From f588299cf8f065c8db1db081f98e2d5669c78213 Mon Sep 17 00:00:00 2001 From: RGBCube Date: Wed, 10 Jan 2024 09:33:30 +0300 Subject: [PATCH] Remove TLS handling --- Cargo.lock | 111 ---------------------------------------------------- Cargo.toml | 2 +- README.md | 22 +---------- flake.nix | 46 +++------------------- src/main.rs | 102 ++++++----------------------------------------- 5 files changed, 20 insertions(+), 263 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2c61f27..5b983ee 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -116,12 +116,6 @@ version = "1.0.79" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "080e9890a082662b09c1ad45f567faeeb47f22b5fb23895fbe1e651e718e25ca" -[[package]] -name = "arc-swap" -version = "1.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bddcadddf5e9015d310179a59bb28c4d4b9920ad0f11e8e14dbadf654890c9a6" - [[package]] name = "async-trait" version = "0.1.77" @@ -213,7 +207,6 @@ version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c1ad46c3ec4e12f4a4b6835e173ba21c25e484c9d02b49770bf006ce5367c036" dependencies = [ - "arc-swap", "bytes", "futures-util", "http", @@ -222,10 +215,7 @@ dependencies = [ "hyper", "hyper-util", "pin-project-lite", - "rustls", - "rustls-pemfile", "tokio", - "tokio-rustls", "tower", "tower-service", ] @@ -245,12 +235,6 @@ dependencies = [ "rustc-demangle", ] -[[package]] -name = "base64" -version = "0.21.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c79fed4cdb43e993fcdadc7e58a09fd0e3e649c4436fa11da71c9f1f3ee7feb9" - [[package]] name = "bitflags" version = "1.3.2" @@ -483,17 +467,6 @@ dependencies = [ "unicode-width", ] -[[package]] -name = "getrandom" -version = "0.2.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" -dependencies = [ - "cfg-if", - "libc", - "wasi", -] - [[package]] name = "gimli" version = "0.28.1" @@ -1020,20 +993,6 @@ version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" -[[package]] -name = "ring" -version = "0.17.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74" -dependencies = [ - "cc", - "getrandom", - "libc", - "spin", - "untrusted", - "windows-sys 0.48.0", -] - [[package]] name = "rustc-demangle" version = "0.1.23" @@ -1053,44 +1012,6 @@ dependencies = [ "windows-sys 0.52.0", ] -[[package]] -name = "rustls" -version = "0.21.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" -dependencies = [ - "log", - "ring", - "rustls-webpki", - "sct", -] - -[[package]] -name = "rustls-pemfile" -version = "2.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35e4980fa29e4c4b212ffb3db068a564cbf560e51d3944b7c88bd8bf5bec64f4" -dependencies = [ - "base64", - "rustls-pki-types", -] - -[[package]] -name = "rustls-pki-types" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e9d979b3ce68192e42760c7810125eb6cf2ea10efae545a156063e61f314e2a" - -[[package]] -name = "rustls-webpki" -version = "0.101.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" -dependencies = [ - "ring", - "untrusted", -] - [[package]] name = "rustversion" version = "1.0.14" @@ -1109,16 +1030,6 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" -[[package]] -name = "sct" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" -dependencies = [ - "ring", - "untrusted", -] - [[package]] name = "serde" version = "1.0.195" @@ -1255,12 +1166,6 @@ dependencies = [ "windows-sys 0.48.0", ] -[[package]] -name = "spin" -version = "0.9.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" - [[package]] name = "strsim" version = "0.10.0" @@ -1323,16 +1228,6 @@ dependencies = [ "syn", ] -[[package]] -name = "tokio-rustls" -version = "0.24.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" -dependencies = [ - "rustls", - "tokio", -] - [[package]] name = "tokio-util" version = "0.7.10" @@ -1474,12 +1369,6 @@ version = "0.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ab4c90930b95a82d00dc9e9ac071b4991924390d46cbd0dfe566148667605e4b" -[[package]] -name = "untrusted" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" - [[package]] name = "utf8parse" version = "0.2.1" diff --git a/Cargo.toml b/Cargo.toml index ea1043b..95d9689 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,7 +11,7 @@ edition = "2021" [dependencies] anyhow = "1.0.77" axum = { version = "0.7.3", features = [ "macros" ] } -axum-server = { version = "0.6.0", features = [ "tls-rustls" ] } +axum-server = { version = "0.6.0" } bytes = "1.5.0" cargo_toml = "0.17.2" chrono = { version = "0.4.31", features = [ "serde" ] } diff --git a/README.md b/README.md index c72e281..e6a0c0e 100644 --- a/README.md +++ b/README.md @@ -18,30 +18,12 @@ Enables the site service. Default: false. -### `services.site.certificate` +### `services.site.port` -The path to the SSL certificate the site will use. - -Default: null. - -### `services.site.key` - -The path to the SSL key the site will use. - -Default: null. - -### `services.site.httpPort` - -Specifies on which port the site service listens for HTTP connections. +Specifies on which port the site service listens for connections. Default: 8080. -### `services.site.httpsPort` - -Specifies on which port the site service listens for HTTPS connections. - -Default: 8443. - ### `services.site.logLevel` Specifies the log level that the site service will log stuff with. diff --git a/flake.nix b/flake.nix index 407d679..a046973 100644 --- a/flake.nix +++ b/flake.nix @@ -109,39 +109,12 @@ services.site = { enable = mkEnableOption (mdDoc "site service"); - certificate = mkOption { - type = types.nullOr types.path; - default = null; - example = "/path/to/cert.pem"; - description = mdDoc '' - The path to the SSL certificate the site will use. - ''; - }; - - key = mkOption { - type = types.nullOr types.path; - default = null; - example = "/path/to/key.pem"; - description = mdDoc '' - The path to the SSL key the site will use. - ''; - }; - - httpPort = mkOption { + port = mkOption { type = types.port; default = 8080; example = 80; description = mdDoc '' - Specifies on which port the site service listens for HTTP connections. - ''; - }; - - httpsPort = mkOption { - type = types.port; - default = 8443; - example = 80; - description = mdDoc '' - Specifies on which port the site service listens for HTTPS connections. + Specifies on which port the site service listens for connections. ''; }; @@ -171,20 +144,11 @@ wantedBy = [ "multi-user.target" ]; serviceConfig = let - arguments = [ - "--http-port" (toString cfg.httpPort) - "--https-port" (toString cfg.httpsPort) - "--log-level" cfg.logLevel - ] ++ (optionals (cfg.certificate != null) [ - "--certificate" cfg.certificate - ]) ++ (optionals (cfg.key != null) [ - "--key" cfg.key - ]); - needsPrivilidges = cfg.httpPort < 1024 || cfg.httpsPort < 1024; + needsPrivilidges = cfg.port < 1024; capabilities = [ "" ] ++ optionals needsPrivilidges [ "CAP_NET_BIND_SERVICE" ]; rootDirectory = "/run/site"; in { - ExecStart = "${self.packages.${pkgs.system}.site}/bin/site " + (concatStringsSep " " arguments); + ExecStart = "${self.packages.${pkgs.system}.site}/bin/site --port ${cfg.port} --log-level ${cfg.logLevel}"; Restart = "always"; DynamicUser = true; RootDirectory = rootDirectory; @@ -222,7 +186,7 @@ }; networking.firewall.allowedTCPPorts = - optionals cfg.openFirewall [ cfg.httpPort cfg.httpsPort ]; + optionals cfg.openFirewall [ cfg.port ]; }; }; }); diff --git a/src/main.rs b/src/main.rs index ba9b89b..3b03692 100644 --- a/src/main.rs +++ b/src/main.rs @@ -7,87 +7,22 @@ mod minify; mod page; mod routes; -use std::{ - net::SocketAddr, - path::PathBuf, -}; +use std::net::SocketAddr; use anyhow::Context; -use axum::{ - extract::Host, - handler::HandlerWithoutStateExt, - http::{ - uri::Scheme, - StatusCode, - Uri, - }, - response::Redirect, - BoxError, - Router, -}; -use axum_server::tls_rustls::RustlsConfig; +use axum::Router; use clap::Parser; use tower_http::trace::TraceLayer; #[derive(Parser, Clone)] #[command(author, version, about)] struct Cli { - /// The HTTP port to listen for connections on + /// The port to listen for connections on #[arg(long, default_value = "8080")] - http_port: u16, - /// The HTTPS port to listen for connections on - #[arg(long, default_value = "8443")] - https_port: u16, + port: u16, /// The log level to log stuff with #[arg(long, default_value = "info")] log_level: log::LevelFilter, - - /// The path to the certificate file - #[arg(long)] - certificate: Option, - /// The path to the key file - #[arg(long)] - key: Option, -} - -async fn redirect_http(args: Cli) { - let http_port = args.http_port.to_string(); - let https_port = args.https_port.to_string(); - - let make_https = move |host: String, uri: Uri| -> Result { - let mut parts = uri.into_parts(); - - parts.scheme = Some(Scheme::HTTPS); - - if parts.path_and_query.is_none() { - parts.path_and_query = Some("/".parse().unwrap()); - } - - let https_host = host.replace(&http_port, &https_port); - parts.authority = Some(https_host.parse()?); - - Ok(Uri::from_parts(parts)?) - }; - - let redirect = move |Host(host): Host, uri: Uri| { - async move { - match make_https(host, uri) { - Ok(uri) => Ok(Redirect::permanent(&uri.to_string())), - Err(error) => { - log::warn!("Failed to convert URI to HTTPS: {error}"); - Err(StatusCode::BAD_REQUEST) - }, - } - } - }; - - let address = SocketAddr::from(([0, 0, 0, 0], args.http_port)); - - axum_server::bind(address) - .serve(redirect.into_make_service()) - .await - .with_context(|| "Failed to run redirect server") - .unwrap(); } #[tokio::main] @@ -100,28 +35,15 @@ async fn main() -> anyhow::Result<()> { .format_timestamp(None) .init(); - let app = Router::new() + let address = SocketAddr::from(([0, 0, 0, 0], args.port)); + + let router = Router::new() .merge(routes::router()) .merge(errors::router()) - .layer(TraceLayer::new_for_http()) - .into_make_service(); + .layer(TraceLayer::new_for_http()); - if let (Some(certificate_path), Some(key_path)) = (&args.certificate, &args.key) { - tokio::spawn(redirect_http(args.clone())); - - let config = RustlsConfig::from_pem_file(certificate_path, key_path) - .await - .with_context(|| "Failed to create TLS configuration from PEM files")?; - - let address = SocketAddr::from(([0, 0, 0, 0], args.https_port)); - - axum_server::bind_rustls(address, config).serve(app).await - } else { - let address = SocketAddr::from(([0, 0, 0, 0], args.http_port)); - - axum_server::bind(address).serve(app).await - } - .with_context(|| "Failed to run main server")?; - - Ok(()) + axum_server::bind(address) + .serve(router.into_make_service()) + .await + .with_context(|| "Failed to run server") }