aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/dendrite-appservice-server/main.go4
-rw-r--r--cmd/dendrite-edu-server/main.go4
-rw-r--r--cmd/dendrite-federation-sender-server/main.go4
-rw-r--r--cmd/dendrite-key-server/main.go4
-rw-r--r--cmd/dendrite-monolith-server/main.go37
-rw-r--r--cmd/dendrite-room-server/main.go4
-rw-r--r--cmd/dendrite-signing-key-server/main.go2
-rw-r--r--cmd/dendrite-user-api-server/main.go4
-rw-r--r--internal/setup/base.go59
9 files changed, 64 insertions, 58 deletions
diff --git a/cmd/dendrite-appservice-server/main.go b/cmd/dendrite-appservice-server/main.go
index 72b243e2..6adbdb17 100644
--- a/cmd/dendrite-appservice-server/main.go
+++ b/cmd/dendrite-appservice-server/main.go
@@ -31,8 +31,8 @@ func main() {
appservice.AddInternalRoutes(base.InternalAPIMux, intAPI)
base.SetupAndServeHTTP(
- base.Cfg.AppServiceAPI.InternalAPI.Listen,
- setup.NoExternalListener,
+ base.Cfg.AppServiceAPI.InternalAPI.Listen, // internal listener
+ setup.NoListener, // external listener
nil, nil,
)
}
diff --git a/cmd/dendrite-edu-server/main.go b/cmd/dendrite-edu-server/main.go
index e0956619..3a34b9a6 100644
--- a/cmd/dendrite-edu-server/main.go
+++ b/cmd/dendrite-edu-server/main.go
@@ -34,8 +34,8 @@ func main() {
eduserver.AddInternalRoutes(base.InternalAPIMux, intAPI)
base.SetupAndServeHTTP(
- base.Cfg.EDUServer.InternalAPI.Listen,
- setup.NoExternalListener,
+ base.Cfg.EDUServer.InternalAPI.Listen, // internal listener
+ setup.NoListener, // external listener
nil, nil,
)
}
diff --git a/cmd/dendrite-federation-sender-server/main.go b/cmd/dendrite-federation-sender-server/main.go
index 07380bb0..99b416c4 100644
--- a/cmd/dendrite-federation-sender-server/main.go
+++ b/cmd/dendrite-federation-sender-server/main.go
@@ -36,8 +36,8 @@ func main() {
federationsender.AddInternalRoutes(base.InternalAPIMux, fsAPI)
base.SetupAndServeHTTP(
- base.Cfg.FederationSender.InternalAPI.Listen,
- setup.NoExternalListener,
+ base.Cfg.FederationSender.InternalAPI.Listen, // internal listener
+ setup.NoListener, // external listener
nil, nil,
)
}
diff --git a/cmd/dendrite-key-server/main.go b/cmd/dendrite-key-server/main.go
index 2110b216..92d18ac3 100644
--- a/cmd/dendrite-key-server/main.go
+++ b/cmd/dendrite-key-server/main.go
@@ -30,8 +30,8 @@ func main() {
keyserver.AddInternalRoutes(base.InternalAPIMux, intAPI)
base.SetupAndServeHTTP(
- base.Cfg.KeyServer.InternalAPI.Listen,
- setup.NoExternalListener,
+ base.Cfg.KeyServer.InternalAPI.Listen, // internal listener
+ setup.NoListener, // external listener
nil, nil,
)
}
diff --git a/cmd/dendrite-monolith-server/main.go b/cmd/dendrite-monolith-server/main.go
index c50c0c21..0fe70ca8 100644
--- a/cmd/dendrite-monolith-server/main.go
+++ b/cmd/dendrite-monolith-server/main.go
@@ -29,11 +29,13 @@ import (
"github.com/matrix-org/dendrite/roomserver/api"
"github.com/matrix-org/dendrite/signingkeyserver"
"github.com/matrix-org/dendrite/userapi"
+ "github.com/sirupsen/logrus"
)
var (
httpBindAddr = flag.String("http-bind-address", ":8008", "The HTTP listening port for the server")
httpsBindAddr = flag.String("https-bind-address", ":8448", "The HTTPS listening port for the server")
+ apiBindAddr = flag.String("api-bind-address", "localhost:18008", "The HTTP listening port for the internal HTTP APIs (if -api is enabled)")
certFile = flag.String("tls-cert", "", "The PEM formatted X509 certificate to use for TLS")
keyFile = flag.String("tls-key", "", "The PEM private key to use for TLS")
enableHTTPAPIs = flag.Bool("api", false, "Use HTTP APIs instead of short-circuiting (warning: exposes API endpoints!)")
@@ -44,22 +46,25 @@ func main() {
cfg := setup.ParseFlags(true)
httpAddr := config.HTTPAddress("http://" + *httpBindAddr)
httpsAddr := config.HTTPAddress("https://" + *httpsBindAddr)
+ httpAPIAddr := httpAddr
if *enableHTTPAPIs {
+ logrus.Warnf("DANGER! The -api option is enabled, exposing internal APIs on %q!", *apiBindAddr)
+ httpAPIAddr = config.HTTPAddress("http://" + *apiBindAddr)
// If the HTTP APIs are enabled then we need to update the Listen
// statements in the configuration so that we know where to find
// the API endpoints. They'll listen on the same port as the monolith
// itself.
- cfg.AppServiceAPI.InternalAPI.Connect = httpAddr
- cfg.ClientAPI.InternalAPI.Connect = httpAddr
- cfg.EDUServer.InternalAPI.Connect = httpAddr
- cfg.FederationAPI.InternalAPI.Connect = httpAddr
- cfg.FederationSender.InternalAPI.Connect = httpAddr
- cfg.KeyServer.InternalAPI.Connect = httpAddr
- cfg.MediaAPI.InternalAPI.Connect = httpAddr
- cfg.RoomServer.InternalAPI.Connect = httpAddr
- cfg.SigningKeyServer.InternalAPI.Connect = httpAddr
- cfg.SyncAPI.InternalAPI.Connect = httpAddr
+ cfg.AppServiceAPI.InternalAPI.Connect = httpAPIAddr
+ cfg.ClientAPI.InternalAPI.Connect = httpAPIAddr
+ cfg.EDUServer.InternalAPI.Connect = httpAPIAddr
+ cfg.FederationAPI.InternalAPI.Connect = httpAPIAddr
+ cfg.FederationSender.InternalAPI.Connect = httpAPIAddr
+ cfg.KeyServer.InternalAPI.Connect = httpAPIAddr
+ cfg.MediaAPI.InternalAPI.Connect = httpAPIAddr
+ cfg.RoomServer.InternalAPI.Connect = httpAPIAddr
+ cfg.SigningKeyServer.InternalAPI.Connect = httpAPIAddr
+ cfg.SyncAPI.InternalAPI.Connect = httpAPIAddr
}
base := setup.NewBaseDendrite(cfg, "Monolith", *enableHTTPAPIs)
@@ -148,18 +153,18 @@ func main() {
// Expose the matrix APIs directly rather than putting them under a /api path.
go func() {
base.SetupAndServeHTTP(
- config.HTTPAddress(httpAddr), // internal API
- config.HTTPAddress(httpAddr), // external API
- nil, nil, // TLS settings
+ httpAPIAddr, // internal API
+ httpAddr, // external API
+ nil, nil, // TLS settings
)
}()
// Handle HTTPS if certificate and key are provided
if *certFile != "" && *keyFile != "" {
go func() {
base.SetupAndServeHTTP(
- config.HTTPAddress(httpsAddr), // internal API
- config.HTTPAddress(httpsAddr), // external API
- certFile, keyFile, // TLS settings
+ setup.NoListener, // internal API
+ httpsAddr, // external API
+ certFile, keyFile, // TLS settings
)
}()
}
diff --git a/cmd/dendrite-room-server/main.go b/cmd/dendrite-room-server/main.go
index c61368bf..d3f14574 100644
--- a/cmd/dendrite-room-server/main.go
+++ b/cmd/dendrite-room-server/main.go
@@ -33,8 +33,8 @@ func main() {
roomserver.AddInternalRoutes(base.InternalAPIMux, rsAPI)
base.SetupAndServeHTTP(
- base.Cfg.RoomServer.InternalAPI.Listen,
- setup.NoExternalListener,
+ base.Cfg.RoomServer.InternalAPI.Listen, // internal listener
+ setup.NoListener, // external listener
nil, nil,
)
}
diff --git a/cmd/dendrite-signing-key-server/main.go b/cmd/dendrite-signing-key-server/main.go
index 003bd755..a4d48d36 100644
--- a/cmd/dendrite-signing-key-server/main.go
+++ b/cmd/dendrite-signing-key-server/main.go
@@ -31,7 +31,7 @@ func main() {
base.SetupAndServeHTTP(
base.Cfg.SigningKeyServer.InternalAPI.Listen,
- setup.NoExternalListener,
+ setup.NoListener,
nil, nil,
)
}
diff --git a/cmd/dendrite-user-api-server/main.go b/cmd/dendrite-user-api-server/main.go
index c8e2e2a3..fb65fefb 100644
--- a/cmd/dendrite-user-api-server/main.go
+++ b/cmd/dendrite-user-api-server/main.go
@@ -31,8 +31,8 @@ func main() {
userapi.AddInternalRoutes(base.InternalAPIMux, userAPI)
base.SetupAndServeHTTP(
- base.Cfg.UserAPI.InternalAPI.Listen,
- setup.NoExternalListener,
+ base.Cfg.UserAPI.InternalAPI.Listen, // internal listener
+ setup.NoListener, // external listener
nil, nil,
)
}
diff --git a/internal/setup/base.go b/internal/setup/base.go
index 6a0a8bbd..77fdb04a 100644
--- a/internal/setup/base.go
+++ b/internal/setup/base.go
@@ -80,7 +80,7 @@ type BaseDendrite struct {
const HTTPServerTimeout = time.Minute * 5
const HTTPClientTimeout = time.Second * 30
-const NoExternalListener = ""
+const NoListener = ""
// NewBaseDendrite creates a new instance to be used by a component.
// The componentName is used for logging purposes, and should be a friendly name
@@ -272,22 +272,21 @@ func (b *BaseDendrite) SetupAndServeHTTP(
internalAddr, _ := internalHTTPAddr.Address()
externalAddr, _ := externalHTTPAddr.Address()
- internalRouter := mux.NewRouter().SkipClean(true).UseEncodedPath()
- externalRouter := internalRouter
+ externalRouter := mux.NewRouter().SkipClean(true).UseEncodedPath()
+ internalRouter := externalRouter
- internalServ := &http.Server{
- Addr: string(internalAddr),
+ externalServ := &http.Server{
+ Addr: string(externalAddr),
WriteTimeout: HTTPServerTimeout,
- Handler: internalRouter,
+ Handler: externalRouter,
}
- externalServ := internalServ
-
- if externalAddr != NoExternalListener && externalAddr != internalAddr {
- externalRouter = mux.NewRouter().SkipClean(true).UseEncodedPath()
- externalServ = &http.Server{
- Addr: string(externalAddr),
- WriteTimeout: HTTPServerTimeout,
- Handler: externalRouter,
+ internalServ := externalServ
+
+ if internalAddr != NoListener && externalAddr != internalAddr {
+ internalRouter = mux.NewRouter().SkipClean(true).UseEncodedPath()
+ internalServ = &http.Server{
+ Addr: string(internalAddr),
+ Handler: internalRouter,
}
}
@@ -301,23 +300,25 @@ func (b *BaseDendrite) SetupAndServeHTTP(
externalRouter.PathPrefix(httputil.PublicFederationPathPrefix).Handler(b.PublicFederationAPIMux)
externalRouter.PathPrefix(httputil.PublicMediaPathPrefix).Handler(b.PublicMediaAPIMux)
- go func() {
- logrus.Infof("Starting %s listener on %s", b.componentName, internalServ.Addr)
- if certFile != nil && keyFile != nil {
- if err := internalServ.ListenAndServeTLS(*certFile, *keyFile); err != nil {
- logrus.WithError(err).Fatal("failed to serve HTTPS")
- }
- } else {
- if err := internalServ.ListenAndServe(); err != nil {
- logrus.WithError(err).Fatal("failed to serve HTTP")
+ if internalAddr != NoListener && internalAddr != externalAddr {
+ go func() {
+ logrus.Infof("Starting internal %s listener on %s", b.componentName, internalServ.Addr)
+ if certFile != nil && keyFile != nil {
+ if err := internalServ.ListenAndServeTLS(*certFile, *keyFile); err != nil {
+ logrus.WithError(err).Fatal("failed to serve HTTPS")
+ }
+ } else {
+ if err := internalServ.ListenAndServe(); err != nil {
+ logrus.WithError(err).Fatal("failed to serve HTTP")
+ }
}
- }
- logrus.Infof("Stopped %s listener on %s", b.componentName, internalServ.Addr)
- }()
+ logrus.Infof("Stopped internal %s listener on %s", b.componentName, internalServ.Addr)
+ }()
+ }
- if externalAddr != NoExternalListener && internalAddr != externalAddr {
+ if externalAddr != NoListener {
go func() {
- logrus.Infof("Starting %s listener on %s", b.componentName, externalServ.Addr)
+ logrus.Infof("Starting external %s listener on %s", b.componentName, externalServ.Addr)
if certFile != nil && keyFile != nil {
if err := externalServ.ListenAndServeTLS(*certFile, *keyFile); err != nil {
logrus.WithError(err).Fatal("failed to serve HTTPS")
@@ -327,7 +328,7 @@ func (b *BaseDendrite) SetupAndServeHTTP(
logrus.WithError(err).Fatal("failed to serve HTTP")
}
}
- logrus.Infof("Stopped %s listener on %s", b.componentName, externalServ.Addr)
+ logrus.Infof("Stopped external %s listener on %s", b.componentName, externalServ.Addr)
}()
}