Implement HTTPS server support; run server on HTTPS

main.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
@@ -14,32 +15,21 @@ import (
 	"song-recognition/wav"
 	"strings"
 
-	"github.com/gin-gonic/gin"
 	"github.com/mdobak/go-xerrors"
 
 	socketio "github.com/googollee/go-socket.io"
+	"github.com/googollee/go-socket.io/engineio"
+	"github.com/googollee/go-socket.io/engineio/transport"
+	"github.com/googollee/go-socket.io/engineio/transport/polling"
+	"github.com/googollee/go-socket.io/engineio/transport/websocket"
 )
 
 const (
 	SONGS_DIR = "songs"
 )
 
-func GinMiddleware(allowOrigin string) gin.HandlerFunc {
+var allowOriginFunc = func(r *http.Request) bool {
-	return func(c *gin.Context) {
+	return true
-		c.Writer.Header().Set("Access-Control-Allow-Origin", allowOrigin)
-		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
-		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE")
-		c.Writer.Header().Set("Access-Control-Allow-Headers", "Accept, Authorization, Content-Type, Content-Length, X-CSRF-Token, Token, session, Origin, Host, Connection, Accept-Encoding, Accept-Language, X-Requested-With")
-
-		if c.Request.Method == http.MethodOptions {
-			c.AbortWithStatus(http.StatusNoContent)
-			return
-		}
-
-		c.Request.Header.Del("Origin")
-
-		c.Next()
-	}
 }
 
 func downloadStatus(statusType, message string) string {
@@ -63,9 +53,17 @@ type RecordData struct {
 }
 
 func main() {
-	router := gin.New()
 
-	server := socketio.NewServer(nil)
+	server := socketio.NewServer(&engineio.Options{
+		Transports: []transport.Transport{
+			&polling.Transport{
+				CheckOrigin: allowOriginFunc,
+			},
+			&websocket.Transport{
+				CheckOrigin: allowOriginFunc,
+			},
+		},
+	})
 
 	logger := utils.GetLogger()
 	ctx := context.Background()
@@ -316,11 +314,39 @@ func main() {
 	}()
 	defer server.Close()
 
-	router.Use(GinMiddleware("http://localhost:3000"))
+	SERVE_HTTPS := strings.ToLower(utils.GetEnv("SERVE_HTTPS"))
-	router.GET("/socket.io/*any", gin.WrapH(server))
+	serveHTTPS := SERVE_HTTPS == "true"
-	router.POST("/socket.io/*any", gin.WrapH(server))
 
-	if err := router.Run(":5000"); err != nil {
+	serveHTTP(server, serveHTTPS)
-		log.Fatal("failed run app: ", err)
+}
+
+func serveHTTP(socketServer *socketio.Server, serveHTTPS bool) {
+	http.Handle("/socket.io/", socketServer)
+
+	if serveHTTPS {
+		httpsAddr := ":443"
+		httpsServer := &http.Server{
+			Addr: httpsAddr,
+			TLSConfig: &tls.Config{
+				MinVersion: tls.VersionTLS12,
+			},
+			Handler: socketServer,
+		}
+
+		cert_key := utils.GetEnv("CERT_KEY")
+		cert_file := utils.GetEnv("CERT_FILE")
+		if cert_key == "" || cert_file == "" {
+			log.Fatal("Missing cert")
+		}
+
+		log.Printf("Starting HTTPS server on %s\n", httpsAddr)
+		if err := httpsServer.ListenAndServeTLS(cert_file, cert_key); err != nil {
+			log.Fatalf("HTTPS server ListenAndServeTLS: %v", err)
+		}
+	}
+
+	log.Printf("Starting HTTP server on port 80")
+	if err := http.ListenAndServe(":80", nil); err != nil {
+		log.Fatalf("HTTP server ListenAndServe: %v", err)
 	}
 }

scripts/before_install.sh

@@ -12,6 +12,20 @@ sudo apt -y install npm
 # install ffmpeg
 sudo apt-get -y install ffmpeg
 
+# install Certbot
+DOMAIN="localport.online"
+EMAIL="cgzirim@gmail.com"
+CERT_DIR="/etc/letsencrypt/live/$DOMAIN"
+
+if [ ! -f "$CERT_DIR" ]; then
+    sudo apt install -y certbot
+    sudo certbot certonly --standalone -d $DOMAIN --email $EMAIL --agree-tos --non-interactive
+    if [ $? -eq 0 ]; then
+        sudo chmod u+r "$CERT_DIR/privkey.pem"
+        sudo chmod u+r "$CERT_DIR/fullchain.pem"
+  fi
+fi
+
 # Install MongoDB only if not already present
 if [ ! -f "/usr/bin/mongod" ]; then
     sudo apt-get install gnupg curl

scripts/start_server.sh

@@ -2,7 +2,13 @@
 
 start_server() {
     cd /home/ubuntu/song-recognition
+    
+    export SERVE_HTTPS="true"
+    export CERT_KEY_PATH="/etc/letsencrypt/live/localport.online/fullchain.pem"
+    export CERT_FILE_PATH="/etc/letsencrypt/live/localport.online/privkey.pem"
+
     go build -tags netgo -ldflags '-s -w' -o app
+    sudo setcap CAP_NET_BIND_SERVICE+ep app
     nohup ./app > backend.log 2>&1 &
 }