author | Alberto Bertogli
<albertito@blitiri.com.ar> 2022-10-08 00:09:39 UTC |
committer | Alberto Bertogli
<albertito@blitiri.com.ar> 2022-10-09 11:34:34 UTC |
parent | bcf593dfa9b906bf5d78aa157192f4b52ca07834 |
etc/gofer.yaml | +6 | -4 |
etc/systemd/gofer-http.socket | +0 | -5 |
etc/systemd/gofer-https.socket | +0 | -5 |
etc/systemd/gofer.service | +15 | -2 |
diff --git a/etc/gofer.yaml b/etc/gofer.yaml index 998bb9e..1d27d9b 100644 --- a/etc/gofer.yaml +++ b/etc/gofer.yaml @@ -29,7 +29,7 @@ http: # systemd socket passing is supported, use "&name" to indicate that you've # set up a systemd socket unit with "FileDescriptorName=name". # Examples: ":80", "127.0.0.1:8080", "&http". - "&http": + ":80": # Routes indicate how to handle each request based on its path. # The path have the semantics of http.ServeMux. routes: @@ -85,7 +85,7 @@ http: # HTTPS servers. https: - "&https": + ":443": # Automatically get TLS certificates. # Using this implies acceptance of LetsEncrypt's terms of service (or the # selected CA). @@ -113,9 +113,11 @@ https: # The rest of the fields are the same as for http above. routes: "/": - proxy: "http://localhost:8080/" + dir: "/srv/www/" "/local/": - proxy: "http://localhost:99/" + proxy: "http://localhost:8099/" + "www.mysite.com/": + redirect: "https://mysite.com/" # Raw socket proxying. diff --git a/etc/systemd/gofer-http.socket b/etc/systemd/gofer-http.socket deleted file mode 100644 index 42c3009..0000000 --- a/etc/systemd/gofer-http.socket +++ /dev/null @@ -1,5 +0,0 @@ -[Socket] -ListenStream=80 -FileDescriptorName=http -Service=gofer.service - diff --git a/etc/systemd/gofer-https.socket b/etc/systemd/gofer-https.socket deleted file mode 100644 index 7248a1e..0000000 --- a/etc/systemd/gofer-https.socket +++ /dev/null @@ -1,5 +0,0 @@ -[Socket] -ListenStream=443 -FileDescriptorName=https -Service=gofer.service - diff --git a/etc/systemd/gofer.service b/etc/systemd/gofer.service index 659bf93..e53c2c0 100644 --- a/etc/systemd/gofer.service +++ b/etc/systemd/gofer.service @@ -1,6 +1,5 @@ [Unit] -Description=gofer proxy -Requires=gofer-http.socket gofer-https.socket +Description=gofer web server and reverse proxy [Service] ExecStart=/usr/local/bin/gofer -configfile=/etc/gofer.yaml @@ -10,6 +9,20 @@ Restart=always User=gofer Group=gofer +DynamicUser=true + +# Allow gofer to write in /var, since it is a common destination for logs. +ReadWritePaths=/var + +# Cache directory, used by autocerts. +CacheDirectory=gofer + +# Logs directory, for convenience. +# To use this, configure reqlogs to be inside /var/log/gofer/. +LogsDirectory=gofer + +# Let gofer listen on ports < 1024. +AmbientCapabilities=CAP_NET_BIND_SERVICE # Simple security measures just in case. ProtectSystem=full