There are now separate properties for the port that is "displayed" (e.g.
when issuing redirects) and the port that is actually bound. The bind
ports may also be set to "stdin", in which case System.inheritedChannel
is used (expects a socket as file descriptor 0). This allows gigi to
inherit a socket from the system manager ((x)inetd, systemd), which in
turn allows one to run gigi as any user on root ports (e.g. port 80).
Change-Id: I343e1e25daae94aae67db1dd6f25fcfb6241d0fc
+ private boolean isSystemPort(int port) {
+ return 1 <= port && port <= 1024;
+ }
+
public synchronized void boot(InputStream in) throws Exception {
Locale.setDefault(Locale.ENGLISH);
TimeZone.setDefault(TimeZone.getTimeZone("UTC"));
public synchronized void boot(InputStream in) throws Exception {
Locale.setDefault(Locale.ENGLISH);
TimeZone.setDefault(TimeZone.getTimeZone("UTC"));
initHandlers();
s.start();
initHandlers();
s.start();
- if ((ServerConstants.getSecurePort() <= 1024 || ServerConstants.getPort() <= 1024) && !System.getProperty("os.name").toLowerCase().contains("win")) {
+ if ((isSystemPort(ServerConstants.getSecurePort()) || isSystemPort(ServerConstants.getPort())) && !System.getProperty("os.name").toLowerCase().contains("win")) {
SetUID uid = new SetUID();
if ( !uid.setUid(65536 - 2, 65536 - 2).getSuccess()) {
Log.getLogger(Launcher.class).warn("Couldn't set uid!");
SetUID uid = new SetUID();
if ( !uid.setUid(65536 - 2, 65536 - 2).getSuccess()) {
Log.getLogger(Launcher.class).warn("Couldn't set uid!");
protected static ServerConnector createConnector(GigiConfig conf, Server s, HttpConfiguration httpConfig, boolean doHttps) throws GeneralSecurityException, IOException {
ServerConnector connector;
protected static ServerConnector createConnector(GigiConfig conf, Server s, HttpConfiguration httpConfig, boolean doHttps) throws GeneralSecurityException, IOException {
ServerConnector connector;
if (doHttps) {
connector = new ServerConnector(s, createConnectionFactory(conf), new HttpConnectionFactory(httpConfig));
if (doHttps) {
connector = new ServerConnector(s, createConnectionFactory(conf), new HttpConnectionFactory(httpConfig));
+ port = ServerConstants.getSecurePort();
} else {
connector = new ServerConnector(s, new HttpConnectionFactory(httpConfig));
} else {
connector = new ServerConnector(s, new HttpConnectionFactory(httpConfig));
+ port = ServerConstants.getPort();
- connector.setHost(conf.getMainProps().getProperty("host"));
- if (doHttps) {
- connector.setPort(ServerConstants.getSecurePort());
+ if (port == -1) {
+ connector.setInheritChannel(true);
- connector.setPort(ServerConstants.getPort());
+ connector.setHost(conf.getMainProps().getProperty("host"));
+ connector.setPort(port);
}
connector.setAcceptQueueSize(100);
return connector;
}
connector.setAcceptQueueSize(100);
return connector;
private static String apiHostName = "api.cacert.local";
private static String apiHostName = "api.cacert.local";
- private static String securePort, port;
+ private static String securePort, port, secureBindPort, bindPort;
private static String suffix = "cacert.local";
private static String suffix = "cacert.local";
if ( !conf.getProperty("http.port").equals("80")) {
port = ":" + conf.getProperty("http.port");
}
if ( !conf.getProperty("http.port").equals("80")) {
port = ":" + conf.getProperty("http.port");
}
+ secureBindPort = conf.getProperty("https.bindPort", conf.getProperty("https.port"));
+ bindPort = conf.getProperty("http.bindPort", conf.getProperty("http.port"));
wwwHostName = conf.getProperty("name.www");
secureHostName = conf.getProperty("name.secure");
staticHostName = conf.getProperty("name.static");
wwwHostName = conf.getProperty("name.www");
secureHostName = conf.getProperty("name.secure");
staticHostName = conf.getProperty("name.static");
}
public static int getSecurePort() {
}
public static int getSecurePort() {
+ if (secureBindPort != null && !secureBindPort.isEmpty()) {
+ if (secureBindPort.equals("stdin")) {
+ return -1;
+ } else {
+ return Integer.parseInt(secureBindPort);
+ }
+ }
if (securePort.isEmpty()) {
return 443;
}
if (securePort.isEmpty()) {
return 443;
}
}
public static int getPort() {
}
public static int getPort() {
+ if (bindPort != null && !bindPort.isEmpty()) {
+ if (bindPort.equals("stdin")) {
+ return -1;
+ } else {
+ return Integer.parseInt(bindPort);
+ }
+ }
if (port.isEmpty()) {
return 80;
}
if (port.isEmpty()) {
return 80;
}