HTTP/HTTPS adjustments (#314)

# Changes
* Validate private/public key pair before attempting to start server on HTTPS port.
* Improved logging of staging of web server start up/failure.
* Renaming `WebPort` to `HttpPort` in config.yaml
* Adding `HttpsRedirect` boolean. 
  * if true, will redirect http traffic to https. Must have both http and https running for this to work.
* Possible to run no web server at all by setting http/https ports to zero.

Author: Volte6

_datafiles/config.yaml

@@ -385,13 +385,16 @@ Network:
   # - LocalPort -
   #   A port that can only be accessed via localhost, but will not limit based on connection count
   LocalPort: 9999
-  # - WebPort -
+  # - HttpPort -
   #   The port the server listens on for web requests
-  WebPort: 80
+  HttpPort: 80
   # - HttpsPort -
   #   The port the server listens on for web requests
   #   Note: Must have a cert/key file (See FilePaths)
   HttpsPort: 443
+  # - HttpsRedirect -
+  #   If true, will send all http traffic to https with a redirect
+  HttpsRedirect: false
   # - AfkSeconds -
   #   If this many seconds pass without player input, they are flagged as afk
   #   Set to zero to never mark anyone as AFK

internal/configs/config.network.go

@@ -4,8 +4,9 @@ type Network struct {
 	MaxTelnetConnections ConfigInt         `yaml:"MaxTelnetConnections"` // Maximum number of telnet connections to accept
 	TelnetPort           ConfigSliceString `yaml:"TelnetPort"`           // One or more Ports used to accept telnet connections
 	LocalPort            ConfigInt         `yaml:"LocalPort"`            // Port used for admin connections, localhost only
-	WebPort              ConfigInt         `yaml:"WebPort"`              // Port used for web requests
+	HttpPort             ConfigInt         `yaml:"HttpPort"`             // Port used for web requests
 	HttpsPort            ConfigInt         `yaml:"HttpsPort"`            // Port used for web https requests
+	HttpsRedirect        ConfigBool        `yaml:"HttpsRedirect"`        // If true, http traffic will be redirected to https
 	AfkSeconds           ConfigInt         `yaml:"AfkSeconds"`           // How long until a player is marked as afk?
 	MaxIdleSeconds       ConfigInt         `yaml:"MaxIdleSeconds"`       // How many seconds a player can go without a command in game before being kicked.
 	TimeoutMods          ConfigBool        `yaml:"TimeoutMods"`          // Whether to kick admin/mods when idle too long.
@@ -23,8 +24,12 @@ func (n *Network) Validate() {
 		n.MaxTelnetConnections = 50 // default
 	}
 
-	if n.WebPort < 0 {
-		n.WebPort = 0 // default
+	if n.HttpPort < 0 {
+		n.HttpPort = 0 // default
+	}
+
+	if n.HttpsPort < 0 {
+		n.HttpsPort = 0 // default
 	}
 
 	if n.AfkSeconds < 0 {

internal/web/web.go

@@ -2,11 +2,15 @@ package web
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"log"
+	"log/slog"
+	"net"
 	"net/http"
 	"os"
 	"path/filepath"
+	"strings"
 	"sync"
 	"text/template"
 	"time"
@@ -222,7 +226,14 @@ func serveTemplate(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-func Listen(webPort int, webHttpsPort int, wg *sync.WaitGroup, webSocketHandler func(*websocket.Conn)) {
+func Listen(wg *sync.WaitGroup, webSocketHandler func(*websocket.Conn)) {
+
+	networkConfig := configs.GetNetworkConfig()
+
+	if networkConfig.HttpPort == 0 && networkConfig.HttpsPort == 0 {
+		slog.Error(`Web`, "error", "No ports defined. No web server will be started.")
+		return
+	}
 
 	// Routing
 	// Basic homepage
@@ -294,45 +305,97 @@ func Listen(webPort int, webHttpsPort int, wg *sync.WaitGroup, webSocketHandler
 		doBasicAuth(roomData),
 	))
 
-	// HTTP Server
-	wg.Add(1)
-	httpServer = &http.Server{Addr: fmt.Sprintf(`:%d`, webPort)}
-	go func() {
+	//
+	// Http server start up
+	//
 
-		mudlog.Info("Starting http server", "webport", webPort)
+	if networkConfig.HttpPort > 0 {
 
-		defer wg.Done()
-		if err := httpServer.ListenAndServe(); err != nil && err != http.ErrServerClosed {
-			mudlog.Error("Error starting web server", "error", err)
+		httpServer = &http.Server{
+			Addr: fmt.Sprintf(`:%d`, networkConfig.HttpPort),
 		}
-	}()
 
-	if webHttpsPort > 0 {
+		if networkConfig.HttpsRedirect && networkConfig.HttpsPort != 0 {
 
-		filePaths := configs.GetFilePathsConfig()
+			var redirectHandler http.HandlerFunc = func(w http.ResponseWriter, r *http.Request) {
 
-		certFile := ``
-		keyFile := ``
+				host := r.Host
+
+				// If the host header includes a port (e.g. "example.com:80"), strip it out.
+				if strings.Contains(host, ":") {
+					host, _, _ = net.SplitHostPort(host)
+				}
+
+				// Build the target URL with your known HTTPS port (443 in this case).
+				target := fmt.Sprintf("https://%s:%d%s", host, networkConfig.HttpsPort, r.RequestURI)
+
+				http.Redirect(w, r, target, http.StatusMovedPermanently)
+
+			}
+
+			httpServer.Handler = redirectHandler
 
-		if _, err := os.Stat(string(filePaths.HttpsCertFile)); err == nil {
-			certFile = string(filePaths.HttpsCertFile)
-		}
-		if _, err := os.Stat(string(filePaths.HttpsKeyFile)); err == nil {
-			keyFile = string(filePaths.HttpsKeyFile)
 		}
 
-		if certFile != `` && keyFile != `` {
-			wg.Add(1)
-			httpsServer = &http.Server{Addr: fmt.Sprintf(`:%d`, webHttpsPort)}
-			go func() {
+		// HTTP Server
+		wg.Add(1)
+
+		mudlog.Info("HTTP", "stage", "Starting http server", "port", networkConfig.HttpPort)
+		go func() {
+			defer wg.Done()
+
+			if err := httpServer.ListenAndServe(); err != nil && err != http.ErrServerClosed {
+				mudlog.Error("HTTP", "error", fmt.Errorf("Error starting web server: %w", err))
+			}
+		}()
+	}
+
+	//
+	// Https server start up
+	//
 
-				mudlog.Info("Starting https server", "webHttpsPort", webHttpsPort)
+	if networkConfig.HttpsPort > 0 {
 
-				defer wg.Done()
-				if err := httpsServer.ListenAndServeTLS(certFile, keyFile); err != nil && err != http.ErrServerClosed {
-					mudlog.Error("Error starting HTTPS web server", "error", err)
+		filePaths := configs.GetFilePathsConfig()
+
+		if len(filePaths.HttpsCertFile) == 0 || len(filePaths.HttpsKeyFile) == 0 {
+
+			mudlog.Info("HTTPS", "stage", "skipping", "error", "Undefined key file", "Public Cert", filePaths.HttpsCertFile, "Private Key", filePaths.HttpsKeyFile)
+
+		} else {
+
+			if filePaths.HttpsCertFile != `` && filePaths.HttpsKeyFile != `` {
+
+				mudlog.Info("HTTPS", "stage", "Validating public/private key pair", "Public Cert", filePaths.HttpsCertFile, "Private Key", filePaths.HttpsKeyFile)
+
+				cert, err := tls.LoadX509KeyPair(string(filePaths.HttpsCertFile), string(filePaths.HttpsKeyFile))
+
+				if err != nil {
+
+					mudlog.Error("HTTPS", "error", fmt.Errorf("Error loading certificate and key: %w", err))
+
+				} else {
+
+					tlsConfig := &tls.Config{
+						Certificates: []tls.Certificate{cert},
+					}
+
+					wg.Add(1)
+
+					httpsServer = &http.Server{
+						Addr:      fmt.Sprintf(`:%d`, networkConfig.HttpsPort),
+						TLSConfig: tlsConfig,
+					}
+
+					mudlog.Info("HTTPS", "stage", "Starting https server", "port", networkConfig.HttpsPort)
+					go func() {
+						defer wg.Done()
+						if err := httpsServer.ListenAndServeTLS("", ""); err != nil && err != http.ErrServerClosed {
+							mudlog.Error("HTTPS", "error", fmt.Errorf("Error starting HTTPS web server: %w", err))
+						}
+					}()
 				}
-			}()
+			}
 		}
 	}
 
@@ -357,13 +420,17 @@ func Shutdown() {
 
 	if httpServer != nil {
 		if err := httpServer.Shutdown(ctx); err != nil {
-			log.Printf("HTTP server shutdown failed:%+v", err)
+			mudlog.Error("HTTP", "error", fmt.Errorf("HTTP server shutdown failed: %w", err))
+		} else {
+			mudlog.Info("HTTPS", "stage", "stopped")
 		}
 	}
 
 	if httpsServer != nil {
 		if err := httpsServer.Shutdown(ctx); err != nil {
-			log.Printf("HTTPS server shutdown failed:%+v", err)
+			mudlog.Error("HTTPS", "error", fmt.Errorf("HTTP server shutdown failed: %w", err))
+		} else {
+			mudlog.Info("HTTPS", "stage", "stopped")
 		}
 	}
 }

main.go

@@ -168,14 +168,20 @@ func main() {
 		"name", string(c.Server.MudName),
 	)
 
+	mudlog.Info(`========================`)
+
 	// Load all the data files up front.
 	loadAllDataFiles(false)
 
+	mudlog.Info(`========================`)
+
 	mudlog.Info("Mapper", "status", "precaching")
 	timeStart := time.Now()
 	mapper.PreCacheMaps()
 	mudlog.Info("Mapper", "status", "done", "time taken", time.Since(timeStart))
 
+	mudlog.Info(`========================`)
+
 	// Create the user index
 	idx := users.NewUserIndex()
 	if !idx.Exists() {
@@ -195,7 +201,6 @@ func main() {
 
 	scripting.Setup(int(c.Scripting.LoadTimeoutMs), int(c.Scripting.RoomTimeoutMs))
 
-	//
 	mudlog.Info(`========================`)
 
 	// Trigger the load plugins event
@@ -219,7 +224,8 @@ func main() {
 	// Set the server to be alive
 	serverAlive.Store(true)
 
-	web.Listen(int(c.Network.WebPort), int(c.Network.HttpsPort), &wg, HandleWebSocketConnection)
+	mudlog.Info(`========================`)
+	web.Listen(&wg, HandleWebSocketConnection)
 
 	allServerListeners := make([]net.Listener, 0, len(c.Network.TelnetPort))
 	for _, port := range c.Network.TelnetPort {

world.go

@@ -1018,7 +1018,7 @@ func (w *World) UpdateStats() {
 		}
 	}
 
-	s.WebSocketPort = int(c.WebPort)
+	s.WebSocketPort = int(c.HttpPort)
 
 	web.UpdateStats(s)
 }