Merge pull request #84 from tobychui/2.6.8

Update v2.6.8

src/acme.go

@@ -4,7 +4,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"log"
 	"math/rand"
 	"net/http"
 	"regexp"
@@ -29,7 +28,7 @@ func getRandomPort(minPort int) int {
 
 // init the new ACME instance
 func initACME() *acme.ACMEHandler {
-	log.Println("Starting ACME handler")
+	SystemWideLogger.Println("Starting ACME handler")
 	rand.Seed(time.Now().UnixNano())
 	// Generate a random port above 30000
 	port := getRandomPort(30000)
@@ -44,7 +43,7 @@ func initACME() *acme.ACMEHandler {
 
 // create the special routing rule for ACME
 func acmeRegisterSpecialRoutingRule() {
-	log.Println("Assigned temporary port:" + acmeHandler.Getport())
+	SystemWideLogger.Println("Assigned temporary port:" + acmeHandler.Getport())
 
 	err := dynamicProxyRouter.AddRoutingRules(&dynamicproxy.RoutingRule{
 		ID: "acme-autorenew",
@@ -79,7 +78,7 @@ func acmeRegisterSpecialRoutingRule() {
 	})
 
 	if err != nil {
-		log.Println("[Err] " + err.Error())
+		SystemWideLogger.PrintAndLog("ACME", "Unable register temp port for DNS resolver", err)
 	}
 }
 
@@ -89,7 +88,7 @@ func AcmeCheckAndHandleRenewCertificate(w http.ResponseWriter, r *http.Request)
 	if dynamicProxyRouter.Option.Port == 443 {
 		//Enable port 80 to 443 redirect
 		if !dynamicProxyRouter.Option.ForceHttpsRedirect {
-			log.Println("Temporary enabling HTTP to HTTPS redirect for ACME certificate renew requests")
+			SystemWideLogger.Println("Temporary enabling HTTP to HTTPS redirect for ACME certificate renew requests")
 			dynamicProxyRouter.UpdateHttpToHttpsRedirectSetting(true)
 		} else {
 			//Set this to true, so after renew, do not turn it off
@@ -110,7 +109,7 @@ func AcmeCheckAndHandleRenewCertificate(w http.ResponseWriter, r *http.Request)
 	if dynamicProxyRouter.Option.Port == 443 {
 		if !isForceHttpsRedirectEnabledOriginally {
 			//Default is off. Turn the redirection off
-			log.Println("Restoring HTTP to HTTPS redirect settings")
+			SystemWideLogger.PrintAndLog("ACME", "Restoring HTTP to HTTPS redirect settings", nil)
 			dynamicProxyRouter.UpdateHttpToHttpsRedirectSetting(false)
 		}
 	}
@@ -130,7 +129,7 @@ func HandleACMEPreferredCA(w http.ResponseWriter, r *http.Request) {
 		acme.IsSupportedCA(ca)
 		//Set the new config
 		sysdb.Write("acmepref", "prefca", ca)
-		log.Println("Updating prefered ACME CA to " + ca)
+		SystemWideLogger.Println("Updating prefered ACME CA to " + ca)
 		utils.SendOK(w)
 	}
 

src/api.go

@@ -54,6 +54,7 @@ func initAPIs() {
 	authRouter.HandleFunc("/api/proxy/tlscheck", HandleCheckSiteSupportTLS)
 	authRouter.HandleFunc("/api/proxy/setIncoming", HandleIncomingPortSet)
 	authRouter.HandleFunc("/api/proxy/useHttpsRedirect", HandleUpdateHttpsRedirect)
+	authRouter.HandleFunc("/api/proxy/listenPort80", HandleUpdatePort80Listener)
 	authRouter.HandleFunc("/api/proxy/requestIsProxied", HandleManagementProxyCheck)
 	//Reverse proxy root related APIs
 	authRouter.HandleFunc("/api/proxy/root/listOptions", HandleRootRouteOptionList)

src/cert.go

@@ -6,7 +6,6 @@ import (
 	"encoding/pem"
 	"fmt"
 	"io"
-	"log"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -128,7 +127,7 @@ func handleListDomains(w http.ResponseWriter, r *http.Request) {
 		certBtyes, err := os.ReadFile(certFilepath)
 		if err != nil {
 			// Unable to load this file
-			log.Println("Unable to load certificate: " + certFilepath)
+			SystemWideLogger.PrintAndLog("TLS", "Unable to load certificate: "+certFilepath, err)
 			continue
 		} else {
 			// Cert loaded. Check its expiry time
@@ -182,11 +181,11 @@ func handleToggleTLSProxy(w http.ResponseWriter, r *http.Request) {
 	} else {
 		if newState == "true" {
 			sysdb.Write("settings", "usetls", true)
-			log.Println("Enabling TLS mode on reverse proxy")
+			SystemWideLogger.Println("Enabling TLS mode on reverse proxy")
 			dynamicProxyRouter.UpdateTLSSetting(true)
 		} else if newState == "false" {
 			sysdb.Write("settings", "usetls", false)
-			log.Println("Disabling TLS mode on reverse proxy")
+			SystemWideLogger.Println("Disabling TLS mode on reverse proxy")
 			dynamicProxyRouter.UpdateTLSSetting(false)
 		} else {
 			utils.SendErrorResponse(w, "invalid state given. Only support true or false")
@@ -213,11 +212,11 @@ func handleSetTlsRequireLatest(w http.ResponseWriter, r *http.Request) {
 	} else {
 		if newState == "true" {
 			sysdb.Write("settings", "forceLatestTLS", true)
-			log.Println("Updating minimum TLS version to v1.2 or above")
+			SystemWideLogger.Println("Updating minimum TLS version to v1.2 or above")
 			dynamicProxyRouter.UpdateTLSVersion(true)
 		} else if newState == "false" {
 			sysdb.Write("settings", "forceLatestTLS", false)
-			log.Println("Updating minimum TLS version to v1.0 or above")
+			SystemWideLogger.Println("Updating minimum TLS version to v1.0 or above")
 			dynamicProxyRouter.UpdateTLSVersion(false)
 		} else {
 			utils.SendErrorResponse(w, "invalid state given")

src/config.go

@@ -5,7 +5,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"log"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -29,6 +28,7 @@ type Record struct {
 	Rootname                string
 	ProxyTarget             string
 	UseTLS                  bool
+	BypassGlobalTLS         bool
 	SkipTlsValidation       bool
 	RequireBasicAuth        bool
 	BasicAuthCredentials    []*dynamicproxy.BasicAuthCredentials
@@ -61,11 +61,11 @@ func SaveReverseProxyEndpointToFile(proxyEndpoint *dynamicproxy.ProxyEndpoint) e
 func RemoveReverseProxyConfigFile(rootname string) error {
 	filename := getFilenameFromRootName(rootname)
 	removePendingFile := strings.ReplaceAll(filepath.Join("./conf/proxy/", filename), "\\", "/")
-	log.Println("Config Removed: ", removePendingFile)
+	SystemWideLogger.Println("Config Removed: ", removePendingFile)
 	if utils.FileExists(removePendingFile) {
 		err := os.Remove(removePendingFile)
 		if err != nil {
-			log.Println(err.Error())
+			SystemWideLogger.PrintAndLog("Proxy", "Unabel to remove config file", err)
 			return err
 		}
 	}
@@ -81,6 +81,7 @@ func LoadReverseProxyConfig(filename string) (*Record, error) {
 		Rootname:                "",
 		ProxyTarget:             "",
 		UseTLS:                  false,
+		BypassGlobalTLS:         false,
 		SkipTlsValidation:       false,
 		RequireBasicAuth:        false,
 		BasicAuthCredentials:    []*dynamicproxy.BasicAuthCredentials{},
@@ -109,6 +110,7 @@ func ConvertProxyEndpointToRecord(targetProxyEndpoint *dynamicproxy.ProxyEndpoin
 		Rootname:                targetProxyEndpoint.RootOrMatchingDomain,
 		ProxyTarget:             targetProxyEndpoint.Domain,
 		UseTLS:                  targetProxyEndpoint.RequireTLS,
+		BypassGlobalTLS:         targetProxyEndpoint.BypassGlobalTLS,
 		SkipTlsValidation:       targetProxyEndpoint.SkipCertValidations,
 		RequireBasicAuth:        targetProxyEndpoint.RequireBasicAuth,
 		BasicAuthCredentials:    targetProxyEndpoint.BasicAuthCredentials,
@@ -191,22 +193,22 @@ func ExportConfigAsZip(w http.ResponseWriter, r *http.Request) {
 		//Also zip in the sysdb
 		zipFile, err := zipWriter.Create("sys.db")
 		if err != nil {
-			log.Println("[Backup] Unable to zip sysdb: " + err.Error())
+			SystemWideLogger.PrintAndLog("Backup", "Unable to zip sysdb", err)
 			return
 		}
 
 		// Open the file on disk
 		file, err := os.Open("sys.db")
 		if err != nil {
-			log.Println("[Backup] Unable to open sysdb: " + err.Error())
+			SystemWideLogger.PrintAndLog("Backup", "Unable to open sysdb", err)
 			return
 		}
 		defer file.Close()
 
 		// Copy the file contents to the zip file
 		_, err = io.Copy(zipFile, file)
 		if err != nil {
-			log.Println(err)
+			SystemWideLogger.Println(err)
 			return
 		}
 
@@ -311,12 +313,12 @@ func ImportConfigFromZip(w http.ResponseWriter, r *http.Request) {
 
 	// Send a success response
 	w.WriteHeader(http.StatusOK)
-	log.Println("Configuration restored")
+	SystemWideLogger.Println("Configuration restored")
 	fmt.Fprintln(w, "Configuration restored")
 
 	if restoreDatabase {
 		go func() {
-			log.Println("Database altered. Restarting in 3 seconds...")
+			SystemWideLogger.Println("Database altered. Restarting in 3 seconds...")
 			time.Sleep(3 * time.Second)
 			os.Exit(0)
 		}()

src/main.go

@@ -20,6 +20,7 @@ import (
 	"imuslab.com/zoraxy/mod/email"
 	"imuslab.com/zoraxy/mod/ganserv"
 	"imuslab.com/zoraxy/mod/geodb"
+	"imuslab.com/zoraxy/mod/info/logger"
 	"imuslab.com/zoraxy/mod/mdns"
 	"imuslab.com/zoraxy/mod/netstat"
 	"imuslab.com/zoraxy/mod/pathrule"
@@ -44,10 +45,11 @@ var acmeAutoRenewInterval = flag.Int("autorenew", 86400, "ACME auto TLS/SSL cert
 var enableHighSpeedGeoIPLookup = flag.Bool("fastgeoip", false, "Enable high speed geoip lookup, require 1GB extra memory (Not recommend for low end devices)")
 var staticWebServerRoot = flag.String("webroot", "./www", "Static web server root folder. Only allow chnage in start paramters")
 var allowWebFileManager = flag.Bool("webfm", true, "Enable web file manager for static web server root folder")
+var logOutputToFile = flag.Bool("log", true, "Log terminal output to file")
 
 var (
 	name        = "Zoraxy"
-	version     = "2.6.7"
+	version     = "2.6.8"
 	nodeUUID    = "generic"
 	development = false //Set this to false to use embedded web fs
 	bootTime    = time.Now().Unix()
@@ -80,8 +82,9 @@ var (
 	staticWebServer    *webserv.WebServer      //Static web server for hosting simple stuffs
 
 	//Helper modules
-	EmailSender    *email.Sender        //Email sender that handle email sending
-	AnalyticLoader *analytic.DataLoader //Data loader for Zoraxy Analytic
+	EmailSender      *email.Sender        //Email sender that handle email sending
+	AnalyticLoader   *analytic.DataLoader //Data loader for Zoraxy Analytic
+	SystemWideLogger *logger.Logger       //Logger for Zoraxy
 )
 
 // Kill signal handler. Do something before the system the core terminate.
@@ -116,6 +119,9 @@ func ShutdownSeq() {
 	fmt.Println("- Cleaning up tmp files")
 	os.RemoveAll("./tmp")
 
+	fmt.Println("- Closing system wide logger")
+	SystemWideLogger.Close()
+
 	//Close database, final
 	fmt.Println("- Stopping system database")
 	sysdb.Close()
@@ -151,7 +157,7 @@ func main() {
 	}
 	uuidBytes, err := os.ReadFile(uuidRecord)
 	if err != nil {
-		log.Println("Unable to read system uuid from file system")
+		SystemWideLogger.PrintAndLog("ZeroTier", "Unable to read system uuid from file system", nil)
 		panic(err)
 	}
 	nodeUUID = string(uuidBytes)
@@ -173,7 +179,7 @@ func main() {
 	//Start the finalize sequences
 	finalSequence()
 
-	log.Println("Zoraxy started. Visit control panel at http://localhost" + handler.Port)
+	SystemWideLogger.Println("Zoraxy started. Visit control panel at http://localhost" + handler.Port)
 	err = http.ListenAndServe(handler.Port, nil)
 
 	if err != nil {

src/mod/dynamicproxy/dynamicproxy.go

@@ -60,6 +60,12 @@ func (router *Router) UpdateTLSVersion(requireLatest bool) {
 	router.Restart()
 }
 
+// Update port 80 listener state
+func (router *Router) UpdatePort80ListenerState(useRedirect bool) {
+	router.Option.ListenOnPort80 = useRedirect
+	router.Restart()
+}
+
 // Update https redirect, which will require updates
 func (router *Router) UpdateHttpToHttpsRedirectSetting(useRedirect bool) {
 	router.Option.ForceHttpsRedirect = useRedirect
@@ -95,27 +101,73 @@ func (router *Router) StartProxyService() error {
 	}
 
 	if router.Option.UseTls {
-		//Serve with TLS mode
-		ln, err := tls.Listen("tcp", ":"+strconv.Itoa(router.Option.Port), config)
-		if err != nil {
-			log.Println(err)
-			router.Running = false
-			return err
+		/*
+			//Serve with TLS mode
+			ln, err := tls.Listen("tcp", ":"+strconv.Itoa(router.Option.Port), config)
+			if err != nil {
+				log.Println(err)
+				router.Running = false
+				return err
+			}
+			router.tlsListener = ln
+		*/
+		router.server = &http.Server{
+			Addr:      ":" + strconv.Itoa(router.Option.Port),
+			Handler:   router.mux,
+			TLSConfig: config,
 		}
-		router.tlsListener = ln
-		router.server = &http.Server{Addr: ":" + strconv.Itoa(router.Option.Port), Handler: router.mux}
 		router.Running = true
 
-		if router.Option.Port != 80 && router.Option.ForceHttpsRedirect {
+		if router.Option.Port != 80 && router.Option.ListenOnPort80 {
 			//Add a 80 to 443 redirector
 			httpServer := &http.Server{
 				Addr: ":80",
 				Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-					protocol := "https://"
-					if router.Option.Port == 443 {
-						http.Redirect(w, r, protocol+r.Host+r.RequestURI, http.StatusTemporaryRedirect)
+					//Check if the domain requesting allow non TLS mode
+					domainOnly := r.Host
+					if strings.Contains(r.Host, ":") {
+						hostPath := strings.Split(r.Host, ":")
+						domainOnly = hostPath[0]
+					}
+					sep := router.getSubdomainProxyEndpointFromHostname(domainOnly)
+					if sep != nil && sep.BypassGlobalTLS {
+						//Allow routing via non-TLS handler
+						originalHostHeader := r.Host
+						if r.URL != nil {
+							r.Host = r.URL.Host
+						} else {
+							//Fallback when the upstream proxy screw something up in the header
+							r.URL, _ = url.Parse(originalHostHeader)
+						}
+
+						sep.Proxy.ServeHTTP(w, r, &dpcore.ResponseRewriteRuleSet{
+							ProxyDomain:  sep.Domain,
+							OriginalHost: originalHostHeader,
+							UseTLS:       sep.RequireTLS,
+							PathPrefix:   "",
+						})
+						return
+					}
+
+					if router.Option.ForceHttpsRedirect {
+						//Redirect to https is enabled
+						protocol := "https://"
+						if router.Option.Port == 443 {
+							http.Redirect(w, r, protocol+r.Host+r.RequestURI, http.StatusTemporaryRedirect)
+						} else {
+							http.Redirect(w, r, protocol+r.Host+":"+strconv.Itoa(router.Option.Port)+r.RequestURI, http.StatusTemporaryRedirect)
+						}
 					} else {
-						http.Redirect(w, r, protocol+r.Host+":"+strconv.Itoa(router.Option.Port)+r.RequestURI, http.StatusTemporaryRedirect)
+						//Do not do redirection
+						if sep != nil {
+							//Sub-domain exists but not allow non-TLS access
+							w.WriteHeader(http.StatusBadRequest)
+							w.Write([]byte("400 - Bad Request"))
+						} else {
+							//No defined sub-domain
+							http.NotFound(w, r)
+						}
+
 					}
 
 				}),
@@ -143,7 +195,7 @@ func (router *Router) StartProxyService() error {
 				if err := httpServer.ListenAndServe(); err != nil && err != http.ErrServerClosed {
 					//Unable to startup port 80 listener. Handle shutdown process gracefully
 					stopChan <- true
-					log.Fatalf("Could not start server: %v\n", err)
+					log.Fatalf("Could not start redirection server: %v\n", err)
 				}
 			}()
 			router.tlsRedirectStop = stopChan
@@ -152,8 +204,8 @@ func (router *Router) StartProxyService() error {
 		//Start the TLS server
 		log.Println("Reverse proxy service started in the background (TLS mode)")
 		go func() {
-			if err := router.server.Serve(ln); err != nil && err != http.ErrServerClosed {
-				log.Fatalf("Could not start server: %v\n", err)
+			if err := router.server.ListenAndServeTLS("", ""); err != nil && err != http.ErrServerClosed {
+				log.Fatalf("Could not start proxy server: %v\n", err)
 			}
 		}()
 	} else {

src/mod/dynamicproxy/subdomain.go

@@ -38,6 +38,7 @@ func (router *Router) AddSubdomainRoutingService(options *SubdOptions) error {
 		Domain:                  domain,
 		RequireTLS:              options.RequireTLS,
 		Proxy:                   proxy,
+		BypassGlobalTLS:         options.BypassGlobalTLS,
 		SkipCertValidations:     options.SkipCertValidations,
 		RequireBasicAuth:        options.RequireBasicAuth,
 		BasicAuthCredentials:    options.BasicAuthCredentials,

src/mod/dynamicproxy/typedef.go

@@ -27,6 +27,7 @@ type RouterOption struct {
 	Port               int    //Incoming port
 	UseTls             bool   //Use TLS to serve incoming requsts
 	ForceTLSLatest     bool   //Force TLS1.2 or above
+	ListenOnPort80     bool   //Enable port 80 http listener
 	ForceHttpsRedirect bool   //Force redirection of http to https endpoint
 	TlsManager         *tlscert.Manager
 	RedirectRuleTable  *redirection.RuleTable