Multiplex http and ssh ports

2023-03-08 11:27:19 +01:00 · 2023-03-08 11:27:19 +01:00 · f0073a649f
commit f0073a649f
parent 668f1dd193
20 changed files with 188 additions and 29 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -21,6 +21,7 @@ import (
 // Config contains many methods that do not require any interaction with any running components.
 // Methods that require running components are instead store inside the [Distillery] or an appropriate [Component].
 type Config struct {
+	Listen ListenConfig `yaml:"listen" recurse:"true"`
 	Paths  PathsConfig  `yaml:"paths" recurse:"true"`
 	HTTP   HTTPConfig   `yaml:"http" recurse:"true"`
 	Theme  ThemeConfig  `yaml:"theme" recurse:"true"`
@ -37,9 +38,6 @@ type Config struct {
 	// This variable can be used to determine their length.
 	PasswordLength int `yaml:"password_length" default:"64" validate:"positive"`

-	// Public port to use for the ssh server
-	PublicSSHPort uint16 `yaml:"ssh_port" default:"2222" validate:"port"`
-
 	// session secret holds the secret for login
 	SessionSecret string `yaml:"session_secret" validate:"nonempty" sensitive:"true"`

--- a/internal/config/config.yml
+++ b/internal/config/config.yml
@ -1,3 +1,12 @@
+listen:
+    # A list of ports the distillery should accept traffic on.
+    # Each of these ports accepts http, https and ssh traffic via a multiplexer.
+    ports: null
+
+    # The ssh port that is shown to the user in various interfaces.
+    # This port is not automatically included in the ports to listen to.
+    advertise_ssh: null
+
 paths:
    # A WissKI Distillery needs to store a lot of data on disk.
    # This setting defines a root folder all of these will be placed in.
--- a/internal/config/http.go
+++ b/internal/config/http.go
@ -23,6 +23,14 @@ type HTTPConfig struct {
 	CertbotEmail string `yaml:"certbot_email" validate:"email"`
 }

+// TCPMuxCommand generates a command line for the sslh executable.
+func (hcfg HTTPConfig) TCPMuxCommand(addr string, http string, https string, ssh string) string {
+	if hcfg.HTTPSEnabled() {
+		return fmt.Sprintf("-bind %s -http %s -tls %s -rest %s", addr, http, https, ssh)
+	}
+	return fmt.Sprintf("-bind %s -http %s -rest %s", addr, http, ssh)
+}
+
 // HTTPSEnabled returns if the distillery has HTTPS enabled, and false otherwise.
 func (hcfg HTTPConfig) HTTPSEnabled() bool {
 	return hcfg.CertbotEmail != ""
--- a/internal/config/legacy/legacy.go
+++ b/internal/config/legacy/legacy.go
@ -84,7 +84,11 @@ func (legacy *Legacy) Migrate(cfg *config.Config) error {
 	cfg.TS.DataPrefix = legacy.GraphDBRepoPrefix
 	cfg.SQL.Database = legacy.DistilleryDatabase
 	cfg.PasswordLength = legacy.PasswordLength
-	cfg.PublicSSHPort = legacy.PublicSSHPort
+	cfg.Listen.Ports = []uint16{80, legacy.PublicSSHPort}
+	if legacy.CertbotEmail != "" {
+		cfg.Listen.Ports = append(cfg.Listen.Ports, 443)
+	}
+	cfg.Listen.AdvertisedSSHPort = legacy.PublicSSHPort
 	cfg.TS.AdminUsername = legacy.TriplestoreAdminUser
 	cfg.TS.AdminPassword = legacy.TriplestoreAdminPassword
 	cfg.SQL.AdminUsername = legacy.MysqlAdminUser
--- a/internal/config/ports.go
+++ b/internal/config/ports.go
@ -0,0 +1,33 @@
+package config
+
+import (
+	"fmt"
+
+	"golang.org/x/exp/slices"
+)
+
+type ListenConfig struct {
+	// Ports are the public addresses to bind to.
+	// Each address is automatically multiplexed to serve http, https and ssh traffic.
+	// This should typically be port 80 and port 443.
+	Ports []uint16 `yaml:"ports" default:"80" validate:"ports"`
+
+	// AdvertisedSSHPort is the port that shows up as the ssh port in various places in the interface.
+	// It is automaticalled added to the ports to listen to.
+	AdvertisedSSHPort uint16 `yaml:"advertise_ssh" default:"80" validate:"port"`
+}
+
+// ComposePorts returns a list of ports to be used within a docker-compose.yml file.
+// These can be used to forward all ports to the internal port.
+func (lc ListenConfig) ComposePorts(internal string) []string {
+	// sort and uniquify ports
+	ports := append([]uint16{lc.AdvertisedSSHPort}, lc.Ports...)
+	slices.Sort(ports)
+	ports = slices.Compact(ports)
+
+	forwards := make([]string, len(ports))
+	for i, port := range ports {
+		forwards[i] = fmt.Sprintf("%d:%s", port, internal)
+	}
+	return forwards
+}
--- a/internal/config/template.go
+++ b/internal/config/template.go
@ -79,6 +79,10 @@ func (tpl *Template) SetDefaults() (err error) {
 // Generate generates a configuration file for this configuration
 func (tpl Template) Generate() Config {
 	return Config{
+		Listen: ListenConfig{
+			Ports:             []uint16{80},
+			AdvertisedSSHPort: 80,
+		},
 		Paths: PathsConfig{
 			Root:           tpl.RootPath,
 			OverridesJSON:  filepath.Join(tpl.RootPath, bootstrap.OverridesJSON),
@ -114,8 +118,6 @@ func (tpl Template) Generate() Config {
 		MaxBackupAge:   30 * 24 * time.Hour, // 1 month
 		PasswordLength: 64,

-		PublicSSHPort: 2222,
-
 		SessionSecret: tpl.SessionSecret,
 		CronInterval:  10 * time.Minute,
 	}
--- a/internal/config/validators/collection.go
+++ b/internal/config/validators/collection.go
@ -21,6 +21,7 @@ func New() validator.Collection {

 	validator.Add(coll, "positive", ValidatePositive)
 	validator.Add(coll, "port", ValidatePort)
+	validator.AddSlice(coll, "ports", ",", ValidatePort)

 	validator.Add(coll, "duration", ValidateDuration)
 	return coll