diff --git a/app.go b/app.go index acb463de..30d64d12 100644 --- a/app.go +++ b/app.go @@ -168,54 +168,7 @@ func run(args options) { httpsServer.cond = sync.NewCond(&httpsServer.Mutex) // for https, we have a separate goroutine loop - go func() { - for { // this is an endless loop - httpsServer.cond.L.Lock() - // this mechanism doesn't let us through until all conditions are ment - for config.TLS.Enabled == false || config.TLS.PortHTTPS == 0 || config.TLS.PrivateKey == "" || config.TLS.CertificateChain == "" { // sleep until necessary data is supplied - httpsServer.cond.Wait() - } - address := net.JoinHostPort(config.BindHost, strconv.Itoa(config.TLS.PortHTTPS)) - // validate current TLS config and update warnings (it could have been loaded from file) - data := validateCertificates(config.TLS.CertificateChain, config.TLS.PrivateKey, config.TLS.ServerName) - if !data.ValidPair { - cleanupAlways() - log.Fatal(data.WarningValidation) - } - config.Lock() - config.TLS.tlsConfigStatus = data // update warnings - config.Unlock() - - // prepare certs for HTTPS server - // important -- they have to be copies, otherwise changing the contents in config.TLS will break encryption for in-flight requests - certchain := make([]byte, len(config.TLS.CertificateChain)) - copy(certchain, []byte(config.TLS.CertificateChain)) - privatekey := make([]byte, len(config.TLS.PrivateKey)) - copy(privatekey, []byte(config.TLS.PrivateKey)) - cert, err := tls.X509KeyPair(certchain, privatekey) - if err != nil { - cleanupAlways() - log.Fatal(err) - } - httpsServer.cond.L.Unlock() - - // prepare HTTPS server - httpsServer.server = &http.Server{ - Addr: address, - TLSConfig: &tls.Config{ - Certificates: []tls.Certificate{cert}, - MinVersion: tls.VersionTLS12, - }, - } - - printHTTPAddresses("https") - err = httpsServer.server.ListenAndServeTLS("", "") - if err != http.ErrServerClosed { - cleanupAlways() - log.Fatal(err) - } - } - }() + go httpServerLoop() // this loop is used as an ability to change listening host and/or port for { @@ -235,6 +188,58 @@ func run(args options) { } } +func httpServerLoop() { + for { + httpsServer.cond.L.Lock() + // this mechanism doesn't let us through until all conditions are met + for config.TLS.Enabled == false || + config.TLS.PortHTTPS == 0 || + config.TLS.PrivateKey == "" || + config.TLS.CertificateChain == "" { // sleep until necessary data is supplied + httpsServer.cond.Wait() + } + address := net.JoinHostPort(config.BindHost, strconv.Itoa(config.TLS.PortHTTPS)) + // validate current TLS config and update warnings (it could have been loaded from file) + data := validateCertificates(config.TLS.CertificateChain, config.TLS.PrivateKey, config.TLS.ServerName) + if !data.ValidPair { + cleanupAlways() + log.Fatal(data.WarningValidation) + } + config.Lock() + config.TLS.tlsConfigStatus = data // update warnings + config.Unlock() + + // prepare certs for HTTPS server + // important -- they have to be copies, otherwise changing the contents in config.TLS will break encryption for in-flight requests + certchain := make([]byte, len(config.TLS.CertificateChain)) + copy(certchain, []byte(config.TLS.CertificateChain)) + privatekey := make([]byte, len(config.TLS.PrivateKey)) + copy(privatekey, []byte(config.TLS.PrivateKey)) + cert, err := tls.X509KeyPair(certchain, privatekey) + if err != nil { + cleanupAlways() + log.Fatal(err) + } + httpsServer.cond.L.Unlock() + + // prepare HTTPS server + httpsServer.server = &http.Server{ + Addr: address, + TLSConfig: &tls.Config{ + Certificates: []tls.Certificate{cert}, + MinVersion: tls.VersionTLS12, + }, + } + + printHTTPAddresses("https") + err = httpsServer.server.ListenAndServeTLS("", "") + if err != http.ErrServerClosed { + cleanupAlways() + log.Fatal(err) + } + } +} + // Check if the current user has root (administrator) rights // and if not, ask and try to run as root func requireAdminRights() {