webserver: allow listening to multiple addresses.

(Useful when dual-stack IPv4/IPv6 is not supported.) Also, change the default to listen to a UNIX-domain socket </var/run/lacme.socket>. Moreover temporary iptables rules are no longer installed. Hosts without a public HTTP daemon listening on port 80 need to set the 'listen' option to [::] and/or 0.0.0.0, and possibly set the 'iptables' option to Yes.
author: Guilhem Moulin <guilhem@fripost.org> 2017-06-28 17:19:46 +0200
committer: Guilhem Moulin <guilhem@fripost.org> 2017-06-28 22:09:43 +0200
commit: 944407621f313c15f6cfd53267da1ddbdaceec9f (patch)
tree: 1602c3136d28ac54dafec995a7b6d0a6e83ff8e2 /webserver
parent: f4af28d7e526bd56a78225daf84d11cdf96bd611 (diff)
1 files changed, 16 insertions, 10 deletions
diff --git a/webserver b/webserver
index e97fe00..7914762 100755
--- a/webserver
+++ b/webserver
@@ -38,12 +38,9 @@ use warnings;
 # not a problem since FD can be bound as root prior to the execve(2).
 
 use Errno 'EINTR';
-use Socket qw/AF_INET AF_INET6/;
+use Socket qw/AF_UNIX AF_INET AF_INET6/;
 
 # Untaint and fdopen(3) the listening socket
-# TODO: we could even take multiple file descriptors and select(2)
-# between them; this could be useful to listen on two sockets, one for
-# INET and one for INET6
 (shift @ARGV // die) =~ /\A(\d+)\z/ or die;
 open my $S, '+<&=', $1 or die "fdopen $1: $!";
 my $ROOT = '/.well-known/acme-challenge';
@@ -57,13 +54,22 @@ sub info($$$) {
 
     # get a string representation of the peer's address
     my $fam = Socket::sockaddr_family($sockaddr);
-    my (undef, $ip) =
-        $fam == AF_INET  ? Socket::unpack_sockaddr_in($sockaddr)  :
-        $fam == AF_INET6 ? Socket::unpack_sockaddr_in6($sockaddr) :
-        die;
-    my $addr = Socket::inet_ntop($fam, $ip);
+    my $peer;
 
-    print STDERR $msg." from [$addr]".(defined $req ? ": $req" : "")."\n";
+    if ($fam == AF_UNIX) {
+        $peer = Socket::unpack_sockaddr_un($sockaddr);
+    } else {
+        my (undef, $ip) =
+            $fam == AF_INET  ? Socket::unpack_sockaddr_in($sockaddr)  :
+            $fam == AF_INET6 ? Socket::unpack_sockaddr_in6($sockaddr) :
+            die;
+        $peer = Socket::inet_ntop($fam, $ip);
+    }
+
+    $msg .= " from [$peer]" if defined $peer and $peer ne '';
+    $msg .= ": $req"        if defined $req;
+
+    print STDERR $msg, "\n";
 }
 
 while (1) {
author	Guilhem Moulin <guilhem@fripost.org>	2017-06-28 17:19:46 +0200
committer	Guilhem Moulin <guilhem@fripost.org>	2017-06-28 22:09:43 +0200
commit	944407621f313c15f6cfd53267da1ddbdaceec9f (patch)
tree	1602c3136d28ac54dafec995a7b6d0a6e83ff8e2 /webserver
parent	f4af28d7e526bd56a78225daf84d11cdf96bd611 (diff)