +03:00
handler := safeHeaders ( http . StripPrefix ( path [ : len ( path ) - 1 ] , http . HandlerFunc ( accountHandle ) ) )
srv . Handle ( "account" , nil , path , handler )
2023-02-13 15:53:47 +03:00
}
if l . AccountHTTPS . Enabled {
2023-03-01 00:12:27 +03:00
port := config . Port ( l . AccountHTTPS . Port , 443 )
2023-03-12 13:52:15 +03:00
path := "/"
if l . AccountHTTPS . Path != "" {
path = l . AccountHTTPS . Path
}
2023-03-20 14:49:40 +03:00
srv := ensureServe ( true , port , "account-https at " + path )
2023-03-12 13:52:15 +03:00
handler := safeHeaders ( http . StripPrefix ( path [ : len ( path ) - 1 ] , http . HandlerFunc ( accountHandle ) ) )
srv . Handle ( "account" , nil , path , handler )
2023-02-13 15:53:47 +03:00
}
2023-01-30 16:27:06 +03:00
if l . AdminHTTP . Enabled {
2023-03-01 00:12:27 +03:00
port := config . Port ( l . AdminHTTP . Port , 80 )
2023-03-12 13:52:15 +03:00
path := "/admin/"
if l . AdminHTTP . Path != "" {
path = l . AdminHTTP . Path
2023-02-13 15:53:47 +03:00
}
2023-03-20 14:49:40 +03:00
srv := ensureServe ( false , port , "admin-http at " + path )
2023-03-12 13:52:15 +03:00
handler := safeHeaders ( http . StripPrefix ( path [ : len ( path ) - 1 ] , http . HandlerFunc ( adminHandle ) ) )
srv . Handle ( "admin" , nil , path , handler )
2023-01-30 16:27:06 +03:00
}
if l . AdminHTTPS . Enabled {
2023-03-01 00:12:27 +03:00
port := config . Port ( l . AdminHTTPS . Port , 443 )
2023-03-12 13:52:15 +03:00
path := "/admin/"
if l . AdminHTTPS . Path != "" {
path = l . AdminHTTPS . Path
2023-02-13 15:53:47 +03:00
}
2023-03-20 14:49:40 +03:00
srv := ensureServe ( true , port , "admin-https at " + path )
2023-03-12 13:52:15 +03:00
handler := safeHeaders ( http . StripPrefix ( path [ : len ( path ) - 1 ] , http . HandlerFunc ( adminHandle ) ) )
srv . Handle ( "admin" , nil , path , handler )
2023-01-30 16:27:06 +03:00
}
if l . MetricsHTTP . Enabled {
2023-03-01 00:12:27 +03:00
port := config . Port ( l . MetricsHTTP . Port , 8010 )
srv := ensureServe ( false , port , "metrics-http" )
2023-03-12 13:52:15 +03:00
srv . Handle ( "metrics" , nil , "/metrics" , safeHeaders ( promhttp . Handler ( ) ) )
srv . Handle ( "metrics" , nil , "/" , safeHeaders ( http . HandlerFunc ( func ( w http . ResponseWriter , r * http . Request ) {
2023-01-30 16:27:06 +03:00
if r . URL . Path != "/" {
http . NotFound ( w , r )
return
} else if r . Method != "GET" {
http . Error ( w , http . StatusText ( http . StatusMethodNotAllowed ) , http . StatusMethodNotAllowed )
return
}
w . Header ( ) . Set ( "Content-Type" , "text/html" )
fmt . Fprint ( w , ` <html><body>see <a href="/metrics">/metrics</a></body></html> ` )
2023-03-12 13:52:15 +03:00
} ) ) )
2023-01-30 16:27:06 +03:00
}
if l . AutoconfigHTTPS . Enabled {
2023-03-01 00:12:27 +03:00
port := config . Port ( l . AutoconfigHTTPS . Port , 443 )
srv := ensureServe ( ! l . AutoconfigHTTPS . NonTLS , port , "autoconfig-https" )
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
performance of server), another for duration until full response is sent to
client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
and hitting "save", the changes take effect immediately. the page itself
doesn't look very well-designed (many input fields, makes it look messy). i
have an idea to improve it (explained in admin.html as todo) by making the
layout look just like the config file. not urgent though.
i've already changed my websites/webapps over.
the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 20:15:54 +03:00
autoconfigMatch := func ( dom dns . Domain ) bool {
// todo: may want to check this against the configured domains, could in theory be just a webserver.
return strings . HasPrefix ( dom . ASCII , "autoconfig." )
}
2023-03-12 13:52:15 +03:00
srv . Handle ( "autoconfig" , autoconfigMatch , "/mail/config-v1.1.xml" , safeHeaders ( http . HandlerFunc ( autoconfHandle ) ) )
srv . Handle ( "autodiscover" , autoconfigMatch , "/autodiscover/autodiscover.xml" , safeHeaders ( http . HandlerFunc ( autodiscoverHandle ) ) )
2023-01-30 16:27:06 +03:00
}
if l . MTASTSHTTPS . Enabled {
2023-03-01 00:12:27 +03:00
port := config . Port ( l . MTASTSHTTPS . Port , 443 )
srv := ensureServe ( ! l . AutoconfigHTTPS . NonTLS , port , "mtasts-https" )
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
performance of server), another for duration until full response is sent to
client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
and hitting "save", the changes take effect immediately. the page itself
doesn't look very well-designed (many input fields, makes it look messy). i
have an idea to improve it (explained in admin.html as todo) by making the
layout look just like the config file. not urgent though.
i've already changed my websites/webapps over.
the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 20:15:54 +03:00
mtastsMatch := func ( dom dns . Domain ) bool {
// todo: may want to check this against the configured domains, could in theory be just a webserver.
return strings . HasPrefix ( dom . ASCII , "mta-sts." )
}
2023-03-12 13:52:15 +03:00
srv . Handle ( "mtasts" , mtastsMatch , "/.well-known/mta-sts.txt" , safeHeaders ( http . HandlerFunc ( mtastsPolicyHandle ) ) )
2023-01-30 16:27:06 +03:00
}
if l . PprofHTTP . Enabled {
// Importing net/http/pprof registers handlers on the default serve mux.
port := config . Port ( l . PprofHTTP . Port , 8011 )
if _ , ok := portServe [ port ] ; ok {
xlog . Fatal ( "cannot serve pprof on same endpoint as other http services" )
}
2023-03-01 00:12:27 +03:00
srv := & serve { [ ] string { "pprof-http" } , nil , nil , false }
portServe [ port ] = srv
2023-03-12 13:52:15 +03:00
srv . Handle ( "pprof" , nil , "/" , http . DefaultServeMux )
2023-03-01 00:12:27 +03:00
}
if l . WebserverHTTP . Enabled {
port := config . Port ( l . WebserverHTTP . Port , 80 )
srv := ensureServe ( false , port , "webserver-http" )
srv . Webserver = true
}
if l . WebserverHTTPS . Enabled {
port := config . Port ( l . WebserverHTTPS . Port , 443 )
srv := ensureServe ( true , port , "webserver-https" )
srv . Webserver = true
2023-01-30 16:27:06 +03:00
}
if l . TLS != nil && l . TLS . ACME != "" {
m := mox . Conf . Static . ACME [ l . TLS . ACME ] . Manager
2023-03-10 19:55:37 +03:00
// If we are listening on port 80 for plain http, also register acme http-01
// validation handler.
if srv , ok := portServe [ 80 ] ; ok && srv . TLSConfig == nil {
srv . Kinds = append ( srv . Kinds , "acme-http-01" )
2023-03-12 13:52:15 +03:00
srv . Handle ( "acme-http-01" , nil , "/.well-known/acme-challenge/" , m . Manager . HTTPHandler ( nil ) )
2023-03-10 19:55:37 +03:00
}
2023-03-04 02:49:02 +03:00
hosts := map [ dns . Domain ] struct { } {
mox . Conf . Static . HostnameDomain : { } ,
}
2023-01-30 16:27:06 +03:00
if l . HostnameDomain . ASCII != "" {
2023-03-04 02:49:02 +03:00
hosts [ l . HostnameDomain ] = struct { } { }
2023-01-30 16:27:06 +03:00
}
2023-03-04 02:49:02 +03:00
// All domains are served on all listeners.
for _ , name := range mox . Conf . Domains ( ) {
dom , err := dns . ParseDomain ( "autoconfig." + name )
if err != nil {
xlog . Errorx ( "parsing domain from config for autoconfig" , err )
} else {
hosts [ dom ] = struct { } { }
2023-01-30 16:27:06 +03:00
}
2023-03-04 02:49:02 +03:00
}
2023-01-30 16:27:06 +03:00
2023-03-04 02:49:02 +03:00
ensureManagerHosts [ m ] = hosts
2023-01-30 16:27:06 +03:00
}
for port , srv := range portServe {
improve webserver, add domain redirects (aliases), add tests and admin page ui to manage the config
- make builtin http handlers serve on specific domains, such as for mta-sts, so
e.g. /.well-known/mta-sts.txt isn't served on all domains.
- add logging of a few more fields in access logging.
- small tweaks/bug fixes in webserver request handling.
- add config option for redirecting entire domains to another (common enough).
- split httpserver metric into two: one for duration until writing header (i.e.
performance of server), another for duration until full response is sent to
client (i.e. performance as perceived by users).
- add admin ui, a new page for managing the configs. after making changes
and hitting "save", the changes take effect immediately. the page itself
doesn't look very well-designed (many input fields, makes it look messy). i
have an idea to improve it (explained in admin.html as todo) by making the
layout look just like the config file. not urgent though.
i've already changed my websites/webapps over.
the idea of adding a webserver is to take away a (the) reason for folks to want
to complicate their mox setup by running an other webserver on the same machine.
i think the current webserver implementation can already serve most common use
cases. with a few more tweaks (feedback needed!) we should be able to get to 95%
of the use cases. the reverse proxy can take care of the remaining 5%.
nevertheless, a next step is still to change the quickstart to make it easier
for folks to run with an existing webserver, with existing tls certs/keys.
that's how this relates to issue #5.
2023-03-02 20:15:54 +03:00
sort . Slice ( srv . PathHandlers , func ( i , j int ) bool {
a := srv . PathHandlers [ i ] . Path
b := srv . PathHandlers [ j ] . Path
if len ( a ) == len ( b ) {
// For consistent order.
return a < b
}
// Longest paths first.
return len ( a ) > len ( b )
} )
2023-01-30 16:27:06 +03:00
for _ , ip := range l . IPs {
2023-03-01 00:12:27 +03:00
listen1 ( ip , port , srv . TLSConfig , name , srv . Kinds , srv )
2023-01-30 16:27:06 +03:00
}
}
}
}
change mox to start as root, bind to network sockets, then drop to regular unprivileged mox user
makes it easier to run on bsd's, where you cannot (easily?) let non-root users
bind to ports <1024. starting as root also paves the way for future improvements
with privilege separation.
unfortunately, this requires changes to how you start mox. though mox will help
by automatically fix up dir/file permissions/ownership.
if you start mox from the systemd unit file, you should update it so it starts
as root and adds a few additional capabilities:
# first update the mox binary, then, as root:
./mox config printservice >mox.service
systemctl daemon-reload
systemctl restart mox
journalctl -f -u mox &
# you should see mox start up, with messages about fixing permissions on dirs/files.
if you used the recommended config/ and data/ directory, in a directory just for
mox, and with the mox user called "mox", this should be enough.
if you don't want mox to modify dir/file permissions, set "NoFixPermissions:
true" in mox.conf.
if you named the mox user something else than mox, e.g. "_mox", add "User: _mox"
to mox.conf.
if you created a shared service user as originally suggested, you may want to
get rid of that as it is no longer useful and may get in the way. e.g. if you
had /home/service/mox with a "service" user, that service user can no longer
access any files: only mox and root can.
this also adds scripts for building mox docker images for alpine-supported
platforms.
the "restart" subcommand has been removed. it wasn't all that useful and got in
the way.
and another change: when adding a domain while mtasts isn't enabled, don't add
the per-domain mtasts config, as it would cause failure to add the domain.
based on report from setting up mox on openbsd from mteege.
and based on issue #3. thanks for the feedback!
2023-02-27 14:19:55 +03:00
// functions to be launched in goroutine that will serve on a listener.
var servers [ ] func ( )
2023-03-10 19:55:37 +03:00
// We'll explicitly ensure these TLS certs exist (e.g. are created with ACME)
// immediately after startup. We only do so for our explicit listener hostnames,
// not for mta-sts DNS records, it can be requested on demand (perhaps never). We
// do request autoconfig, otherwise clients may run into their timeouts waiting for
// the certificate to be given during the first https connection.
var ensureManagerHosts = map [ * autotls . Manager ] map [ dns . Domain ] struct { } { }
change mox to start as root, bind to network sockets, then drop to regular unprivileged mox user
makes it easier to run on bsd's, where you cannot (easily?) let non-root users
bind to ports <1024. starting as root also paves the way for future improvements
with privilege separation.
unfortunately, this requires changes to how you start mox. though mox will help
by automatically fix up dir/file permissions/ownership.
if you start mox from the systemd unit file, you should update it so it starts
as root and adds a few additional capabilities:
# first update the mox binary, then, as root:
./mox config printservice >mox.service
systemctl daemon-reload
systemctl restart mox
journalctl -f -u mox &
# you should see mox start up, with messages about fixing permissions on dirs/files.
if you used the recommended config/ and data/ directory, in a directory just for
mox, and with the mox user called "mox", this should be enough.
if you don't want mox to modify dir/file permissions, set "NoFixPermissions:
true" in mox.conf.
if you named the mox user something else than mox, e.g. "_mox", add "User: _mox"
to mox.conf.
if you created a shared service user as originally suggested, you may want to
get rid of that as it is no longer useful and may get in the way. e.g. if you
had /home/service/mox with a "service" user, that service user can no longer
access any files: only mox and root can.
this also adds scripts for building mox docker images for alpine-supported
platforms.
the "restart" subcommand has been removed. it wasn't all that useful and got in
the way.
and another change: when adding a domain while mtasts isn't enabled, don't add
the per-domain mtasts config, as it would cause failure to add the domain.
based on report from setting up mox on openbsd from mteege.
and based on issue #3. thanks for the feedback!
2023-02-27 14:19:55 +03:00
// listen prepares a listener, and adds it to "servers", to be launched (if not running as root) through Serve.
2023-03-01 00:12:27 +03:00
func listen1 ( ip string , port int , tlsConfig * tls . Config , name string , kinds [ ] string , handler http . Handler ) {
2023-01-30 16:27:06 +03:00
addr := net . JoinHostPort ( ip , fmt . Sprintf ( "%d" , port ) )
var protocol string
var ln net . Listener
var err error
if tlsConfig == nil {
protocol = "http"
change mox to start as root, bind to network sockets, then drop to regular unprivileged mox user
makes it easier to run on bsd's, where you cannot (easily?) let non-root users
bind to ports <1024. starting as root also paves the way for future improvements
with privilege separation.
unfortunately, this requires changes to how you start mox. though mox will help
by automatically fix up dir/file permissions/ownership.
if you start mox from the systemd unit file, you should update it so it starts
as root and adds a few additional capabilities:
# first update the mox binary, then, as root:
./mox config printservice >mox.service
systemctl daemon-reload
systemctl restart mox
journalctl -f -u mox &
# you should see mox start up, with messages about fixing permissions on dirs/files.
if you used the recommended config/ and data/ directory, in a directory just for
mox, and with the mox user called "mox", this should be enough.
if you don't want mox to modify dir/file permissions, set "NoFixPermissions:
true" in mox.conf.
if you named the mox user something else than mox, e.g. "_mox", add "User: _mox"
to mox.conf.
if you created a shared service user as originally suggested, you may want to
get rid of that as it is no longer useful and may get in the way. e.g. if you
had /home/service/mox with a "service" user, that service user can no longer
access any files: only mox and root can.
this also adds scripts for building mox docker images for alpine-supported
platforms.
the "restart" subcommand has been removed. it wasn't all that useful and got in
the way.
and another change: when adding a domain while mtasts isn't enabled, don't add
the per-domain mtasts config, as it would cause failure to add the domain.
based on report from setting up mox on openbsd from mteege.
and based on issue #3. thanks for the feedback!
2023-02-27 14:19:55 +03:00
if os . Getuid ( ) == 0 {
xlog . Print ( "http listener" , mlog . Field ( "name" , name ) , mlog . Field ( "kinds" , strings . Join ( kinds , "," ) ) , mlog . Field ( "address" , addr ) )
}
ln , err = mox . Listen ( mox . Network ( ip ) , addr )
2023-01-30 16:27:06 +03:00
if err != nil {
change mox to start as root, bind to network sockets, then drop to regular unprivileged mox user
makes it easier to run on bsd's, where you cannot (easily?) let non-root users
bind to ports <1024. starting as root also paves the way for future improvements
with privilege separation.
unfortunately, this requires changes to how you start mox. though mox will help
by automatically fix up dir/file permissions/ownership.
if you start mox from the systemd unit file, you should update it so it starts
as root and adds a few additional capabilities:
# first update the mox binary, then, as root:
./mox config printservice >mox.service
systemctl daemon-reload
systemctl restart mox
journalctl -f -u mox &
# you should see mox start up, with messages about fixing permissions on dirs/files.
if you used the recommended config/ and data/ directory, in a directory just for
mox, and with the mox user called "mox", this should be enough.
if you don't want mox to modify dir/file permissions, set "NoFixPermissions:
true" in mox.conf.
if you named the mox user something else than mox, e.g. "_mox", add "User: _mox"
to mox.conf.
if you created a shared service user as originally suggested, you may want to
get rid of that as it is no longer useful and may get in the way. e.g. if you
had /home/service/mox with a "service" user, that service user can no longer
access any files: only mox and root can.
this also adds scripts for building mox docker images for alpine-supported
platforms.
the "restart" subcommand has been removed. it wasn't all that useful and got in
the way.
and another change: when adding a domain while mtasts isn't enabled, don't add
the per-domain mtasts config, as it would cause failure to add the domain.
based on report from setting up mox on openbsd from mteege.
and based on issue #3. thanks for the feedback!
2023-02-27 14:19:55 +03:00
xlog . Fatalx ( "http: listen" , err , mlog . Field ( "addr" , addr ) )
2023-01-30 16:27:06 +03:00
}
} else {
protocol = "https"
change mox to start as root, bind to network sockets, then drop to regular unprivileged mox user
makes it easier to run on bsd's, where you cannot (easily?) let non-root users
bind to ports <1024. starting as root also paves the way for future improvements
with privilege separation.
unfortunately, this requires changes to how you start mox. though mox will help
by automatically fix up dir/file permissions/ownership.
if you start mox from the systemd unit file, you should update it so it starts
as root and adds a few additional capabilities:
# first update the mox binary, then, as root:
./mox config printservice >mox.service
systemctl daemon-reload
systemctl restart mox
journalctl -f -u mox &
# you should see mox start up, with messages about fixing permissions on dirs/files.
if you used the recommended config/ and data/ directory, in a directory just for
mox, and with the mox user called "mox", this should be enough.
if you don't want mox to modify dir/file permissions, set "NoFixPermissions:
true" in mox.conf.
if you named the mox user something else than mox, e.g. "_mox", add "User: _mox"
to mox.conf.
if you created a shared service user as originally suggested, you may want to
get rid of that as it is no longer useful and may get in the way. e.g. if you
had /home/service/mox with a "service" user, that service user can no longer
access any files: only mox and root can.
this also adds scripts for building mox docker images for alpine-supported
platforms.
the "restart" subcommand has been removed. it wasn't all that useful and got in
the way.
and another change: when adding a domain while mtasts isn't enabled, don't add
the per-domain mtasts config, as it would cause failure to add the domain.
based on report from setting up mox on openbsd from mteege.
and based on issue #3. thanks for the feedback!
2023-02-27 14:19:55 +03:00
if os . Getuid ( ) == 0 {
xlog . Print ( "https listener" , mlog . Field ( "name" , name ) , mlog . Field ( "kinds" , strings . Join ( kinds , "," ) ) , mlog . Field ( "address" , addr ) )
}
ln , err = mox . Listen ( mox . Network ( ip ) , addr )
2023-01-30 16:27:06 +03:00
if err != nil {
change mox to start as root, bind to network sockets, then drop to regular unprivileged mox user
makes it easier to run on bsd's, where you cannot (easily?) let non-root users
bind to ports <1024. starting as root also paves the way for future improvements
with privilege separation.
unfortunately, this requires changes to how you start mox. though mox will help
by automatically fix up dir/file permissions/ownership.
if you start mox from the systemd unit file, you should update it so it starts
as root and adds a few additional capabilities:
# first update the mox binary, then, as root:
./mox config printservice >mox.service
systemctl daemon-reload
systemctl restart mox
journalctl -f -u mox &
# you should see mox start up, with messages about fixing permissions on dirs/files.
if you used the recommended config/ and data/ directory, in a directory just for
mox, and with the mox user called "mox", this should be enough.
if you don't want mox to modify dir/file permissions, set "NoFixPermissions:
true" in mox.conf.
if you named the mox user something else than mox, e.g. "_mox", add "User: _mox"
to mox.conf.
if you created a shared service user as originally suggested, you may want to
get rid of that as it is no longer useful and may get in the way. e.g. if you
had /home/service/mox with a "service" user, that service user can no longer
access any files: only mox and root can.
this also adds scripts for building mox docker images for alpine-supported
platforms.
the "restart" subcommand has been removed. it wasn't all that useful and got in
the way.
and another change: when adding a domain while mtasts isn't enabled, don't add
the per-domain mtasts config, as it would cause failure to add the domain.
based on report from setting up mox on openbsd from mteege.
and based on issue #3. thanks for the feedback!
2023-02-27 14:19:55 +03:00
xlog . Fatalx ( "https: listen" , err , mlog . Field ( "addr" , addr ) )
2023-01-30 16:27:06 +03:00
}
change mox to start as root, bind to network sockets, then drop to regular unprivileged mox user
makes it easier to run on bsd's, where you cannot (easily?) let non-root users
bind to ports <1024. starting as root also paves the way for future improvements
with privilege separation.
unfortunately, this requires changes to how you start mox. though mox will help
by automatically fix up dir/file permissions/ownership.
if you start mox from the systemd unit file, you should update it so it starts
as root and adds a few additional capabilities:
# first update the mox binary, then, as root:
./mox config printservice >mox.service
systemctl daemon-reload
systemctl restart mox
journalctl -f -u mox &
# you should see mox start up, with messages about fixing permissions on dirs/files.
if you used the recommended config/ and data/ directory, in a directory just for
mox, and with the mox user called "mox", this should be enough.
if you don't want mox to modify dir/file permissions, set "NoFixPermissions:
true" in mox.conf.
if you named the mox user something else than mox, e.g. "_mox", add "User: _mox"
to mox.conf.
if you created a shared service user as originally suggested, you may want to
get rid of that as it is no longer useful and may get in the way. e.g. if you
had /home/service/mox with a "service" user, that service user can no longer
access any files: only mox and root can.
this also adds scripts for building mox docker images for alpine-supported
platforms.
the "restart" subcommand has been removed. it wasn't all that useful and got in
the way.
and another change: when adding a domain while mtasts isn't enabled, don't add
the per-domain mtasts config, as it would cause failure to add the domain.
based on report from setting up mox on openbsd from mteege.
and based on issue #3. thanks for the feedback!
2023-02-27 14:19:55 +03:00
ln = tls . NewListener ( ln , tlsConfig )
2023-01-30 16:27:06 +03:00
}
server := & http . Server {
2023-03-01 00:12:27 +03:00
Handler : handler ,
2023-01-30 16:27:06 +03:00
TLSConfig : tlsConfig ,
ErrorLog : golog . New ( mlog . ErrWriter ( xlog . Fields ( mlog . Field ( "pkg" , "net/http" ) ) , mlog . LevelInfo , protocol + " error" ) , "" , 0 ) ,
}
change mox to start as root, bind to network sockets, then drop to regular unprivileged mox user
makes it easier to run on bsd's, where you cannot (easily?) let non-root users
bind to ports <1024. starting as root also paves the way for future improvements
with privilege separation.
unfortunately, this requires changes to how you start mox. though mox will help
by automatically fix up dir/file permissions/ownership.
if you start mox from the systemd unit file, you should update it so it starts
as root and adds a few additional capabilities:
# first update the mox binary, then, as root:
./mox config printservice >mox.service
systemctl daemon-reload
systemctl restart mox
journalctl -f -u mox &
# you should see mox start up, with messages about fixing permissions on dirs/files.
if you used the recommended config/ and data/ directory, in a directory just for
mox, and with the mox user called "mox", this should be enough.
if you don't want mox to modify dir/file permissions, set "NoFixPermissions:
true" in mox.conf.
if you named the mox user something else than mox, e.g. "_mox", add "User: _mox"
to mox.conf.
if you created a shared service user as originally suggested, you may want to
get rid of that as it is no longer useful and may get in the way. e.g. if you
had /home/service/mox with a "service" user, that service user can no longer
access any files: only mox and root can.
this also adds scripts for building mox docker images for alpine-supported
platforms.
the "restart" subcommand has been removed. it wasn't all that useful and got in
the way.
and another change: when adding a domain while mtasts isn't enabled, don't add
the per-domain mtasts config, as it would cause failure to add the domain.
based on report from setting up mox on openbsd from mteege.
and based on issue #3. thanks for the feedback!
2023-02-27 14:19:55 +03:00
serve := func ( ) {
2023-01-30 16:27:06 +03:00
err := server . Serve ( ln )
xlog . Fatalx ( protocol + ": serve" , err )
change mox to start as root, bind to network sockets, then drop to regular unprivileged mox user
makes it easier to run on bsd's, where you cannot (easily?) let non-root users
bind to ports <1024. starting as root also paves the way for future improvements
with privilege separation.
unfortunately, this requires changes to how you start mox. though mox will help
by automatically fix up dir/file permissions/ownership.
if you start mox from the systemd unit file, you should update it so it starts
as root and adds a few additional capabilities:
# first update the mox binary, then, as root:
./mox config printservice >mox.service
systemctl daemon-reload
systemctl restart mox
journalctl -f -u mox &
# you should see mox start up, with messages about fixing permissions on dirs/files.
if you used the recommended config/ and data/ directory, in a directory just for
mox, and with the mox user called "mox", this should be enough.
if you don't want mox to modify dir/file permissions, set "NoFixPermissions:
true" in mox.conf.
if you named the mox user something else than mox, e.g. "_mox", add "User: _mox"
to mox.conf.
if you created a shared service user as originally suggested, you may want to
get rid of that as it is no longer useful and may get in the way. e.g. if you
had /home/service/mox with a "service" user, that service user can no longer
access any files: only mox and root can.
this also adds scripts for building mox docker images for alpine-supported
platforms.
the "restart" subcommand has been removed. it wasn't all that useful and got in
the way.
and another change: when adding a domain while mtasts isn't enabled, don't add
the per-domain mtasts config, as it would cause failure to add the domain.
based on report from setting up mox on openbsd from mteege.
and based on issue #3. thanks for the feedback!
2023-02-27 14:19:55 +03:00
}
servers = append ( servers , serve )
}
// Serve starts serving on the initialized listeners.
func Serve ( ) {
go manageAuthCache ( )
go importManage ( )
for _ , serve := range servers {
go serve ( )
}
servers = nil
2023-03-04 02:49:02 +03:00
go func ( ) {
time . Sleep ( 1 * time . Second )
i := 0
for m , hosts := range ensureManagerHosts {
for host := range hosts {
if i >= 10 {
// Just in case someone adds quite some domains to their config. We don't want to
// hit any ACME rate limits.
return
}
if i > 0 {
// Sleep just a little. We don't want to hammer our ACME provider, e.g. Let's Encrypt.
time . Sleep ( 10 * time . Second )
}
i ++
hello := & tls . ClientHelloInfo {
ServerName : host . ASCII ,
// Make us fetch an ECDSA P256 cert.
// We add TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 to get around the ecDSA check in autocert.
CipherSuites : [ ] uint16 { tls . TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 , tls . TLS_AES_128_GCM_SHA256 } ,
SupportedCurves : [ ] tls . CurveID { tls . CurveP256 } ,
SignatureSchemes : [ ] tls . SignatureScheme { tls . ECDSAWithP256AndSHA256 } ,
SupportedVersions : [ ] uint16 { tls . VersionTLS13 } ,
}
xlog . Print ( "ensuring certificate availability" , mlog . Field ( "hostname" , host ) )
if _ , err := m . Manager . GetCertificate ( hello ) ; err != nil {
xlog . Errorx ( "requesting automatic certificate" , err , mlog . Field ( "hostname" , host ) )
}
}
}
} ( )
2023-01-30 16:27:06 +03:00
}