dispatch/server/server.go

package server

import (
	"crypto/tls"
	"log"
	"net"
	"net/http"
	"net/url"
	"strings"
	"sync"
	"time"

	"github.com/gorilla/websocket"
	"github.com/khlieng/dispatch/config"
	"github.com/khlieng/dispatch/pkg/netutil"
	"github.com/khlieng/dispatch/pkg/session"
	"github.com/khlieng/dispatch/storage"
	"github.com/mholt/certmagic"
)

var channelStore = storage.NewChannelStore()

type Dispatch struct {
	Store        storage.Store
	SessionStore storage.SessionStore

	GetMessageStore          func(*storage.User) (storage.MessageStore, error)
	GetMessageSearchProvider func(*storage.User) (storage.MessageSearchProvider, error)

	cfg      *config.Config
	upgrader websocket.Upgrader
	states   *stateStore
	lock     sync.Mutex
}

func New(cfg *config.Config) *Dispatch {
	return &Dispatch{
		cfg: cfg,
	}
}

func (d *Dispatch) Config() *config.Config {
	d.lock.Lock()
	cfg := d.cfg
	d.lock.Unlock()
	return cfg
}

func (d *Dispatch) SetConfig(cfg *config.Config) {
	d.lock.Lock()
	d.cfg = cfg
	d.lock.Unlock()
}

func (d *Dispatch) Run() {
	d.upgrader = websocket.Upgrader{
		ReadBufferSize:  1024,
		WriteBufferSize: 1024,
	}

	if d.Config().Dev {
		d.upgrader.CheckOrigin = func(r *http.Request) bool {
			return true
		}
	}

	session.CookieName = "dispatch"

	d.states = newStateStore(d.SessionStore)
	go d.states.run()

	d.loadUsers()
	d.initFileServer()
	d.startHTTP()
}

func (d *Dispatch) loadUsers() {
	users, err := storage.LoadUsers(d.Store)
	if err != nil {
		log.Fatal(err)
	}

	log.Printf("[Init] %d users", len(users))

	for _, user := range users {
		go d.loadUser(user)
	}
}

func (d *Dispatch) loadUser(user *storage.User) {
	messageStore, err := d.GetMessageStore(user)
	if err != nil {
		log.Fatal(err)
	}
	user.SetMessageStore(messageStore)

	search, err := d.GetMessageSearchProvider(user)
	if err != nil {
		log.Fatal(err)
	}
	user.SetMessageSearchProvider(search)

	state := NewState(user, d)
	d.states.set(state)
	go state.run()

	channels, err := user.GetChannels()
	if err != nil {
		log.Fatal(err)
	}

	servers, err := user.GetServers()
	if err != nil {
		log.Fatal(err)
	}

	for _, server := range servers {
		i := connectIRC(server, state, user.GetLastIP())

		var joining []string
		for _, channel := range channels {
			if channel.Server == server.Host {
				joining = append(joining, channel.Name)
			}
		}
		i.Join(joining...)
	}
}

func (d *Dispatch) startHTTP() {
	cfg := d.Config()

	port := cfg.Port
	if cfg.Dev {
		// The node dev server will proxy index page requests and
		// websocket connections to this port
		port = "1337"
	}

	httpSrv := &http.Server{
		Addr: net.JoinHostPort(cfg.Address, port),
	}

	if cfg.HTTPS.Enabled {
		httpSrv.ReadTimeout = 5 * time.Second
		httpSrv.WriteTimeout = 5 * time.Second

		httpsSrv := &http.Server{
			Addr:              net.JoinHostPort(cfg.Address, cfg.HTTPS.Port),
			ReadHeaderTimeout: 5 * time.Second,
			WriteTimeout:      10 * time.Second,
			IdleTimeout:       120 * time.Second,
			Handler:           d,
		}

		redirect := createHTTPSRedirect(cfg.HTTPS.Port, d)

		if d.certExists() {
			httpSrv.Handler = redirect
			log.Println("[HTTP] Listening on port", port, "(HTTPS Redirect)")
			go httpSrv.ListenAndServe()

			log.Println("[HTTPS] Listening on port", cfg.HTTPS.Port)
			log.Fatal(httpsSrv.ListenAndServeTLS(cfg.HTTPS.Cert, cfg.HTTPS.Key))
		} else {
			cache := certmagic.NewCache(&certmagic.FileStorage{
				Path: storage.Path.LetsEncrypt(),
			})

			magic := certmagic.NewWithCache(cache, certmagic.Config{
				Agreed:     true,
				Email:      cfg.LetsEncrypt.Email,
				MustStaple: true,
			})

			domains := []string{cfg.LetsEncrypt.Domain}
			if cfg.LetsEncrypt.Domain == "" {
				domains = []string{}
				magic.OnDemand = &certmagic.OnDemandConfig{MaxObtain: 3}
			}

			err := magic.Manage(domains)
			if err != nil {
				log.Fatal(err)
			}

			tlsConfig := magic.TLSConfig()
			tlsConfig.MinVersion = tls.VersionTLS12
			tlsConfig.CipherSuites = getCipherSuites()
			tlsConfig.CurvePreferences = []tls.CurveID{
				tls.X25519,
				tls.CurveP256,
			}
			tlsConfig.PreferServerCipherSuites = true
			httpsSrv.TLSConfig = tlsConfig

			httpSrv.Handler = magic.HTTPChallengeHandler(redirect)
			log.Println("[HTTP] Listening on port", port, "(HTTPS Redirect)")
			go httpSrv.ListenAndServe()

			log.Println("[HTTPS] Listening on port", cfg.HTTPS.Port)
			log.Fatal(httpsSrv.ListenAndServeTLS("", ""))
		}
	} else {
		httpSrv.ReadHeaderTimeout = 5 * time.Second
		httpSrv.WriteTimeout = 10 * time.Second
		httpSrv.IdleTimeout = 120 * time.Second
		httpSrv.Handler = d

		log.Println("[HTTP] Listening on port", port)
		log.Fatal(httpSrv.ListenAndServe())
	}
}

func (d *Dispatch) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	if r.Method != "GET" {
		fail(w, http.StatusNotFound)
		return
	}

	if r.URL.Path == "/init" {
		referer, err := url.Parse(r.Header.Get("Referer"))
		if err != nil {
			fail(w, http.StatusInternalServerError)
			return
		}

		state := d.handleAuth(w, r, true, true)
		data := d.getIndexData(r, referer.EscapedPath(), state)

		writeJSON(w, r, data)
	} else if strings.HasPrefix(r.URL.Path, "/ws") {
		if !websocket.IsWebSocketUpgrade(r) {
			fail(w, http.StatusBadRequest)
			return
		}

		state := d.handleAuth(w, r, false, false)
		if state == nil {
			log.Println("[Auth] No state")
			fail(w, http.StatusInternalServerError)
			return
		}

		d.upgradeWS(w, r, state)
	} else {
		d.serveFiles(w, r)
	}
}

func (d *Dispatch) upgradeWS(w http.ResponseWriter, r *http.Request, state *State) {
	conn, err := d.upgrader.Upgrade(w, r, w.Header())
	if err != nil {
		log.Println(err)
		return
	}

	newWSHandler(conn, state, r).run()
}

func createHTTPSRedirect(portHTTPS string, fallback http.Handler) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		host, _, err := net.SplitHostPort(r.Host)
		if err != nil {
			host = r.Host
		}

		if netutil.IsPrivate(host) {
			fallback.ServeHTTP(w, r)
			return
		}

		u := url.URL{
			Scheme: "https",
			Host:   net.JoinHostPort(host, portHTTPS),
			Path:   r.RequestURI,
		}

		w.Header().Set("Connection", "close")
		w.Header().Set("Location", u.String())
		w.WriteHeader(http.StatusMovedPermanently)
	}
}

func fail(w http.ResponseWriter, code int) {
	http.Error(w, http.StatusText(code), code)
}
Add cobra, move the server code into its own package 2015-05-01 20:59:46 +00:00			`package server`

			`import (`
Add HTTP/2 push 2017-04-15 02:48:24 +00:00			`"crypto/tls"`
Add cobra, move the server code into its own package 2015-05-01 20:59:46 +00:00			`"log"`
Let's Encrypt 2016-01-04 18:26:32 +00:00			`"net"`
Add cobra, move the server code into its own package 2015-05-01 20:59:46 +00:00			`"net/http"`
Let's Encrypt 2016-01-04 18:26:32 +00:00			`"net/url"`
			`"strings"`
Pass in config struct 2018-12-11 09:51:20 +00:00			`"sync"`
Use certmagic, simplify config, set HTTP timeouts and a modern TLSConfig 2018-12-16 11:19:16 +00:00			`"time"`
Add cobra, move the server code into its own package 2015-05-01 20:59:46 +00:00
Switch from Godep to go vendoring 2016-03-01 00:51:26 +00:00			`"github.com/gorilla/websocket"`
Pass in config struct 2018-12-11 09:51:20 +00:00			`"github.com/khlieng/dispatch/config"`
Dont redirect private IPs and localhost 2018-12-17 11:45:33 +00:00			`"github.com/khlieng/dispatch/pkg/netutil"`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`"github.com/khlieng/dispatch/pkg/session"`
Name it 2015-12-11 03:35:48 +00:00			`"github.com/khlieng/dispatch/storage"`
Use certmagic, simplify config, set HTTP timeouts and a modern TLSConfig 2018-12-16 11:19:16 +00:00			`"github.com/mholt/certmagic"`
Add cobra, move the server code into its own package 2015-05-01 20:59:46 +00:00			`)`

Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`var channelStore = storage.NewChannelStore()`
Store auth info in a JWT token in a cookie 2016-01-15 01:27:30 +00:00
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`type Dispatch struct {`
			`Store storage.Store`
			`SessionStore storage.SessionStore`

			`GetMessageStore func(*storage.User) (storage.MessageStore, error)`
			`GetMessageSearchProvider func(*storage.User) (storage.MessageSearchProvider, error)`

Pass in config struct 2018-12-11 09:51:20 +00:00			`cfg *config.Config`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`upgrader websocket.Upgrader`
			`states *stateStore`
Pass in config struct 2018-12-11 09:51:20 +00:00			`lock sync.Mutex`
			`}`

			`func New(cfg config.Config) Dispatch {`
			`return &Dispatch{`
			`cfg: cfg,`
			`}`
			`}`

			`func (d Dispatch) Config() config.Config {`
			`d.lock.Lock()`
			`cfg := d.cfg`
			`d.lock.Unlock()`
			`return cfg`
			`}`

			`func (d Dispatch) SetConfig(cfg config.Config) {`
			`d.lock.Lock()`
			`d.cfg = cfg`
			`d.lock.Unlock()`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`}`

			`func (d *Dispatch) Run() {`
			`d.upgrader = websocket.Upgrader{`
Switch to gorilla/websocket 2015-05-01 22:20:22 +00:00			`ReadBufferSize: 1024,`
			`WriteBufferSize: 1024,`
			`}`
Add cobra, move the server code into its own package 2015-05-01 20:59:46 +00:00
Pass in config struct 2018-12-11 09:51:20 +00:00			`if d.Config().Dev {`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`d.upgrader.CheckOrigin = func(r *http.Request) bool {`
Allow all websocket origins in development mode 2016-01-27 17:03:38 +00:00			`return true`
			`}`
			`}`

Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`session.CookieName = "dispatch"`

			`d.states = newStateStore(d.SessionStore)`
Do all session pruning in a single goroutine 2018-06-01 03:40:12 +00:00			`go d.states.run()`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00
			`d.loadUsers()`
			`d.initFileServer()`
			`d.startHTTP()`
			`}`

			`func (d *Dispatch) loadUsers() {`
			`users, err := storage.LoadUsers(d.Store)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

Do all session pruning in a single goroutine 2018-06-01 03:40:12 +00:00			`log.Printf("[Init] %d users", len(users))`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00
Name all storage interface params, return slices of pointers 2018-06-01 02:16:38 +00:00			`for _, user := range users {`
			`go d.loadUser(user)`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`}`
Set GOMAXPROCS to NumCPU, drop httprouter 2015-06-06 23:18:26 +00:00			`}`
Add cobra, move the server code into its own package 2015-05-01 20:59:46 +00:00
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`func (d Dispatch) loadUser(user storage.User) {`
			`messageStore, err := d.GetMessageStore(user)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`user.SetMessageStore(messageStore)`

			`search, err := d.GetMessageSearchProvider(user)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`user.SetMessageSearchProvider(search)`

			`state := NewState(user, d)`
			`d.states.set(state)`
			`go state.run()`

			`channels, err := user.GetChannels()`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`servers, err := user.GetServers()`
			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`for _, server := range servers {`
Add option to hex encode the source IP of a client and use it as the ident, closes #24 2018-08-10 18:24:29 +00:00			`i := connectIRC(server, state, user.GetLastIP())`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00
			`var joining []string`
			`for _, channel := range channels {`
			`if channel.Server == server.Host {`
			`joining = append(joining, channel.Name)`
			`}`
			`}`
			`i.Join(joining...)`
			`}`
			`}`

			`func (d *Dispatch) startHTTP() {`
Pass in config struct 2018-12-11 09:51:20 +00:00			`cfg := d.Config()`
Use certmagic, simplify config, set HTTP timeouts and a modern TLSConfig 2018-12-16 11:19:16 +00:00
Pass in config struct 2018-12-11 09:51:20 +00:00			`port := cfg.Port`
Use certmagic, simplify config, set HTTP timeouts and a modern TLSConfig 2018-12-16 11:19:16 +00:00			`if cfg.Dev {`
			`// The node dev server will proxy index page requests and`
			`// websocket connections to this port`
			`port = "1337"`
			`}`
Add cobra, move the server code into its own package 2015-05-01 20:59:46 +00:00
Use certmagic, simplify config, set HTTP timeouts and a modern TLSConfig 2018-12-16 11:19:16 +00:00			`httpSrv := &http.Server{`
			`Addr: net.JoinHostPort(cfg.Address, port),`
			`}`
Let's Encrypt 2016-01-04 18:26:32 +00:00
Use certmagic, simplify config, set HTTP timeouts and a modern TLSConfig 2018-12-16 11:19:16 +00:00			`if cfg.HTTPS.Enabled {`
			`httpSrv.ReadTimeout = 5 * time.Second`
			`httpSrv.WriteTimeout = 5 * time.Second`

			`httpsSrv := &http.Server{`
			`Addr: net.JoinHostPort(cfg.Address, cfg.HTTPS.Port),`
			`ReadHeaderTimeout: 5 * time.Second,`
			`WriteTimeout: 10 * time.Second,`
			`IdleTimeout: 120 * time.Second,`
			`Handler: d,`
Let's Encrypt 2016-01-04 18:26:32 +00:00			`}`

Dont redirect private IPs and localhost 2018-12-17 11:45:33 +00:00			`redirect := createHTTPSRedirect(cfg.HTTPS.Port, d)`
Refactor lets encrypt integration to support cert changes and ocsp stapling without restarting 2016-01-06 21:19:06 +00:00
Pass in config struct 2018-12-11 09:51:20 +00:00			`if d.certExists() {`
Use certmagic, simplify config, set HTTP timeouts and a modern TLSConfig 2018-12-16 11:19:16 +00:00			`httpSrv.Handler = redirect`
			`log.Println("[HTTP] Listening on port", port, "(HTTPS Redirect)")`
			`go httpSrv.ListenAndServe()`

			`log.Println("[HTTPS] Listening on port", cfg.HTTPS.Port)`
			`log.Fatal(httpsSrv.ListenAndServeTLS(cfg.HTTPS.Cert, cfg.HTTPS.Key))`
			`} else {`
Update dependencies 2018-12-31 01:20:22 +00:00			`cache := certmagic.NewCache(&certmagic.FileStorage{`
Use certmagic, simplify config, set HTTP timeouts and a modern TLSConfig 2018-12-16 11:19:16 +00:00			`Path: storage.Path.LetsEncrypt(),`
			`})`

			`magic := certmagic.NewWithCache(cache, certmagic.Config{`
			`Agreed: true,`
			`Email: cfg.LetsEncrypt.Email,`
			`MustStaple: true,`
			`})`

			`domains := []string{cfg.LetsEncrypt.Domain}`
			`if cfg.LetsEncrypt.Domain == "" {`
			`domains = []string{}`
			`magic.OnDemand = &certmagic.OnDemandConfig{MaxObtain: 3}`
Let's Encrypt 2016-01-04 18:26:32 +00:00			`}`

Use certmagic, simplify config, set HTTP timeouts and a modern TLSConfig 2018-12-16 11:19:16 +00:00			`err := magic.Manage(domains)`
Let's Encrypt 2016-01-04 18:26:32 +00:00			`if err != nil {`
			`log.Fatal(err)`
			`}`
Refactor lets encrypt integration to support cert changes and ocsp stapling without restarting 2016-01-06 21:19:06 +00:00
Use certmagic, simplify config, set HTTP timeouts and a modern TLSConfig 2018-12-16 11:19:16 +00:00			`tlsConfig := magic.TLSConfig()`
			`tlsConfig.MinVersion = tls.VersionTLS12`
			`tlsConfig.CipherSuites = getCipherSuites()`
			`tlsConfig.CurvePreferences = []tls.CurveID{`
			`tls.X25519,`
			`tls.CurveP256,`
Add HTTP/2 push 2017-04-15 02:48:24 +00:00			`}`
Use certmagic, simplify config, set HTTP timeouts and a modern TLSConfig 2018-12-16 11:19:16 +00:00			`tlsConfig.PreferServerCipherSuites = true`
			`httpsSrv.TLSConfig = tlsConfig`
Refactor lets encrypt integration to support cert changes and ocsp stapling without restarting 2016-01-06 21:19:06 +00:00
Use certmagic, simplify config, set HTTP timeouts and a modern TLSConfig 2018-12-16 11:19:16 +00:00			`httpSrv.Handler = magic.HTTPChallengeHandler(redirect)`
			`log.Println("[HTTP] Listening on port", port, "(HTTPS Redirect)")`
			`go httpSrv.ListenAndServe()`

			`log.Println("[HTTPS] Listening on port", cfg.HTTPS.Port)`
			`log.Fatal(httpsSrv.ListenAndServeTLS("", ""))`
Let's Encrypt 2016-01-04 18:26:32 +00:00			`}`
			`} else {`
Use certmagic, simplify config, set HTTP timeouts and a modern TLSConfig 2018-12-16 11:19:16 +00:00			`httpSrv.ReadHeaderTimeout = 5 * time.Second`
			`httpSrv.WriteTimeout = 10 * time.Second`
			`httpSrv.IdleTimeout = 120 * time.Second`
			`httpSrv.Handler = d`

Let's Encrypt 2016-01-04 18:26:32 +00:00			`log.Println("[HTTP] Listening on port", port)`
Use certmagic, simplify config, set HTTP timeouts and a modern TLSConfig 2018-12-16 11:19:16 +00:00			`log.Fatal(httpSrv.ListenAndServe())`
Let's Encrypt 2016-01-04 18:26:32 +00:00			`}`
			`}`

Implement http.Handler in server.Dispatch 2018-11-09 06:32:47 +00:00			`func (d Dispatch) ServeHTTP(w http.ResponseWriter, r http.Request) {`
Set GOMAXPROCS to NumCPU, drop httprouter 2015-06-06 23:18:26 +00:00			`if r.Method != "GET" {`
Wait until a websocket connection comes in before creating new anonymous sessions 2018-05-22 01:56:48 +00:00			`fail(w, http.StatusNotFound)`
Set GOMAXPROCS to NumCPU, drop httprouter 2015-06-06 23:18:26 +00:00			`return`
			`}`

Use a map to serve files 2018-11-27 11:07:48 +00:00			`if r.URL.Path == "/init" {`
			`referer, err := url.Parse(r.Header.Get("Referer"))`
			`if err != nil {`
			`fail(w, http.StatusInternalServerError)`
			`return`
			`}`

			`state := d.handleAuth(w, r, true, true)`
Pass in config struct 2018-12-11 09:51:20 +00:00			`data := d.getIndexData(r, referer.EscapedPath(), state)`
Use a map to serve files 2018-11-27 11:07:48 +00:00
			`writeJSON(w, r, data)`
			`} else if strings.HasPrefix(r.URL.Path, "/ws") {`
Wait until a websocket connection comes in before creating new anonymous sessions 2018-05-22 01:56:48 +00:00			`if !websocket.IsWebSocketUpgrade(r) {`
			`fail(w, http.StatusBadRequest)`
			`return`
			`}`

Create sessions on boot requests instead of websocket handshakes 2018-11-17 10:52:36 +00:00			`state := d.handleAuth(w, r, false, false)`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`if state == nil {`
			`log.Println("[Auth] No state")`
Wait until a websocket connection comes in before creating new anonymous sessions 2018-05-22 01:56:48 +00:00			`fail(w, http.StatusInternalServerError)`
Store auth info in a JWT token in a cookie 2016-01-15 01:27:30 +00:00			`return`
			`}`

Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`d.upgradeWS(w, r, state)`
Set GOMAXPROCS to NumCPU, drop httprouter 2015-06-06 23:18:26 +00:00			`} else {`
Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`d.serveFiles(w, r)`
Set GOMAXPROCS to NumCPU, drop httprouter 2015-06-06 23:18:26 +00:00			`}`
Add cobra, move the server code into its own package 2015-05-01 20:59:46 +00:00			`}`

Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`func (d Dispatch) upgradeWS(w http.ResponseWriter, r http.Request, state *State) {`
			`conn, err := d.upgrader.Upgrade(w, r, w.Header())`
Switch to gorilla/websocket 2015-05-01 22:20:22 +00:00			`if err != nil {`
			`log.Println(err)`
			`return`
			`}`

Persist, renew and delete sessions, refactor storage package, move reusable packages to pkg 2018-05-31 21:24:59 +00:00			`newWSHandler(conn, state, r).run()`
Switch to gorilla/websocket 2015-05-01 22:20:22 +00:00			`}`

Dont redirect private IPs and localhost 2018-12-17 11:45:33 +00:00			`func createHTTPSRedirect(portHTTPS string, fallback http.Handler) http.HandlerFunc {`
			`return func(w http.ResponseWriter, r *http.Request) {`
Let's Encrypt 2016-01-04 18:26:32 +00:00			`host, _, err := net.SplitHostPort(r.Host)`
			`if err != nil {`
			`host = r.Host`
Add cobra, move the server code into its own package 2015-05-01 20:59:46 +00:00			`}`
Let's Encrypt 2016-01-04 18:26:32 +00:00
Dont redirect private IPs and localhost 2018-12-17 11:45:33 +00:00			`if netutil.IsPrivate(host) {`
			`fallback.ServeHTTP(w, r)`
			`return`
			`}`

Let's Encrypt 2016-01-04 18:26:32 +00:00			`u := url.URL{`
			`Scheme: "https",`
			`Host: net.JoinHostPort(host, portHTTPS),`
			`Path: r.RequestURI,`
			`}`

Use certmagic, simplify config, set HTTP timeouts and a modern TLSConfig 2018-12-16 11:19:16 +00:00			`w.Header().Set("Connection", "close")`
Let's Encrypt 2016-01-04 18:26:32 +00:00			`w.Header().Set("Location", u.String())`
			`w.WriteHeader(http.StatusMovedPermanently)`
Dont redirect private IPs and localhost 2018-12-17 11:45:33 +00:00			`}`
Let's Encrypt 2016-01-04 18:26:32 +00:00			`}`

Wait until a websocket connection comes in before creating new anonymous sessions 2018-05-22 01:56:48 +00:00			`func fail(w http.ResponseWriter, code int) {`
			`http.Error(w, http.StatusText(code), code)`
			`}`