diff --git a/deploy/prosody-filer.conf b/deploy/prosody-filer.conf new file mode 100644 index 0000000..8f9e4db --- /dev/null +++ b/deploy/prosody-filer.conf @@ -0,0 +1,3 @@ +# /usr/lib/sysusers.d/prosody-filer.conf +#Type Name ID GECOS Home dir Shell +u prosody-filer - "Prosody file upload server" /var/lib/prosody-filer diff --git a/deploy/prosody-filer.nginx.conf b/deploy/prosody-filer.nginx.conf new file mode 100644 index 0000000..5cbbf67 --- /dev/null +++ b/deploy/prosody-filer.nginx.conf @@ -0,0 +1,31 @@ +upstream prosody-filer { + server unix:/run/prosody-filer.sock; +} + +server { + listen 80; + listen [::]:80; + listen 443 ssl; + listen [::]:443 ssl; + server_name uploads.myserver.tld; + + ssl_certificate /etc/letsencrypt/live/uploads.myserver.tld/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/uploads.myserver.tld/privkey.pem; + + client_max_body_size 50m; + + location /upload/ { + if ( $request_method = OPTIONS ) { + add_header Access-Control-Allow-Origin '*'; + add_header Access-Control-Allow-Methods 'PUT, GET, OPTIONS, HEAD'; + add_header Access-Control-Allow-Headers 'Authorization, Content-Type'; + add_header Access-Control-Allow-Credentials 'true'; + add_header Content-Length 0; + add_header Content-Type text/plain; + return 200; + } + + proxy_pass http://prosody-filer; + proxy_request_buffering off; + } +} diff --git a/deploy/prosody-filer.service b/deploy/prosody-filer.service new file mode 100644 index 0000000..1612170 --- /dev/null +++ b/deploy/prosody-filer.service @@ -0,0 +1,15 @@ +[Unit] +Description=Prosody file upload server +After=network.target + +[Service] +Type=simple +ExecStart=/usr/local/bin/prosody-filer +Restart=on-failure +WorkingDirectory=/var/lib/prosody-filer +User=prosody-filer +Group=prosody-filer +# Group=nginx # if the files should get served by nginx directly: + +[Install] +WantedBy=multi-user.target diff --git a/deploy/prosody-filer.socket b/deploy/prosody-filer.socket new file mode 100644 index 0000000..b7a9698 --- /dev/null +++ b/deploy/prosody-filer.socket @@ -0,0 +1,10 @@ +# see systemd.socket(5) for possible options +[Socket] +ListenStream=/var/run/prosody-filer.sock +SocketMode=0660 +SocketUser=prosody-filer +# if accessed by a reverse proxy, it has to be in this group +SocketGroup=nginx + +[Install] +WantedBy = sockets.target diff --git a/prosody-filer.go b/prosody-filer.go index 050d3d8..2fbae93 100644 --- a/prosody-filer.go +++ b/prosody-filer.go @@ -15,6 +15,7 @@ import ( "io/ioutil" "log" "mime" + "net" "net/http" "net/url" "os" @@ -22,8 +23,10 @@ import ( "path/filepath" "strconv" "strings" + "sync" "github.com/BurntSushi/toml" + "github.com/coreos/go-systemd/activation" ) /* @@ -38,6 +41,7 @@ type Config struct { var conf Config var versionString string = "0.0.0" + const ALLOWED_METHODS string = "OPTIONS, HEAD, GET, PUT" /* @@ -219,6 +223,31 @@ func main() { subpath := path.Join("/", conf.UploadSubDir) subpath += "/" http.HandleFunc(subpath, handleRequest) - log.Printf("Server started on port %s. Waiting for requests.\n", conf.Listenport) - http.ListenAndServe(conf.Listenport, nil) + + listeners, err := activation.Listeners() + if err == nil && len(listeners) >= 1 { + /* + * Listen on systemd activated sockets + */ + if len(listeners) == 1 { + log.Printf("Socket activated by systemd. Waiting for requests.\n") + } else { + log.Printf("%d sockets activated by systemd. Waiting for requests.\n", len(listeners)) + } + wg := new(sync.WaitGroup) + wg.Add(len(listeners)) + for _, l := range listeners { + go func(listener net.Listener) { + log.Fatal(http.Serve(listener, nil)) + wg.Done() + }(l) + } + wg.Wait() + } else { + /* + * Listen on port + */ + log.Printf("Server started on port %s. Waiting for requests.\n", conf.Listenport) + log.Fatal(http.ListenAndServe(conf.Listenport, nil)) + } }