ordinaryd 0.7.0

Ordinary Server
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

// Copyright (C) 2026 Ordinary Labs, LLC.
//
// SPDX-License-Identifier: AGPL-3.0-only

use crate::ProvisionMode;
use ordinary_api::server::OrdinaryApiServer;
use ordinary_config::RedactedHashAlg;
use ordinary_monitor::tracing::logger::OrdinaryLogger;
use ordinary_utils::shutdown_signal;
use std::net::Ipv6Addr;
use std::path::Path;
use tokio::net::TcpListener;

#[allow(clippy::fn_params_excessive_bools, clippy::too_many_arguments)]
pub async fn run(
    environment: &str,
    data_dir: &str,
    storage_size: usize,
    log_size: bool,
    insecure: bool,
    insecure_cookies: bool,
    log_headers: bool,
    log_ips: bool,
    port: Option<u16>,
    redirect_port: Option<u16>,
    provision: &ProvisionMode,
    stored_logs: bool,
    logger: Option<OrdinaryLogger>,
    redacted_header_hash: &str,
    dedicated_ports: bool,
    swagger: bool,
    danger_dns_no_verify: bool,
) -> anyhow::Result<()> {
    tracing::debug!("starting multi-domain...");

    let environment_path = Path::new(&data_dir).join("environments").join(environment);

    fs_err::create_dir_all(&environment_path)?;

    let server_span = tracing::info_span!("server", env = %environment, pid = std::process::id());

    tracing::debug!("constructing API server...");

    let api_server =
        OrdinaryApiServer::new(environment, &environment_path, storage_size, logger).await?;

    let cert_dir_path = environment_path.join("certs");

    let port = if insecure {
        port.unwrap_or(80)
    } else {
        port.unwrap_or(443)
    };

    let listener = TcpListener::bind((Ipv6Addr::UNSPECIFIED, port)).await?;

    let redirect_listener = if insecure {
        None
    } else {
        let redirect_port = redirect_port.unwrap_or(80);

        Some(TcpListener::bind((Ipv6Addr::UNSPECIFIED, redirect_port)).await?)
    };

    tracing::debug!("starting API server...");

    let redacted_hash = match redacted_header_hash {
        "blake2" => Some(RedactedHashAlg::Blake2),
        "blake3" => Some(RedactedHashAlg::Blake3),
        _ => None,
    };

    api_server
        .start(
            server_span,
            if insecure {
                ordinary_api::server::SecurityMode::Insecure
            } else {
                ordinary_api::server::SecurityMode::Secure(
                    cert_dir_path,
                    match provision {
                        ProvisionMode::Localhost => ordinary_api::server::ProvisionMode::Localhost,
                        ProvisionMode::Staging => ordinary_api::server::ProvisionMode::Staging,
                        ProvisionMode::Production => {
                            ordinary_api::server::ProvisionMode::Production
                        }
                    },
                )
            },
            listener,
            !insecure_cookies,
            log_headers,
            log_ips,
            log_size,
            redirect_listener,
            dedicated_ports,
            stored_logs,
            redacted_hash,
            swagger,
            shutdown_signal,
            danger_dns_no_verify,
        )
        .await
}