2020-02-19 12:24:55 +00:00
|
|
|
package home
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"crypto/tls"
|
2021-05-21 12:55:42 +01:00
|
|
|
"io/fs"
|
2020-02-19 12:24:55 +00:00
|
|
|
"net/http"
|
2022-11-02 13:18:02 +00:00
|
|
|
"net/netip"
|
2023-07-26 11:18:44 +01:00
|
|
|
"runtime"
|
2020-02-19 12:24:55 +00:00
|
|
|
"sync"
|
2020-11-25 12:50:59 +00:00
|
|
|
"time"
|
2020-02-19 12:24:55 +00:00
|
|
|
|
2022-09-29 15:36:01 +01:00
|
|
|
"github.com/AdguardTeam/AdGuardHome/internal/aghhttp"
|
2021-03-16 16:42:15 +00:00
|
|
|
"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
|
2023-07-26 11:18:44 +01:00
|
|
|
"github.com/AdguardTeam/AdGuardHome/internal/updater"
|
2021-12-28 14:25:43 +00:00
|
|
|
"github.com/AdguardTeam/golibs/errors"
|
2020-02-19 12:24:55 +00:00
|
|
|
"github.com/AdguardTeam/golibs/log"
|
2021-08-09 14:03:37 +01:00
|
|
|
"github.com/AdguardTeam/golibs/netutil"
|
2023-07-26 11:18:44 +01:00
|
|
|
"github.com/AdguardTeam/golibs/pprofutil"
|
2020-02-19 12:24:55 +00:00
|
|
|
"github.com/NYTimes/gziphandler"
|
2023-02-15 13:53:29 +00:00
|
|
|
"github.com/quic-go/quic-go/http3"
|
2022-09-29 15:36:01 +01:00
|
|
|
"golang.org/x/net/http2"
|
|
|
|
|
"golang.org/x/net/http2/h2c"
|
2021-03-15 11:19:04 +00:00
|
|
|
)
|
|
|
|
|
|
2024-06-05 17:00:28 +01:00
|
|
|
// TODO(a.garipov): Make configurable.
|
2020-11-25 12:50:59 +00:00
|
|
|
const (
|
2021-02-15 12:36:38 +00:00
|
|
|
// readTimeout is the maximum duration for reading the entire request,
|
2020-11-25 12:50:59 +00:00
|
|
|
// including the body.
|
2021-02-15 13:25:44 +00:00
|
|
|
readTimeout = 60 * time.Second
|
2021-02-15 12:36:38 +00:00
|
|
|
// readHdrTimeout is the amount of time allowed to read request headers.
|
2021-02-15 13:25:44 +00:00
|
|
|
readHdrTimeout = 60 * time.Second
|
2021-02-15 12:36:38 +00:00
|
|
|
// writeTimeout is the maximum duration before timing out writes of the
|
2020-11-25 12:50:59 +00:00
|
|
|
// response.
|
2024-06-05 17:00:28 +01:00
|
|
|
writeTimeout = 5 * time.Minute
|
2020-11-25 12:50:59 +00:00
|
|
|
)
|
|
|
|
|
|
2020-12-07 13:04:53 +00:00
|
|
|
type webConfig struct {
|
2023-07-26 11:18:44 +01:00
|
|
|
updater *updater.Updater
|
|
|
|
|
|
2023-02-01 12:41:34 +00:00
|
|
|
clientFS fs.FS
|
2022-06-02 15:55:48 +01:00
|
|
|
|
2023-10-11 15:31:41 +01:00
|
|
|
// BindAddr is the binding address with port for plain HTTP web interface.
|
|
|
|
|
BindAddr netip.AddrPort
|
2020-11-25 12:50:59 +00:00
|
|
|
|
|
|
|
|
// ReadTimeout is an option to pass to http.Server for setting an
|
|
|
|
|
// appropriate field.
|
|
|
|
|
ReadTimeout time.Duration
|
|
|
|
|
|
|
|
|
|
// ReadHeaderTimeout is an option to pass to http.Server for setting an
|
|
|
|
|
// appropriate field.
|
|
|
|
|
ReadHeaderTimeout time.Duration
|
|
|
|
|
|
|
|
|
|
// WriteTimeout is an option to pass to http.Server for setting an
|
|
|
|
|
// appropriate field.
|
|
|
|
|
WriteTimeout time.Duration
|
2022-06-02 15:55:48 +01:00
|
|
|
|
|
|
|
|
firstRun bool
|
2022-10-03 16:52:20 +01:00
|
|
|
|
2023-07-26 11:18:44 +01:00
|
|
|
// disableUpdate, if true, tells AdGuard Home to not check for updates.
|
|
|
|
|
disableUpdate bool
|
|
|
|
|
|
|
|
|
|
// runningAsService flag is set to true when options are passed from the
|
|
|
|
|
// service runner.
|
|
|
|
|
runningAsService bool
|
|
|
|
|
|
2022-10-03 16:52:20 +01:00
|
|
|
serveHTTP3 bool
|
2020-02-19 12:24:55 +00:00
|
|
|
}
|
|
|
|
|
|
2022-10-03 16:52:20 +01:00
|
|
|
// httpsServer contains the data for the HTTPS server.
|
|
|
|
|
type httpsServer struct {
|
|
|
|
|
// server is the pre-HTTP/3 HTTPS server.
|
|
|
|
|
server *http.Server
|
|
|
|
|
// server3 is the HTTP/3 HTTPS server. If it is not nil,
|
|
|
|
|
// [httpsServer.server] must also be non-nil.
|
|
|
|
|
server3 *http3.Server
|
|
|
|
|
|
|
|
|
|
// TODO(a.garipov): Why is there a *sync.Cond here? Remove.
|
|
|
|
|
cond *sync.Cond
|
|
|
|
|
condLock sync.Mutex
|
|
|
|
|
cert tls.Certificate
|
|
|
|
|
inShutdown bool
|
|
|
|
|
enabled bool
|
2020-02-19 12:24:55 +00:00
|
|
|
}
|
|
|
|
|
|
2023-04-12 12:48:42 +01:00
|
|
|
// webAPI is the web UI and API server.
|
|
|
|
|
type webAPI struct {
|
2022-10-03 16:52:20 +01:00
|
|
|
conf *webConfig
|
|
|
|
|
|
|
|
|
|
// TODO(a.garipov): Refactor all these servers.
|
|
|
|
|
httpServer *http.Server
|
|
|
|
|
|
|
|
|
|
// httpsServer is the server that handles HTTPS traffic. If it is not nil,
|
|
|
|
|
// [Web.http3Server] must also not be nil.
|
|
|
|
|
httpsServer httpsServer
|
2020-02-19 12:24:55 +00:00
|
|
|
}
|
|
|
|
|
|
2023-04-12 12:48:42 +01:00
|
|
|
// newWebAPI creates a new instance of the web UI and API server.
|
|
|
|
|
func newWebAPI(conf *webConfig) (w *webAPI) {
|
2022-10-03 16:52:20 +01:00
|
|
|
log.Info("web: initializing")
|
2020-04-15 13:17:57 +01:00
|
|
|
|
2023-04-12 12:48:42 +01:00
|
|
|
w = &webAPI{
|
2022-10-03 16:52:20 +01:00
|
|
|
conf: conf,
|
|
|
|
|
}
|
2020-02-19 12:24:55 +00:00
|
|
|
|
2021-05-21 12:55:42 +01:00
|
|
|
clientFS := http.FileServer(http.FS(conf.clientFS))
|
2020-02-19 12:24:55 +00:00
|
|
|
|
|
|
|
|
// if not configured, redirect / to /install.html, otherwise redirect /install.html to /
|
2021-05-21 12:55:42 +01:00
|
|
|
Context.mux.Handle("/", withMiddlewares(clientFS, gziphandler.GzipHandler, optionalAuthHandler, postInstallHandler))
|
2020-02-19 12:24:55 +00:00
|
|
|
|
|
|
|
|
// add handlers for /install paths, we only need them when we're not configured yet
|
|
|
|
|
if conf.firstRun {
|
|
|
|
|
log.Info("This is the first launch of AdGuard Home, redirecting everything to /install.html ")
|
2021-05-21 12:55:42 +01:00
|
|
|
Context.mux.Handle("/install.html", preInstallHandler(clientFS))
|
2020-02-19 12:24:55 +00:00
|
|
|
w.registerInstallHandlers()
|
|
|
|
|
} else {
|
2023-07-26 11:18:44 +01:00
|
|
|
registerControlHandlers(w)
|
2020-02-19 12:24:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
w.httpsServer.cond = sync.NewCond(&w.httpsServer.condLock)
|
2022-10-03 16:52:20 +01:00
|
|
|
|
|
|
|
|
return w
|
2020-02-19 12:24:55 +00:00
|
|
|
}
|
|
|
|
|
|
2022-10-03 16:52:20 +01:00
|
|
|
// webCheckPortAvailable checks if port, which is considered an HTTPS port, is
|
|
|
|
|
// available, unless the HTTPS server isn't active.
|
|
|
|
|
//
|
|
|
|
|
// TODO(a.garipov): Adapt for HTTP/3.
|
2023-10-11 15:31:41 +01:00
|
|
|
func webCheckPortAvailable(port uint16) (ok bool) {
|
2022-11-02 13:18:02 +00:00
|
|
|
if Context.web.httpsServer.server != nil {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-11 15:31:41 +01:00
|
|
|
addrPort := netip.AddrPortFrom(config.HTTPConfig.Address.Addr(), port)
|
2023-07-03 12:10:40 +01:00
|
|
|
|
|
|
|
|
return aghnet.CheckPort("tcp", addrPort) == nil
|
2020-02-19 12:24:55 +00:00
|
|
|
}
|
|
|
|
|
|
2023-04-12 12:48:42 +01:00
|
|
|
// tlsConfigChanged updates the TLS configuration and restarts the HTTPS server
|
2021-01-26 16:44:19 +00:00
|
|
|
// if necessary.
|
2023-04-12 12:48:42 +01:00
|
|
|
func (web *webAPI) tlsConfigChanged(ctx context.Context, tlsConf tlsConfigSettings) {
|
2022-10-03 16:52:20 +01:00
|
|
|
log.Debug("web: applying new tls configuration")
|
2020-02-19 12:24:55 +00:00
|
|
|
|
|
|
|
|
enabled := tlsConf.Enabled &&
|
|
|
|
|
tlsConf.PortHTTPS != 0 &&
|
|
|
|
|
len(tlsConf.PrivateKeyData) != 0 &&
|
|
|
|
|
len(tlsConf.CertificateChainData) != 0
|
|
|
|
|
var cert tls.Certificate
|
|
|
|
|
var err error
|
|
|
|
|
if enabled {
|
|
|
|
|
cert, err = tls.X509KeyPair(tlsConf.CertificateChainData, tlsConf.PrivateKeyData)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatal(err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-05 16:34:43 +01:00
|
|
|
web.httpsServer.cond.L.Lock()
|
|
|
|
|
if web.httpsServer.server != nil {
|
2021-03-12 11:32:08 +00:00
|
|
|
var cancel context.CancelFunc
|
|
|
|
|
ctx, cancel = context.WithTimeout(ctx, shutdownTimeout)
|
2021-12-06 14:26:43 +00:00
|
|
|
shutdownSrv(ctx, web.httpsServer.server)
|
2022-10-03 16:52:20 +01:00
|
|
|
shutdownSrv3(web.httpsServer.server3)
|
|
|
|
|
|
2021-12-06 14:26:43 +00:00
|
|
|
cancel()
|
2020-02-19 12:24:55 +00:00
|
|
|
}
|
2021-03-12 11:32:08 +00:00
|
|
|
|
2020-04-05 16:34:43 +01:00
|
|
|
web.httpsServer.enabled = enabled
|
|
|
|
|
web.httpsServer.cert = cert
|
|
|
|
|
web.httpsServer.cond.Broadcast()
|
|
|
|
|
web.httpsServer.cond.L.Unlock()
|
2020-02-19 12:24:55 +00:00
|
|
|
}
|
|
|
|
|
|
2023-04-12 12:48:42 +01:00
|
|
|
// start - start serving HTTP requests
|
|
|
|
|
func (web *webAPI) start() {
|
2021-06-01 19:06:55 +01:00
|
|
|
log.Println("AdGuard Home is available at the following addresses:")
|
|
|
|
|
|
2020-02-19 12:24:55 +00:00
|
|
|
// for https, we have a separate goroutine loop
|
2020-05-27 10:17:05 +01:00
|
|
|
go web.tlsServerLoop()
|
2020-02-19 12:24:55 +00:00
|
|
|
|
|
|
|
|
// this loop is used as an ability to change listening host and/or port
|
2022-10-03 16:52:20 +01:00
|
|
|
for !web.httpsServer.inShutdown {
|
2022-09-29 15:36:01 +01:00
|
|
|
printHTTPAddresses(aghhttp.SchemeHTTP)
|
2020-12-29 16:53:56 +00:00
|
|
|
errs := make(chan error, 2)
|
2020-02-19 12:24:55 +00:00
|
|
|
|
2022-09-29 15:36:01 +01:00
|
|
|
// Use an h2c handler to support unencrypted HTTP/2, e.g. for proxies.
|
|
|
|
|
hdlr := h2c.NewHandler(withMiddlewares(Context.mux, limitRequestBody), &http2.Server{})
|
|
|
|
|
|
|
|
|
|
// Create a new instance, because the Web is not usable after Shutdown.
|
2020-04-05 16:34:43 +01:00
|
|
|
web.httpServer = &http.Server{
|
2021-04-16 08:32:41 +01:00
|
|
|
ErrorLog: log.StdLog("web: plain", log.DEBUG),
|
2023-10-11 15:31:41 +01:00
|
|
|
Addr: web.conf.BindAddr.String(),
|
2022-09-29 15:36:01 +01:00
|
|
|
Handler: hdlr,
|
2020-11-25 12:50:59 +00:00
|
|
|
ReadTimeout: web.conf.ReadTimeout,
|
|
|
|
|
ReadHeaderTimeout: web.conf.ReadHeaderTimeout,
|
|
|
|
|
WriteTimeout: web.conf.WriteTimeout,
|
2020-02-19 12:24:55 +00:00
|
|
|
}
|
2020-12-29 16:53:56 +00:00
|
|
|
go func() {
|
2021-12-28 14:25:43 +00:00
|
|
|
defer log.OnPanic("web: plain")
|
|
|
|
|
|
2020-12-29 16:53:56 +00:00
|
|
|
errs <- web.httpServer.ListenAndServe()
|
|
|
|
|
}()
|
|
|
|
|
|
|
|
|
|
err := <-errs
|
2021-12-28 14:25:43 +00:00
|
|
|
if !errors.Is(err, http.ErrServerClosed) {
|
2020-02-19 12:24:55 +00:00
|
|
|
cleanupAlways()
|
|
|
|
|
log.Fatal(err)
|
|
|
|
|
}
|
2021-12-28 14:25:43 +00:00
|
|
|
|
|
|
|
|
// We use ErrServerClosed as a sign that we need to rebind on a new
|
|
|
|
|
// address, so go back to the start of the loop.
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-04-12 12:48:42 +01:00
|
|
|
// close gracefully shuts down the HTTP servers.
|
|
|
|
|
func (web *webAPI) close(ctx context.Context) {
|
2021-03-12 11:32:08 +00:00
|
|
|
log.Info("stopping http server...")
|
|
|
|
|
|
2020-04-05 16:34:43 +01:00
|
|
|
web.httpsServer.cond.L.Lock()
|
2022-10-03 16:52:20 +01:00
|
|
|
web.httpsServer.inShutdown = true
|
2020-04-05 16:34:43 +01:00
|
|
|
web.httpsServer.cond.L.Unlock()
|
2021-01-26 16:44:19 +00:00
|
|
|
|
2021-03-12 11:32:08 +00:00
|
|
|
var cancel context.CancelFunc
|
|
|
|
|
ctx, cancel = context.WithTimeout(ctx, shutdownTimeout)
|
2021-12-06 14:26:43 +00:00
|
|
|
defer cancel()
|
2020-02-19 12:24:55 +00:00
|
|
|
|
2021-12-06 14:26:43 +00:00
|
|
|
shutdownSrv(ctx, web.httpsServer.server)
|
2022-10-03 16:52:20 +01:00
|
|
|
shutdownSrv3(web.httpsServer.server3)
|
2021-12-06 14:26:43 +00:00
|
|
|
shutdownSrv(ctx, web.httpServer)
|
2021-01-26 16:44:19 +00:00
|
|
|
|
2021-03-12 11:32:08 +00:00
|
|
|
log.Info("stopped http server")
|
2020-02-19 12:24:55 +00:00
|
|
|
}
|
|
|
|
|
|
2023-04-12 12:48:42 +01:00
|
|
|
func (web *webAPI) tlsServerLoop() {
|
2020-02-19 12:24:55 +00:00
|
|
|
for {
|
2020-04-05 16:34:43 +01:00
|
|
|
web.httpsServer.cond.L.Lock()
|
2022-10-03 16:52:20 +01:00
|
|
|
if web.httpsServer.inShutdown {
|
2020-04-05 16:34:43 +01:00
|
|
|
web.httpsServer.cond.L.Unlock()
|
2020-02-19 12:24:55 +00:00
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// this mechanism doesn't let us through until all conditions are met
|
2020-04-05 16:34:43 +01:00
|
|
|
for !web.httpsServer.enabled { // sleep until necessary data is supplied
|
|
|
|
|
web.httpsServer.cond.Wait()
|
2022-10-03 16:52:20 +01:00
|
|
|
if web.httpsServer.inShutdown {
|
2020-04-05 16:34:43 +01:00
|
|
|
web.httpsServer.cond.L.Unlock()
|
2020-02-19 12:24:55 +00:00
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-05 16:34:43 +01:00
|
|
|
web.httpsServer.cond.L.Unlock()
|
2020-02-19 12:24:55 +00:00
|
|
|
|
2023-10-11 15:31:41 +01:00
|
|
|
var portHTTPS uint16
|
2023-04-12 12:48:42 +01:00
|
|
|
func() {
|
|
|
|
|
config.RLock()
|
|
|
|
|
defer config.RUnlock()
|
|
|
|
|
|
|
|
|
|
portHTTPS = config.TLS.PortHTTPS
|
|
|
|
|
}()
|
|
|
|
|
|
2023-10-11 15:31:41 +01:00
|
|
|
addr := netip.AddrPortFrom(web.conf.BindAddr.Addr(), portHTTPS).String()
|
2020-04-05 16:34:43 +01:00
|
|
|
web.httpsServer.server = &http.Server{
|
2020-12-07 13:04:53 +00:00
|
|
|
ErrorLog: log.StdLog("web: https", log.DEBUG),
|
2022-10-03 16:52:20 +01:00
|
|
|
Addr: addr,
|
2020-02-19 12:24:55 +00:00
|
|
|
TLSConfig: &tls.Config{
|
2020-04-05 16:34:43 +01:00
|
|
|
Certificates: []tls.Certificate{web.httpsServer.cert},
|
2020-02-19 12:24:55 +00:00
|
|
|
RootCAs: Context.tlsRoots,
|
2022-11-02 13:18:02 +00:00
|
|
|
CipherSuites: Context.tlsCipherIDs,
|
2022-09-29 15:36:01 +01:00
|
|
|
MinVersion: tls.VersionTLS12,
|
2020-02-19 12:24:55 +00:00
|
|
|
},
|
2021-02-11 11:10:42 +00:00
|
|
|
Handler: withMiddlewares(Context.mux, limitRequestBody),
|
2020-11-25 12:50:59 +00:00
|
|
|
ReadTimeout: web.conf.ReadTimeout,
|
|
|
|
|
ReadHeaderTimeout: web.conf.ReadHeaderTimeout,
|
|
|
|
|
WriteTimeout: web.conf.WriteTimeout,
|
2020-02-19 12:24:55 +00:00
|
|
|
}
|
|
|
|
|
|
2022-09-29 15:36:01 +01:00
|
|
|
printHTTPAddresses(aghhttp.SchemeHTTPS)
|
2022-10-03 16:52:20 +01:00
|
|
|
|
|
|
|
|
if web.conf.serveHTTP3 {
|
|
|
|
|
go web.mustStartHTTP3(addr)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
log.Debug("web: starting https server")
|
2020-04-05 16:34:43 +01:00
|
|
|
err := web.httpsServer.server.ListenAndServeTLS("", "")
|
2022-10-03 16:52:20 +01:00
|
|
|
if !errors.Is(err, http.ErrServerClosed) {
|
2020-02-19 12:24:55 +00:00
|
|
|
cleanupAlways()
|
2022-10-03 16:52:20 +01:00
|
|
|
log.Fatalf("web: https: %s", err)
|
2020-02-19 12:24:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-10-03 16:52:20 +01:00
|
|
|
|
2023-04-12 12:48:42 +01:00
|
|
|
func (web *webAPI) mustStartHTTP3(address string) {
|
2022-10-03 16:52:20 +01:00
|
|
|
defer log.OnPanic("web: http3")
|
|
|
|
|
|
|
|
|
|
web.httpsServer.server3 = &http3.Server{
|
|
|
|
|
// TODO(a.garipov): See if there is a way to use the error log as
|
|
|
|
|
// well as timeouts here.
|
|
|
|
|
Addr: address,
|
|
|
|
|
TLSConfig: &tls.Config{
|
|
|
|
|
Certificates: []tls.Certificate{web.httpsServer.cert},
|
|
|
|
|
RootCAs: Context.tlsRoots,
|
2022-11-02 13:18:02 +00:00
|
|
|
CipherSuites: Context.tlsCipherIDs,
|
2022-10-03 16:52:20 +01:00
|
|
|
MinVersion: tls.VersionTLS12,
|
|
|
|
|
},
|
|
|
|
|
Handler: withMiddlewares(Context.mux, limitRequestBody),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
log.Debug("web: starting http/3 server")
|
|
|
|
|
err := web.httpsServer.server3.ListenAndServe()
|
2023-07-26 11:18:44 +01:00
|
|
|
if !errors.Is(err, http.ErrServerClosed) {
|
2022-10-03 16:52:20 +01:00
|
|
|
cleanupAlways()
|
|
|
|
|
log.Fatalf("web: http3: %s", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-07-26 11:18:44 +01:00
|
|
|
|
2023-09-07 15:13:48 +01:00
|
|
|
// startPprof launches the debug and profiling server on the provided port.
|
|
|
|
|
func startPprof(port uint16) {
|
|
|
|
|
addr := netip.AddrPortFrom(netutil.IPv4Localhost(), port)
|
|
|
|
|
|
2023-07-26 11:18:44 +01:00
|
|
|
runtime.SetBlockProfileRate(1)
|
|
|
|
|
runtime.SetMutexProfileFraction(1)
|
|
|
|
|
|
|
|
|
|
mux := http.NewServeMux()
|
|
|
|
|
pprofutil.RoutePprof(mux)
|
|
|
|
|
|
|
|
|
|
go func() {
|
|
|
|
|
defer log.OnPanic("pprof server")
|
|
|
|
|
|
|
|
|
|
log.Info("pprof: listening on %q", addr)
|
2023-09-07 15:13:48 +01:00
|
|
|
err := http.ListenAndServe(addr.String(), mux)
|
2023-07-26 11:18:44 +01:00
|
|
|
if !errors.Is(err, http.ErrServerClosed) {
|
|
|
|
|
log.Error("pprof: shutting down: %s", err)
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
}
|
