systemd activated sockets

deploy/prosody-filer.conf

@@ -0,0 +1,3 @@
+# /usr/lib/sysusers.d/prosody-filer.conf
+#Type   Name        ID  GECOS                           Home dir                Shell
+u   prosody-filer   -   "Prosody file upload server"    /var/lib/prosody-filer

deploy/prosody-filer.nginx.conf

@@ -0,0 +1,31 @@
+upstream prosody-filer {
+    server unix:/run/prosody-filer.sock;
+}
+
+server {
+    listen 80;
+    listen [::]:80;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name uploads.myserver.tld;
+
+    ssl_certificate /etc/letsencrypt/live/uploads.myserver.tld/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/uploads.myserver.tld/privkey.pem;
+
+    client_max_body_size 50m;
+
+    location /upload/ {
+        if ( $request_method = OPTIONS ) {
+            add_header Access-Control-Allow-Origin '*';
+            add_header Access-Control-Allow-Methods 'PUT, GET, OPTIONS, HEAD';
+            add_header Access-Control-Allow-Headers 'Authorization, Content-Type';
+            add_header Access-Control-Allow-Credentials 'true';
+            add_header Content-Length 0;
+            add_header Content-Type text/plain;
+            return 200;
+        }
+
+        proxy_pass http://prosody-filer;
+        proxy_request_buffering off;
+    }
+}

deploy/prosody-filer.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=Prosody file upload server
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/prosody-filer
+Restart=on-failure
+WorkingDirectory=/var/lib/prosody-filer
+User=prosody-filer
+Group=prosody-filer
+# Group=nginx  # if the files should get served by nginx directly:
+
+[Install]
+WantedBy=multi-user.target

deploy/prosody-filer.socket

@@ -0,0 +1,10 @@
+# see systemd.socket(5) for possible options
+[Socket]
+ListenStream=/var/run/prosody-filer.sock
+SocketMode=0660
+SocketUser=prosody-filer
+# if accessed by a reverse proxy, it has to be in this group
+SocketGroup=nginx
+
+[Install]
+WantedBy = sockets.target

prosody-filer.go

@@ -15,15 +15,18 @@ import (
 	"io/ioutil"
 	"log"
 	"mime"
+	"net"
 	"net/http"
 	"net/url"
 	"os"
 	"path"
 	"path/filepath"
 	"strconv"
 	"strings"
+	"sync"
 
 	"github.com/BurntSushi/toml"
+	"github.com/coreos/go-systemd/activation"
 )
 
 /*
@@ -38,6 +41,7 @@ type Config struct {
 
 var conf Config
 var versionString string = "0.0.0"
+
 const ALLOWED_METHODS string = "OPTIONS, HEAD, GET, PUT"
 
 /*
@@ -219,6 +223,31 @@ func main() {
 	subpath := path.Join("/", conf.UploadSubDir)
 	subpath += "/"
 	http.HandleFunc(subpath, handleRequest)
-	log.Printf("Server started on port %s. Waiting for requests.\n", conf.Listenport)
-	http.ListenAndServe(conf.Listenport, nil)
+
+	listeners, err := activation.Listeners()
+	if err == nil && len(listeners) >= 1 {
+		/*
+		 * Listen on systemd activated sockets
+		 */
+		if len(listeners) == 1 {
+			log.Printf("Socket activated by systemd. Waiting for requests.\n")
+		} else {
+			log.Printf("%d sockets activated by systemd. Waiting for requests.\n", len(listeners))
+		}
+		wg := new(sync.WaitGroup)
+		wg.Add(len(listeners))
+		for _, l := range listeners {
+			go func(listener net.Listener) {
+				log.Fatal(http.Serve(listener, nil))
+				wg.Done()
+			}(l)
+		}
+		wg.Wait()
+	} else {
+		/*
+		 * Listen on port
+		 */
+		log.Printf("Server started on port %s. Waiting for requests.\n", conf.Listenport)
+		log.Fatal(http.ListenAndServe(conf.Listenport, nil))
+	}
 }