2018-08-30 14:25:33 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"io/ioutil"
|
|
|
|
"os"
|
|
|
|
"path/filepath"
|
|
|
|
"sync"
|
2019-02-15 12:16:25 +00:00
|
|
|
"time"
|
2018-10-30 14:16:20 +00:00
|
|
|
|
2018-12-28 14:17:51 +00:00
|
|
|
"github.com/AdguardTeam/AdGuardHome/dhcpd"
|
2018-11-30 10:24:42 +00:00
|
|
|
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
|
2018-11-28 14:29:48 +00:00
|
|
|
"github.com/AdguardTeam/AdGuardHome/dnsforward"
|
2019-02-25 13:44:22 +00:00
|
|
|
"github.com/AdguardTeam/golibs/log"
|
2019-01-25 13:01:27 +00:00
|
|
|
yaml "gopkg.in/yaml.v2"
|
2018-08-30 14:25:33 +00:00
|
|
|
)
|
|
|
|
|
2018-11-27 17:51:12 +00:00
|
|
|
const (
|
2018-12-05 17:29:00 +00:00
|
|
|
dataDir = "data" // data storage
|
|
|
|
filterDir = "filters" // cache location for downloaded filters, it's under DataDir
|
2018-11-27 17:51:12 +00:00
|
|
|
)
|
2018-10-30 14:16:20 +00:00
|
|
|
|
2019-02-04 10:54:53 +00:00
|
|
|
// logSettings
|
|
|
|
type logSettings struct {
|
|
|
|
LogFile string `yaml:"log_file"` // Path to the log file. If empty, write to stdout. If "syslog", writes to syslog
|
|
|
|
Verbose bool `yaml:"verbose"` // If true, verbose logging is enabled
|
|
|
|
}
|
|
|
|
|
2018-08-30 14:25:33 +00:00
|
|
|
// configuration is loaded from YAML
|
2018-11-27 17:51:12 +00:00
|
|
|
// field ordering is important -- yaml fields will mirror ordering from here
|
2018-08-30 14:25:33 +00:00
|
|
|
type configuration struct {
|
2019-01-24 17:11:01 +00:00
|
|
|
ourConfigFilename string // Config filename (can be overridden via the command line arguments)
|
2019-02-10 17:47:43 +00:00
|
|
|
ourWorkingDir string // Location of our directory, used to protect against CWD being somewhere else
|
2019-01-29 17:41:57 +00:00
|
|
|
firstRun bool // if set to true, don't run any services except HTTP web inteface, and serve only first-run html
|
2018-11-27 17:51:12 +00:00
|
|
|
|
2019-02-22 14:59:42 +00:00
|
|
|
BindHost string `yaml:"bind_host"` // BindHost is the IP address of the HTTP server to bind to
|
|
|
|
BindPort int `yaml:"bind_port"` // BindPort is the port the HTTP server
|
|
|
|
AuthName string `yaml:"auth_name"` // AuthName is the basic auth username
|
|
|
|
AuthPass string `yaml:"auth_pass"` // AuthPass is the basic auth password
|
|
|
|
Language string `yaml:"language"` // two-letter ISO 639-1 language code
|
2018-12-28 14:17:51 +00:00
|
|
|
DNS dnsConfig `yaml:"dns"`
|
2019-01-30 16:17:30 +00:00
|
|
|
TLS tlsConfig `yaml:"tls"`
|
2018-12-28 14:17:51 +00:00
|
|
|
Filters []filter `yaml:"filters"`
|
|
|
|
UserRules []string `yaml:"user_rules"`
|
|
|
|
DHCP dhcpd.ServerConfig `yaml:"dhcp"`
|
2018-08-30 14:25:33 +00:00
|
|
|
|
2019-02-04 10:54:53 +00:00
|
|
|
logSettings `yaml:",inline"`
|
|
|
|
|
2018-10-06 21:58:59 +00:00
|
|
|
sync.RWMutex `yaml:"-"`
|
2018-11-27 17:51:12 +00:00
|
|
|
|
|
|
|
SchemaVersion int `yaml:"schema_version"` // keeping last so that users will be less tempted to change it -- used when upgrading between versions
|
2018-08-30 14:25:33 +00:00
|
|
|
}
|
|
|
|
|
2018-11-27 17:51:12 +00:00
|
|
|
// field ordering is important -- yaml fields will mirror ordering from here
|
2018-12-05 17:29:00 +00:00
|
|
|
type dnsConfig struct {
|
2019-01-24 17:11:01 +00:00
|
|
|
BindHost string `yaml:"bind_host"`
|
|
|
|
Port int `yaml:"port"`
|
2018-11-28 15:24:04 +00:00
|
|
|
|
|
|
|
dnsforward.FilteringConfig `yaml:",inline"`
|
|
|
|
|
2018-12-05 21:22:20 +00:00
|
|
|
UpstreamDNS []string `yaml:"upstream_dns"`
|
2018-08-30 14:25:33 +00:00
|
|
|
}
|
|
|
|
|
2019-03-07 09:04:22 +00:00
|
|
|
var defaultDNS = []string{"https://dns.cloudflare.com/dns-query"}
|
2019-02-27 08:15:18 +00:00
|
|
|
var defaultBootstrap = []string{"1.1.1.1"}
|
2018-08-30 14:25:33 +00:00
|
|
|
|
2019-02-13 08:08:07 +00:00
|
|
|
type tlsConfigSettings struct {
|
2019-02-21 14:33:46 +00:00
|
|
|
Enabled bool `yaml:"enabled" json:"enabled"` // Enabled is the encryption (DOT/DOH/HTTPS) status
|
|
|
|
ServerName string `yaml:"server_name" json:"server_name,omitempty"` // ServerName is the hostname of your HTTPS/TLS server
|
|
|
|
ForceHTTPS bool `yaml:"force_https" json:"force_https,omitempty"` // ForceHTTPS: if true, forces HTTP->HTTPS redirect
|
|
|
|
PortHTTPS int `yaml:"port_https" json:"port_https,omitempty"` // HTTPS port. If 0, HTTPS will be disabled
|
|
|
|
PortDNSOverTLS int `yaml:"port_dns_over_tls" json:"port_dns_over_tls,omitempty"` // DNS-over-TLS port. If 0, DOT will be disabled
|
2019-02-12 14:23:38 +00:00
|
|
|
|
|
|
|
dnsforward.TLSConfig `yaml:",inline" json:",inline"`
|
2019-02-13 08:08:07 +00:00
|
|
|
}
|
|
|
|
|
2019-02-13 08:45:23 +00:00
|
|
|
// field ordering is not important -- these are for API and are recalculated on each run
|
|
|
|
type tlsConfigStatus struct {
|
2019-02-21 14:33:46 +00:00
|
|
|
ValidCert bool `yaml:"-" json:"valid_cert"` // ValidCert is true if the specified certificates chain is a valid chain of X509 certificates
|
|
|
|
ValidChain bool `yaml:"-" json:"valid_chain"` // ValidChain is true if the specified certificates chain is verified and issued by a known CA
|
|
|
|
Subject string `yaml:"-" json:"subject,omitempty"` // Subject is the subject of the first certificate in the chain
|
|
|
|
Issuer string `yaml:"-" json:"issuer,omitempty"` // Issuer is the issuer of the first certificate in the chain
|
|
|
|
NotBefore time.Time `yaml:"-" json:"not_before,omitempty"` // NotBefore is the NotBefore field of the first certificate in the chain
|
|
|
|
NotAfter time.Time `yaml:"-" json:"not_after,omitempty"` // NotAfter is the NotAfter field of the first certificate in the chain
|
|
|
|
DNSNames []string `yaml:"-" json:"dns_names"` // DNSNames is the value of SubjectAltNames field of the first certificate in the chain
|
2019-02-15 12:16:25 +00:00
|
|
|
|
|
|
|
// key status
|
2019-02-21 14:33:46 +00:00
|
|
|
ValidKey bool `yaml:"-" json:"valid_key"` // ValidKey is true if the key is a valid private key
|
|
|
|
KeyType string `yaml:"-" json:"key_type,omitempty"` // KeyType is one of RSA or ECDSA
|
2019-02-15 12:16:25 +00:00
|
|
|
|
2019-02-19 12:21:38 +00:00
|
|
|
// is usable? set by validator
|
2019-02-27 14:36:02 +00:00
|
|
|
ValidPair bool `yaml:"-" json:"valid_pair"` // ValidPair is true if both certificate and private key are correct
|
2019-02-19 12:21:38 +00:00
|
|
|
|
2019-02-15 12:16:25 +00:00
|
|
|
// warnings
|
2019-02-21 14:33:46 +00:00
|
|
|
WarningValidation string `yaml:"-" json:"warning_validation,omitempty"` // WarningValidation is a validation warning message with the issue description
|
2019-02-13 08:45:23 +00:00
|
|
|
}
|
|
|
|
|
2019-02-13 08:08:07 +00:00
|
|
|
// field ordering is important -- yaml fields will mirror ordering from here
|
|
|
|
type tlsConfig struct {
|
|
|
|
tlsConfigSettings `yaml:",inline" json:",inline"`
|
2019-02-13 08:45:23 +00:00
|
|
|
tlsConfigStatus `yaml:"-" json:",inline"`
|
2019-01-23 14:26:15 +00:00
|
|
|
}
|
|
|
|
|
2018-08-30 14:25:33 +00:00
|
|
|
// initialize to default values, will be changed later when reading config or parsing command line
|
|
|
|
var config = configuration{
|
2018-10-15 13:02:19 +00:00
|
|
|
ourConfigFilename: "AdGuardHome.yaml",
|
2018-08-30 14:25:33 +00:00
|
|
|
BindPort: 3000,
|
2019-02-06 13:48:22 +00:00
|
|
|
BindHost: "0.0.0.0",
|
2018-12-05 17:29:00 +00:00
|
|
|
DNS: dnsConfig{
|
2019-01-19 01:41:43 +00:00
|
|
|
BindHost: "0.0.0.0",
|
|
|
|
Port: 53,
|
2018-11-28 15:24:04 +00:00
|
|
|
FilteringConfig: dnsforward.FilteringConfig{
|
2018-11-30 10:35:22 +00:00
|
|
|
ProtectionEnabled: true, // whether or not use any of dnsfilter features
|
|
|
|
FilteringEnabled: true, // whether or not use filter lists
|
|
|
|
BlockedResponseTTL: 10, // in seconds
|
2018-12-05 15:47:03 +00:00
|
|
|
QueryLogEnabled: true,
|
|
|
|
Ratelimit: 20,
|
|
|
|
RefuseAny: true,
|
2019-02-27 08:15:18 +00:00
|
|
|
BootstrapDNS: defaultBootstrap,
|
2019-02-26 15:19:05 +00:00
|
|
|
AllServers: false,
|
2018-11-28 15:24:04 +00:00
|
|
|
},
|
2018-12-05 21:22:20 +00:00
|
|
|
UpstreamDNS: defaultDNS,
|
2018-08-30 14:25:33 +00:00
|
|
|
},
|
2019-02-11 18:52:39 +00:00
|
|
|
TLS: tlsConfig{
|
2019-02-13 08:08:07 +00:00
|
|
|
tlsConfigSettings: tlsConfigSettings{
|
|
|
|
PortHTTPS: 443,
|
|
|
|
PortDNSOverTLS: 853, // needs to be passed through to dnsproxy
|
|
|
|
},
|
2019-02-11 18:52:39 +00:00
|
|
|
},
|
2018-08-30 14:25:33 +00:00
|
|
|
Filters: []filter{
|
2018-11-30 10:24:42 +00:00
|
|
|
{Filter: dnsfilter.Filter{ID: 1}, Enabled: true, URL: "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt", Name: "AdGuard Simplified Domain Names filter"},
|
|
|
|
{Filter: dnsfilter.Filter{ID: 2}, Enabled: false, URL: "https://adaway.org/hosts.txt", Name: "AdAway"},
|
|
|
|
{Filter: dnsfilter.Filter{ID: 3}, Enabled: false, URL: "https://hosts-file.net/ad_servers.txt", Name: "hpHosts - Ad and Tracking servers only"},
|
|
|
|
{Filter: dnsfilter.Filter{ID: 4}, Enabled: false, URL: "http://www.malwaredomainlist.com/hostslist/hosts.txt", Name: "MalwareDomainList.com Hosts List"},
|
2018-08-30 14:25:33 +00:00
|
|
|
},
|
2018-12-05 21:29:38 +00:00
|
|
|
SchemaVersion: currentSchemaVersion,
|
2018-08-30 14:25:33 +00:00
|
|
|
}
|
|
|
|
|
2019-02-05 17:35:48 +00:00
|
|
|
// getConfigFilename returns path to the current config file
|
|
|
|
func (c *configuration) getConfigFilename() string {
|
|
|
|
configFile := config.ourConfigFilename
|
|
|
|
if !filepath.IsAbs(configFile) {
|
2019-02-10 17:47:43 +00:00
|
|
|
configFile = filepath.Join(config.ourWorkingDir, config.ourConfigFilename)
|
2019-02-05 17:35:48 +00:00
|
|
|
}
|
|
|
|
return configFile
|
|
|
|
}
|
|
|
|
|
2019-02-04 10:54:53 +00:00
|
|
|
// getLogSettings reads logging settings from the config file.
|
|
|
|
// we do it in a separate method in order to configure logger before the actual configuration is parsed and applied.
|
|
|
|
func getLogSettings() logSettings {
|
|
|
|
l := logSettings{}
|
|
|
|
yamlFile, err := readConfigFile()
|
|
|
|
if err != nil || yamlFile == nil {
|
|
|
|
return l
|
|
|
|
}
|
|
|
|
err = yaml.Unmarshal(yamlFile, &l)
|
|
|
|
if err != nil {
|
2019-02-25 13:44:22 +00:00
|
|
|
log.Error("Couldn't get logging settings from the configuration: %s", err)
|
2019-02-04 10:54:53 +00:00
|
|
|
}
|
|
|
|
return l
|
|
|
|
}
|
|
|
|
|
|
|
|
// parseConfig loads configuration from the YAML file
|
2018-08-30 14:25:33 +00:00
|
|
|
func parseConfig() error {
|
2019-02-05 17:35:48 +00:00
|
|
|
configFile := config.getConfigFilename()
|
2019-02-25 13:44:22 +00:00
|
|
|
log.Debug("Reading config file: %s", configFile)
|
2019-02-04 10:54:53 +00:00
|
|
|
yamlFile, err := readConfigFile()
|
2018-08-30 14:25:33 +00:00
|
|
|
if err != nil {
|
2019-02-25 13:44:22 +00:00
|
|
|
log.Error("Couldn't read config file: %s", err)
|
2018-08-30 14:25:33 +00:00
|
|
|
return err
|
|
|
|
}
|
2019-02-04 10:54:53 +00:00
|
|
|
if yamlFile == nil {
|
2019-02-25 13:44:22 +00:00
|
|
|
log.Error("YAML file doesn't exist, skipping it")
|
2019-02-04 10:54:53 +00:00
|
|
|
return nil
|
|
|
|
}
|
2018-08-30 14:25:33 +00:00
|
|
|
err = yaml.Unmarshal(yamlFile, &config)
|
|
|
|
if err != nil {
|
2019-02-25 13:44:22 +00:00
|
|
|
log.Error("Couldn't parse config file: %s", err)
|
2018-08-30 14:25:33 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2018-10-30 09:24:59 +00:00
|
|
|
// Deduplicate filters
|
2018-12-06 14:18:34 +00:00
|
|
|
deduplicateFilters()
|
2018-10-30 09:24:59 +00:00
|
|
|
|
2018-11-27 18:25:03 +00:00
|
|
|
updateUniqueFilterID(config.Filters)
|
2018-10-30 09:24:59 +00:00
|
|
|
|
2018-08-30 14:25:33 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2019-02-04 10:54:53 +00:00
|
|
|
// readConfigFile reads config file contents if it exists
|
|
|
|
func readConfigFile() ([]byte, error) {
|
2019-02-05 17:35:48 +00:00
|
|
|
configFile := config.getConfigFilename()
|
2019-02-04 10:54:53 +00:00
|
|
|
if _, err := os.Stat(configFile); os.IsNotExist(err) {
|
|
|
|
// do nothing, file doesn't exist
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
return ioutil.ReadFile(configFile)
|
|
|
|
}
|
|
|
|
|
2018-10-30 09:24:59 +00:00
|
|
|
// Saves configuration to the YAML file and also saves the user filter contents to a file
|
2018-11-29 11:56:56 +00:00
|
|
|
func (c *configuration) write() error {
|
2018-11-29 10:31:50 +00:00
|
|
|
c.Lock()
|
|
|
|
defer c.Unlock()
|
2019-01-29 17:41:57 +00:00
|
|
|
if config.firstRun {
|
2019-02-25 13:44:22 +00:00
|
|
|
log.Debug("Silently refusing to write config because first run and not configured yet")
|
2019-01-29 17:41:57 +00:00
|
|
|
return nil
|
|
|
|
}
|
2019-02-05 17:35:48 +00:00
|
|
|
configFile := config.getConfigFilename()
|
2019-02-25 13:44:22 +00:00
|
|
|
log.Debug("Writing YAML file: %s", configFile)
|
2018-08-30 14:25:33 +00:00
|
|
|
yamlText, err := yaml.Marshal(&config)
|
|
|
|
if err != nil {
|
2019-02-25 13:44:22 +00:00
|
|
|
log.Error("Couldn't generate YAML file: %s", err)
|
2018-08-30 14:25:33 +00:00
|
|
|
return err
|
|
|
|
}
|
2018-11-27 17:39:59 +00:00
|
|
|
err = safeWriteFile(configFile, yamlText)
|
2018-08-30 14:25:33 +00:00
|
|
|
if err != nil {
|
2019-02-25 13:44:22 +00:00
|
|
|
log.Error("Couldn't save YAML config: %s", err)
|
2018-08-30 14:25:33 +00:00
|
|
|
return err
|
|
|
|
}
|
2018-10-29 23:17:24 +00:00
|
|
|
|
2018-11-28 17:15:32 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func writeAllConfigs() error {
|
|
|
|
err := config.write()
|
|
|
|
if err != nil {
|
2019-02-25 13:44:22 +00:00
|
|
|
log.Error("Couldn't write config: %s", err)
|
2018-11-28 17:15:32 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2018-11-27 13:48:57 +00:00
|
|
|
userFilter := userFilter()
|
2018-10-29 23:17:24 +00:00
|
|
|
err = userFilter.save()
|
2018-09-05 23:03:03 +00:00
|
|
|
if err != nil {
|
2019-02-25 13:44:22 +00:00
|
|
|
log.Error("Couldn't save the user filter: %s", err)
|
2018-09-05 23:03:03 +00:00
|
|
|
return err
|
|
|
|
}
|
2018-10-29 23:17:24 +00:00
|
|
|
|
2018-08-30 14:25:33 +00:00
|
|
|
return nil
|
|
|
|
}
|