fix #3390: standalone: explicitly bind to '::'

[proxmox-acme.git] / src / PVE / ACME / StandAlone.pm

package PVE::ACME::StandAlone;

use strict;
use warnings;

use HTTP::Daemon;
use HTTP::Response;

use base qw(PVE::ACME::Challenge);

sub supported_challenge_types {
    return ['http-01'];
}

sub type {
    return 'standalone';
}

sub properties {
    return {};
}

sub options {
    return {
        nodes => { optional => 1 },
        disable => { optional => 1 },
    };
}

sub setup {
    my ($self, $acme, $auth, $data) = @_;

    print "Setting up webserver\n";

    my $challenge = $self->extract_challenge($auth->{challenges});
    my $key_auth = $acme->key_authorization($challenge->{token});

    my %sockopts = (
        LocalPort => 80,
        ReuseAddr => 1,
        );
    my $server = HTTP::Daemon->new( LocalHost => '::', V6Only => 0, %sockopts) //
            HTTP::Daemon->new( LocalHost => '0.0.0.0', %sockopts)
            or die "Failed to initialize HTTP daemon\n";

    my $pid = fork() // die "Failed to fork HTTP daemon - $!\n";
    if ($pid) {
        $data->{server} = $server;
        $data->{pid} = $pid;
        $data->{url} = $challenge->{url};
    } else {
        while (my $c = $server->accept()) {
            while (my $r = $c->get_request()) {
                if ($r->method() eq 'GET' and
                    $r->uri->path eq "/.well-known/acme-challenge/$challenge->{token}") {
                    my $resp = HTTP::Response->new(200, 'OK', undef, $key_auth);
                    $resp->request($r);
                    $c->send_response($resp);
                } else {
                    $c->send_error(404, 'Not found.')
                }
            }
            $c->close();
            $c = undef;
        }
    }
}

sub teardown {
    my ($self, $acme, $auth, $data) = @_;

    eval { $data->{server}->close() };
    kill('KILL', $data->{pid});
    waitpid($data->{pid}, 0);
}

1;