add the port-80 message and improve readme · ptr.pet/Allegedly@b106775

ptr.pet / Allegedly

forked from microcosm.blue/Allegedly

fork atom

Server tools to backfill, tail, mirror, and verify PLC logs

fork atom

add the port-80 message and improve readme

bad-example.com 5 months ago b106775a 63a8310e

+50 -6

2 changed files

expand all

unified split

readme.md

src

mirror.rs

+22 -6

readme.md

··· 7 7 - Tail PLC ops to stdout: `allegedly tail | jq` 8 8 - Export PLC ops to weekly gzipped bundles: `allegdly bundle --dest ./some-folder` 9 9 - Dump bundled ops to stdout FAST: `allegedly backfill --source-workers 6 | pv -l > /ops-unordered.jsonl` 10 - - Wrap the reference PLC server and run it as a mirror: 10 + - Wrap the reference PLC server and run it as a mirror, copying ops from upstream: 11 11 12 12 ```bash 13 + allegedly mirror \ 14 + --wrap "http://127.0.0.1:3000" \ 15 + --wrap-pg "postgresql://user:pass@pg-host:5432/plc-db" 16 + ``` 17 + 18 + - Wrap a plc server, maximalist edition: 19 + 20 + ```bash 21 + # put sensitive values in environment so they don't leak via process name. 13 22 export ALLEGEDLY_WRAP_PG="postgresql://user:pass@pg-host:5432/plc-db" 14 - allegedly --upstream "https://plc.directory" mirror \ 15 - --bind "0.0.0.0:8000" \ 16 - --wrap "http://127.0.0.1:3000" 17 - ``` 18 23 19 - (add `--help` to any command for more info about it) 24 + # sudo to bind :80 + :443 for acme tls, but it's better to give user net cap. 25 + # will try to autoprovision cert for "plc.wtf" from letsencrypt staging. 26 + sudo allegedly mirror \ 27 + --upstream "https://plc.directory" \ 28 + --wrap "http://127.0.0.1:3000" \ 29 + --acme-domain "plc.wtf" \ 30 + --acme-cache-dir ./acme-cache \ 31 + --acme-directory-url "https://acme-staging-v02.api.letsencrypt.org/directory" 32 + ``` 33 + 34 + 35 + add `--help` to any command for more info about it 20 36 21 37 22 38 ## install

+28

src/mirror.rs

··· 230 230 auto_cert = auto_cert.domain(domain); 231 231 } 232 232 let auto_cert = auto_cert.build().expect("acme config to build"); 233 + 234 + run_insecure_notice(); 233 235 run(app, TcpListener::bind("0.0.0.0:443").acme(auto_cert)).await 234 236 } 235 237 ListenConf::Bind(addr) => run(app, TcpListener::bind(addr)).await, ··· 246 248 .run(app) 247 249 .await 248 250 } 251 + 252 + /// kick off a tiny little server on a tokio task to tell people to use 443 253 + fn run_insecure_notice() { 254 + #[handler] 255 + fn oop_plz_be_secure() -> (StatusCode, String) { 256 + ( 257 + StatusCode::BAD_REQUEST, 258 + format!( 259 + r#"{} 260 + 261 + You probably want to change your request to use HTTPS instead of HTTP. 262 + "#, 263 + logo("mirror (tls on 443 please)") 264 + ), 265 + ) 266 + } 267 + 268 + let app = Route::new().at("/", get(oop_plz_be_secure)).with(Tracing); 269 + let listener = TcpListener::bind("0.0.0.0:80"); 270 + tokio::task::spawn(async move { 271 + Server::new(listener) 272 + .name("allegedly (mirror:80 helper)") 273 + .run(app) 274 + .await 275 + }); 276 + }