Add FilterSpam option

Jipok · Jipok · commit ac95251b83e7 · 2024-02-19T18:54:51.000+05:00
diff --git a/README.md b/README.md
@@ -85,6 +85,10 @@ SSH.Enabled = false # Default true
 # Used if target not specifies in some [[Domains]] section
 # And for direct access via IP address in manual or self-signed mode
 DefaultTarget = "8080"
+# If true, will filter spam to stdout from http/https servers.
+# Messages like`http: TLS handshake error ...` occur due to
+# bots/crawlers checking all public addresses.
+FilterSpam = true
 # If true will drop privileges if started from root. 
 # Will not be able to save state(tokens) between restarts.
 DropPrivileges = false 
diff --git a/logger.go b/logger.go
@@ -0,0 +1,30 @@
+package main
+
+import (
+	"log"
+	"strings"
+)
+
+type filteredLogger struct {
+	Logger *log.Logger
+}
+
+func (fl *filteredLogger) Write(p []byte) (n int, err error) {
+	msg := string(p)
+
+	// https://github.com/golang/go/issues/26918
+	if strings.HasPrefix(msg, "http: TLS handshake error") {
+		return len(p), nil
+	}
+
+	return fl.Logger.Writer().Write(p)
+}
+
+// Less spam from bots/crawlers
+func newServerErrorLog() *log.Logger {
+	if cfg.FilterSpam {
+		return log.New(&filteredLogger{log.Default()}, "", 0)
+	} else {
+		return log.Default()
+	}
+}
diff --git a/main.go b/main.go
@@ -44,6 +44,7 @@ type Config struct {
 		Cert  string
 		Key   string
 	}
+	FilterSpam       bool
 	DropPrivileges   bool
 	Listen           string // Interface to listen
 	DefaultTarget    string
@@ -101,6 +102,7 @@ func main() {
 	cfg.SSH.AuthorizedKeys = "~/.ssh/authorized_keys"
 	cfg.Certificate.Type = "self-signed"
 	cfg.DefaultTarget = "8080"
+	cfg.FilterSpam = true      // Less spam like `http: TLS handshake error...`
 	cfg.DropPrivileges = false // Drop privileges if started from root
 	cfg.Listen = "0.0.0.0"
 	cfg.RedirectHTTP = true   // Start server on 80 port that will redirect all to 443 port
diff --git a/ssl-proxy.go b/ssl-proxy.go
@@ -138,7 +138,13 @@ func startWebServer() {
 			http.Redirect(w, r, "https://"+r.Host+r.RequestURI, http.StatusMovedPermanently)
 		}
 		go func() {
-			err := http.ListenAndServe(cfg.Listen+":80", http.HandlerFunc(redirectTLS))
+			// TODO MaxHeaderBytes and timeouts to read/write/idle
+			httpServer := http.Server{
+				Addr:     cfg.Listen + ":80",
+				Handler:  http.HandlerFunc(redirectTLS),
+				ErrorLog: newServerErrorLog(),
+			}
+			err := httpServer.ListenAndServe()
 			if err != nil {
 				log.Fatal("HTTP redirection server failure", err)
 			}
@@ -159,6 +165,7 @@ func startWebServer() {
 			Addr:      address,
 			TLSConfig: m.TLSConfig(),
 			Handler:   mux,
+			ErrorLog:  newServerErrorLog(),
 		}
 		err = s.ListenAndServeTLS("", "")
 	} else {
