View source with formatted comments or as raw
    1/*  Part of SWI-Prolog
    2
    3    Author:        Jan Wielemaker
    4    E-mail:        J.Wielemaker@vu.nl
    5    WWW:           http://www.swi-prolog.org
    6    Copyright (c)  2013-2023, University of Amsterdam
    7                              VU University Amsterdam
    8                              CWI, Amsterdam
    9                              SWI-Prolog Solutions b.v.
   10    All rights reserved.
   11
   12    Redistribution and use in source and binary forms, with or without
   13    modification, are permitted provided that the following conditions
   14    are met:
   15
   16    1. Redistributions of source code must retain the above copyright
   17       notice, this list of conditions and the following disclaimer.
   18
   19    2. Redistributions in binary form must reproduce the above copyright
   20       notice, this list of conditions and the following disclaimer in
   21       the documentation and/or other materials provided with the
   22       distribution.
   23
   24    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
   25    "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
   26    LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
   27    FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
   28    COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
   29    INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
   30    BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   31    LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
   32    CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   33    LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
   34    ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
   35    POSSIBILITY OF SUCH DAMAGE.
   36*/
   37
   38:- module(http_unix_daemon,
   39          [ http_daemon/0,
   40            http_daemon/1,                  % +Options
   41            http_opt_type/3,                % ?Flag, ?Option, ?Type
   42            http_opt_help/2,                % ?Option, ?Help
   43            http_opt_meta/2                 % ?Option, ?Meta
   44          ]).   45:- use_module(library(error)).   46:- use_module(library(apply)).   47:- use_module(library(lists)).   48:- use_module(library(debug)).   49:- use_module(library(broadcast)).   50:- use_module(library(socket)).   51:- use_module(library(option)).   52:- use_module(library(uid)).   53:- use_module(library(unix)).   54:- use_module(library(syslog)).   55:- use_module(library(http/thread_httpd)).   56:- use_module(library(http/http_dispatch)).   57:- use_module(library(http/http_host)).   58:- use_module(library(main)).   59:- use_module(library(readutil)).   60
   61:- if(( exists_source(library(http/http_ssl_plugin)),
   62        \+ current_prolog_flag(pldoc_to_tex,true))).   63:- use_module(library(ssl)).   64:- use_module(library(http/http_ssl_plugin)).   65:- endif.   66
   67:- multifile
   68    http_server_hook/1,                     % +Options
   69    http_certificate_hook/3,                % +CertFile, +KeyFile, -Password
   70    http:sni_options/2.                     % +HostName, +SSLOptions
   71
   72:- initialization(http_daemon, main).   73
   74/** <module> Run SWI-Prolog HTTP server as a Unix system daemon
   75
   76This module provides the logic that  is   needed  to integrate a process
   77into the Unix service (daemon) architecture. It deals with the following
   78aspects,  all  of  which  may  be   used/ignored  and  configured  using
   79commandline options:
   80
   81  - Select the port(s) to be used by the server
   82  - Run the startup of the process as root to perform privileged
   83    tasks and the server itself as unpriviledged user, for example
   84    to open ports below 1000.
   85  - Fork and detach from the controlling terminal
   86  - Handle console and debug output using a file and/or the syslog
   87    daemon.
   88  - Manage a _|pid file|_
   89
   90The typical use scenario is to  write   a  file that loads the following
   91components:
   92
   93  1. The application code, including http handlers (see http_handler/3).
   94  2. This library
   95
   96In the code below, =|?- [load].|= loads   the remainder of the webserver
   97code.  This is often a sequence of use_module/1 directives.
   98
   99  ==
  100  :- use_module(library(http/http_unix_daemon)).
  101
  102  :- [load].
  103  ==
  104
  105The   program   entry   point   is     http_daemon/0,   declared   using
  106initialization/2. This may be overruled using   a  new declaration after
  107loading  this  library.  The  new  entry    point  will  typically  call
  108http_daemon/1 to start the server in a preconfigured way.
  109
  110  ==
  111  :- use_module(library(http/http_unix_daemon)).
  112  :- initialization(run, main).
  113
  114  run :-
  115      ...
  116      http_daemon(Options).
  117  ==
  118
  119Now,  the  server  may  be  started    using   the  command  below.  See
  120http_daemon/0 for supported options.
  121
  122  ==
  123  % [sudo] swipl mainfile.pl [option ...]
  124  ==
  125
  126Below are some examples. Our first example is completely silent, running
  127on port 80 as user =www=.
  128
  129  ==
  130  % swipl mainfile.pl --user=www --pidfile=/var/run/http.pid
  131  ==
  132
  133Our second example logs HTTP  interaction   with  the  syslog daemon for
  134debugging purposes. Note that the argument   to =|--debug|== is a Prolog
  135term and must often be escaped to   avoid  misinterpretation by the Unix
  136shell.   The debug option can be repeated to log multiple debug topics.
  137
  138  ==
  139  % swipl mainfile.pl --user=www --pidfile=/var/run/http.pid \
  140          --debug='http(request)' --syslog=http
  141  ==
  142
  143*Broadcasting* The library uses  broadcast/1   to  allow hooking certain
  144events:
  145
  146  - http(pre_server_start)
  147  Run _after_ _fork_, just before starting the HTTP server.  Can be used
  148  to load additional files or perform additional initialisation, such as
  149  starting additional threads.  Recall that it is not possible to start
  150  threads _before_ forking.
  151
  152  - http(post_server_start)
  153  Run _after_ starting the HTTP server.
  154
  155@tbd    Cleanup issues wrt. loading and initialization of xpce.
  156@see    The file <swi-home>/doc/packages/examples/http/linux-init-script
  157        provides a /etc/init.d script for controlling a server as a normal
  158        Unix service.
  159*/
  160
  161:- debug(daemon).  162
  163% Do not run xpce in a thread. This disables forking. The problem here
  164% is that loading library(pce) starts the event dispatching thread. This
  165% should be handled lazily.
  166
  167:- set_prolog_flag(xpce_threaded,   false).  168:- set_prolog_flag(message_ide,     false). % cause xpce to trap messages
  169:- set_prolog_flag(message_context, [thread,time('%F %T.%3f')]).  170:- dynamic interactive/0.  171
  172%!  http_daemon
  173%
  174%   Start the HTTP server  as  a   daemon  process.  This  predicate
  175%   processes the commandline arguments below. Commandline arguments
  176%   that specify servers are processed  in   the  order  they appear
  177%   using the following schema:
  178%
  179%     1. Arguments that act as default for all servers.
  180%     2. =|--http=Spec|= or =|--https=Spec|= is followed by
  181%        arguments for that server until the next =|--http=Spec|=
  182%        or =|--https=Spec|= or the end of the options.
  183%     3. If no =|--http=Spec|= or =|--https=Spec|= appears, one
  184%        HTTP server is created from the specified parameters.
  185%
  186%     Examples:
  187%
  188%       ==
  189%       --workers=10 --http --https
  190%       --http=8080 --https=8443
  191%       --http=localhost:8080 --workers=1 --https=8443 --workers=25
  192%       ==
  193%
  194%     $ --port=Port :
  195%     Start HTTP server at Port. It requires root permission and the
  196%     option =|--user=User|= to open ports below 1000.  The default
  197%     port is 80. If =|--https|= is used, the default port is 443.
  198%
  199%     $ --ip=IP :
  200%     Only listen to the given IP address.  Typically used as
  201%     =|--ip=localhost|= to restrict access to connections from
  202%     _localhost_ if the server itself is behind an (Apache)
  203%     proxy server running on the same host.
  204%
  205%     $ --debug=Topic :
  206%     Enable debugging Topic.  See debug/3.
  207%
  208%     $ --syslog=Ident :
  209%     Write debug messages to the syslog daemon using Ident
  210%
  211%     $ --user=User :
  212%     When started as root to open a port below 1000, this option
  213%     must be provided to switch to the target user for operating
  214%     the server. The following actions are performed as root, i.e.,
  215%     _before_ switching to User:
  216%
  217%       - open the socket(s)
  218%       - write the pidfile
  219%       - setup syslog interaction
  220%       - Read the certificate, key and password file (=|--pwfile=File|=)
  221%
  222%     $ --group=Group :
  223%     May be used in addition to =|--user|=.  If omitted, the login
  224%     group of the target user is used.
  225%
  226%     $ --pidfile=File :
  227%     Write the PID of the daemon process to File.
  228%
  229%     $ --output=File :
  230%     Send output of the process to File.  By default, all
  231%     Prolog console output is discarded.
  232%
  233%     $ --fork[=Bool] :
  234%     If given as =|--no-fork|= or =|--fork=false|=, the process
  235%     runs in the foreground.
  236%
  237%     $ --http[=(Bool|Port|BindTo:Port)] :
  238%     Create a plain HTTP server.  If the argument is missing or
  239%     =true=, create at the specified or default address.  Else
  240%     use the given port and interface.  Thus, =|--http|= creates
  241%     a server at port 80, =|--http=8080|= creates one at port
  242%     8080 and =|--http=localhost:8080|= creates one at port
  243%     8080 that is only accessible from `localhost`.
  244%
  245%     $ --https[=(Bool|Port|BindTo:Port)] :
  246%     As =|--http|=, but creates an HTTPS server.
  247%     Use =|--certfile|=, =|--keyfile|=, =|-pwfile|=,
  248%     =|--password|= and =|--cipherlist|= to configure SSL for
  249%     this server.
  250%
  251%     $ --certfile=File :
  252%     The server certificate for HTTPS.
  253%
  254%     $ --keyfile=File :
  255%     The server private key for HTTPS.
  256%
  257%     $ --pwfile=File :
  258%     File holding the password for accessing  the private key. This
  259%     is preferred over using =|--password=PW|=   as it allows using
  260%     file protection to avoid leaking the password.  The file is
  261%     read _before_ the server drops privileges when started with
  262%     the =|--user|= option.
  263%
  264%     $ --password=PW :
  265%     The password for accessing the private key. See also `--pwfile`.
  266%
  267%     $ --cipherlist=Ciphers :
  268%     One or more cipher strings separated by colons. See the OpenSSL
  269%     documentation for more information. Starting with SWI-Prolog
  270%     7.5.11, the default value is always a set of ciphers that was
  271%     considered secure enough to prevent all critical attacks at the
  272%     time of the SWI-Prolog release.
  273%
  274%     $ --interactive[=Bool] :
  275%     If =true= (default =false=) implies =|--no-fork|= and presents
  276%     the Prolog toplevel after starting the server.
  277%
  278%     $ --gtrace=[Bool] :
  279%     Use the debugger to trace http_daemon/1.
  280%
  281%     $ --sighup=Action :
  282%     Action to perform on =|kill -HUP <pid>|=.  Default is `reload`
  283%     (running make/0).  Alternative is `quit`, stopping the server.
  284%
  285%   Other options are converted  by   argv_options/3  and  passed to
  286%   http_server/1.  For example, this allows for:
  287%
  288%     $ --workers=Count :
  289%     Set the number of workers for the multi-threaded server.
  290%
  291%   http_daemon/0 is defined as below.  The   start  code for a specific
  292%   server can use this as a starting  point, for example for specifying
  293%   defaults  or  additional  options.  This    uses   _guided_  options
  294%   processing  from  argv_options/3  from   library(main).  The  option
  295%   definitions are available as   http_opt_type/3,  http_opt_help/2 and
  296%   http_opt_meta/2
  297%
  298%   ```
  299%   http_daemon :-
  300%       current_prolog_flag(argv, Argv),
  301%       argv_options(Argv, _RestArgv, Options),
  302%       http_daemon(Options).
  303%   ```
  304%
  305%   @see http_daemon/1
  306
  307http_daemon :-
  308    current_prolog_flag(argv, Argv),
  309    argv_options(Argv, _RestArgv, Options),
  310    http_daemon(Options).
  311
  312% Option declarations for argv_options/3 from library(main).
  313
  314opt_type(port,               port,               nonneg).
  315opt_type(p,                  port,               nonneg).
  316opt_type(ip,                 ip,                 atom).
  317opt_type(debug,              debug,              term).
  318opt_type(syslog,             syslog,             atom).
  319opt_type(user,               user,               atom).
  320opt_type(group,              group,              atom).
  321opt_type(pidfile,            pidfile,            file(write)).
  322opt_type(output,             output,             file(write)).
  323opt_type(fork,               fork,               boolean).
  324opt_type(http,               http,               nonneg|boolean).
  325opt_type(https,              https,              nonneg|boolean).
  326opt_type(certfile,           certfile,           file(read)).
  327opt_type(keyfile,            keyfile,            file(read)).
  328opt_type(pwfile,             pwfile,             file(read)).
  329opt_type(password,           password,           string).
  330opt_type(cipherlist,         cipherlist,         string).
  331opt_type(redirect,           redirect,           string).
  332opt_type(interactive,        interactive,        boolean).
  333opt_type(i,                  interactive,        boolean).
  334opt_type(gtrace,             gtrace,             boolean).
  335opt_type(sighup,             sighup,             oneof([reload,quit])).
  336opt_type(workers,            workers,            natural).
  337opt_type(timeout,            timeout,            number).
  338opt_type(keep_alive_timeout, keep_alive_timeout, number).
  339
  340opt_help(port,               "HTTP port to listen to").
  341opt_help(ip,                 "Only listen to this ip (--ip=localhost)").
  342opt_help(debug,              "Print debug message for topic").
  343opt_help(syslog,             "Send output to syslog daemon as ident").
  344opt_help(user,               "Run server under this user").
  345opt_help(group,              "Run server under this group").
  346opt_help(pidfile,            "Write PID to path").
  347opt_help(output,             "Send output to file (instead of syslog)").
  348opt_help(fork,               "Do (default) or do not fork").
  349opt_help(http,               "Create HTTP server").
  350opt_help(https,              "Create HTTPS server").
  351opt_help(certfile,           "The server certificate").
  352opt_help(keyfile,            "The server private key").
  353opt_help(pwfile,             "File holding password for the private key").
  354opt_help(password,           "Password for the private key").
  355opt_help(cipherlist,         "Cipher strings separated by colons").
  356opt_help(redirect,           "Redirect all requests to a URL or port").
  357opt_help(interactive,        "Enter Prolog toplevel after starting server").
  358opt_help(gtrace,             "Start (graphical) debugger").
  359opt_help(sighup,             "Action on SIGHUP: reload (default) or quit").
  360opt_help(workers,            "Number of HTTP worker threads").
  361opt_help(timeout,            "Time to wait for client to complete request").
  362opt_help(keep_alive_timeout, "Time to wait for a new request").
  363
  364opt_meta(port,               'PORT').
  365opt_meta(ip,                 'IP').
  366opt_meta(debug,              'TERM').
  367opt_meta(http,               'PORT').
  368opt_meta(https,              'PORT').
  369opt_meta(syslog,             'IDENT').
  370opt_meta(user,               'NAME').
  371opt_meta(group,              'NAME').
  372opt_meta(redirect,           'URL').
  373opt_meta(sighup,             'ACTION').
  374opt_meta(workers,            'COUNT').
  375opt_meta(timeout,            'SECONDS').
  376opt_meta(keep_alive_timeout, 'SECONDS').
  377
  378%!  http_opt_type(?Flag, ?Option, ?Type).
  379%!  http_opt_help(?Option, ?Help).
  380%!  http_opt_meta(?Option, ?Meta).
  381%
  382%   Allow reusing http option processing
  383
  384http_opt_type(Flag, Option, Type) :-
  385    opt_type(Flag, Option, Type).
  386
  387http_opt_help(Option, Help) :-
  388    opt_help(Option, Help),
  389    Option \= help(_).
  390
  391http_opt_meta(Option, Meta) :-
  392    opt_meta(Option, Meta).
  393
  394
  395%!  http_daemon(+Options)
  396%
  397%   Start the HTTP server as a  daemon process. This predicate processes
  398%   a Prolog option list. It  is   normally  called  from http_daemon/0,
  399%   which derives the option list from the command line arguments.
  400%
  401%   Error handling depends on whether  or   not  interactive(true) is in
  402%   effect. If so, the error is printed before entering the toplevel. In
  403%   non-interactive mode this predicate calls halt(1).
  404
  405http_daemon(Options) :-
  406    catch(http_daemon_guarded(Options), Error, start_failed(Error)).
  407
  408start_failed(Error) :-
  409    interactive,
  410    !,
  411    print_message(warning, Error).
  412start_failed(Error) :-
  413    print_message(error, Error),
  414    halt(1).
  415
  416%!  http_daemon_guarded(+Options)
  417%
  418%   Helper that is started from http_daemon/1. See http_daemon/1 for
  419%   options that are processed.
  420
  421http_daemon_guarded(Options) :-
  422    setup_debug(Options),
  423    kill_x11(Options),
  424    option_servers(Options, Servers0),
  425    maplist(make_socket, Servers0, Servers),
  426    (   option(fork(true), Options, true),
  427        option(interactive(false), Options, false),
  428        can_switch_user(Options)
  429    ->  fork(Who),
  430        (   Who \== child
  431        ->  halt
  432        ;   disable_development_system,
  433            setup_syslog(Options),
  434            write_pid(Options),
  435            setup_output(Options),
  436            switch_user(Options),
  437            setup_signals(Options),
  438            start_servers(Servers),
  439            wait(Options)
  440        )
  441    ;   write_pid(Options),
  442        switch_user(Options),
  443        setup_signals(Options),
  444        start_servers(Servers),
  445        wait(Options)
  446    ).
  447
  448%!  option_servers(+Options, -Sockets:list)
  449%
  450%   Find all sockets that must be created according to Options. Each
  451%   socket is a term server(Scheme, Address, Opts), where Address is
  452%   either a plain port (integer) or Host:Port. The latter binds the
  453%   port  to  the  interface  belonging    to   Host.  For  example:
  454%   socket(http, localhost:8080, Opts) creates an   HTTP socket that
  455%   binds to the localhost  interface  on   port  80.  Opts  are the
  456%   options specific for the given server.
  457
  458option_servers(Options, Sockets) :-
  459    opt_sockets(Options, [], [], Sockets).
  460
  461opt_sockets([], Options, [], [Socket]) :-
  462    !,
  463    make_server(http(true), Options, Socket).
  464opt_sockets([], _, Sockets, Sockets).
  465opt_sockets([H|T], OptsH, Sockets0, Sockets) :-
  466    server_option(H),
  467    !,
  468    append(OptsH, [H], OptsH1),
  469    opt_sockets(T, OptsH1, Sockets0, Sockets).
  470opt_sockets([H|T0], Opts, Sockets0, Sockets) :-
  471    server_start_option(H),
  472    !,
  473    server_options(T0, T, Opts, SOpts),
  474    make_server(H, SOpts, Socket),
  475    append(Sockets0, [Socket], Sockets1),
  476    opt_sockets(T, Opts, Sockets1, Sockets).
  477opt_sockets([_|T], Opts, Sockets0, Sockets) :-
  478    opt_sockets(T, Opts, Sockets0, Sockets).
  479
  480server_options([], [], Options, Options).
  481server_options([H|T], Rest, Options0, Options) :-
  482    server_option(H),
  483    !,
  484    generalise_option(H, G),
  485    delete(Options0, G, Options1),
  486    append(Options1, [H], Options2),
  487    server_options(T, Rest, Options2, Options).
  488server_options([H|T], [H|T], Options, Options) :-
  489    server_start_option(H),
  490    !.
  491server_options([_|T0], Rest, Options0, Options) :-
  492    server_options(T0, Rest, Options0, Options).
  493
  494generalise_option(H, G) :-
  495    H =.. [Name,_],
  496    G =.. [Name,_].
  497
  498server_start_option(http(_)).
  499server_start_option(https(_)).
  500
  501server_option(port(_)).
  502server_option(ip(_)).
  503server_option(certfile(_)).
  504server_option(keyfile(_)).
  505server_option(pwfile(_)).
  506server_option(password(_)).
  507server_option(cipherlist(_)).
  508server_option(workers(_)).
  509server_option(redirect(_)).
  510server_option(timeout(_)).
  511server_option(keep_alive_timeout(_)).
  512
  513make_server(http(Address0), Options0, server(http, Address, Options)) :-
  514    make_address(Address0, 80, Address, Options0, Options).
  515make_server(https(Address0), Options0, server(https, Address, SSLOptions)) :-
  516    make_address(Address0, 443, Address, Options0, Options),
  517    merge_https_options(Options, SSLOptions).
  518
  519make_address(true, DefPort, Address, Options0, Options) :-
  520    !,
  521    option(port(Port), Options0, DefPort),
  522    (   option(ip(Bind), Options0)
  523    ->  Address = (Bind:Port)
  524    ;   Address = Port
  525    ),
  526    merge_options([port(Port)], Options0, Options).
  527make_address(Bind:Port, _, Bind:Port, Options0, Options) :-
  528    !,
  529    must_be(atom, Bind),
  530    must_be(integer, Port),
  531    merge_options([port(Port), ip(Bind)], Options0, Options).
  532make_address(Port, _, Address, Options0, Options) :-
  533    integer(Port),
  534    !,
  535    (   option(ip(Bind), Options0)
  536    ->  Address = (Bind:Port)
  537    ;   Address = Port,
  538        merge_options([port(Port)], Options0, Options)
  539    ).
  540make_address(Spec, _, Address, Options0, Options) :-
  541    atomic(Spec),
  542    split_string(Spec, ":", "", [BindString, PortString]),
  543    number_string(Port, PortString),
  544    !,
  545    atom_string(Bind, BindString),
  546    Address = (Bind:Port),
  547    merge_options([port(Port), ip(Bind)], Options0, Options).
  548make_address(Spec, _, _, _, _) :-
  549    domain_error(address, Spec).
  550
  551:- dynamic sni/3.  552
  553merge_https_options(Options, [SSL|Options]) :-
  554    (   option(certfile(CertFile), Options),
  555        option(keyfile(KeyFile), Options)
  556    ->  prepare_https_certificate(CertFile, KeyFile, Passwd0),
  557        read_file_to_string(CertFile, Certificate, []),
  558        read_file_to_string(KeyFile, Key, []),
  559        Pairs = [Certificate-Key]
  560    ;   Pairs = []
  561    ),
  562    ssl_secure_ciphers(SecureCiphers),
  563    option(cipherlist(CipherList), Options, SecureCiphers),
  564    (   string(Passwd0)
  565    ->  Passwd = Passwd0
  566    ;   options_password(Options, Passwd)
  567    ),
  568    findall(HostName-HostOptions, http:sni_options(HostName, HostOptions), SNIs),
  569    maplist(sni_contexts, SNIs),
  570    SSL = ssl([ certificate_key_pairs(Pairs),
  571                cipher_list(CipherList),
  572                password(Passwd),
  573                sni_hook(http_unix_daemon:sni)
  574              ]).
  575
  576sni_contexts(Host-Options) :-
  577    ssl_context(server, SSL, Options),
  578    assertz(sni(_, Host, SSL)).
  579
  580%!  http_certificate_hook(+CertFile, +KeyFile, -Password) is semidet.
  581%
  582%   Hook called before starting the server  if the --https option is
  583%   used.  This  hook  may  be  used    to  create  or  refresh  the
  584%   certificate. If the hook binds Password to a string, this string
  585%   will be used to  decrypt  the  server   private  key  as  if the
  586%   --password=Password option was given.
  587
  588prepare_https_certificate(CertFile, KeyFile, Password) :-
  589    http_certificate_hook(CertFile, KeyFile, Password),
  590    !.
  591prepare_https_certificate(_, _, _).
  592
  593
  594options_password(Options, Passwd) :-
  595    option(password(Passwd), Options),
  596    !.
  597options_password(Options, Passwd) :-
  598    option(pwfile(File), Options),
  599    !,
  600    read_file_to_string(File, String, []),
  601    split_string(String, "", "\r\n\t ", [Passwd]).
  602options_password(_, '').
  603
  604%!  start_servers(+Servers) is det.
  605%
  606%   Start the HTTP server.  It performs the following steps:
  607%
  608%     1. Call broadcast(http(pre_server_start))
  609%     2. Foreach server
  610%        a. Call broadcast(http(pre_server_start(Port)))
  611%        b. Call http_server(http_dispatch, Options)
  612%        c. Call broadcast(http(post_server_start(Port)))
  613%     3. Call broadcast(http(post_server_start))
  614%
  615%   This predicate can be  hooked   using  http_server_hook/1.  This
  616%   predicate is executed after
  617%
  618%     - Forking
  619%     - Setting I/O (e.g., to talk to the syslog daemon)
  620%     - Dropping root privileges (--user)
  621%     - Setting up signal handling
  622
  623start_servers(Servers) :-
  624    broadcast(http(pre_server_start)),
  625    maplist(start_server, Servers),
  626    broadcast(http(post_server_start)).
  627
  628start_server(server(_Scheme, Socket, Options)) :-
  629    option(redirect(To), Options),
  630    !,
  631    http_server(server_redirect(To), [tcp_socket(Socket)|Options]).
  632start_server(server(_Scheme, Socket, Options)) :-
  633    http_server_hook([tcp_socket(Socket)|Options]),
  634    !.
  635start_server(server(_Scheme, Socket, Options)) :-
  636    option(port(Port), Options),
  637    broadcast(http(pre_server_start(Port))),
  638    http_server(http_dispatch, [tcp_socket(Socket)|Options]),
  639    broadcast(http(post_server_start(Port))).
  640
  641make_socket(server(Scheme, Address, Options),
  642            server(Scheme, Socket, Options)) :-
  643    tcp_socket(Socket),
  644    catch(bind_socket(Socket, Address), Error,
  645          make_socket_error(Error, Address)),
  646    debug(daemon(socket),
  647          'Created socket ~p, listening on ~p', [Socket, Address]).
  648
  649bind_socket(Socket, Address) :-
  650    tcp_setopt(Socket, reuseaddr),
  651    tcp_bind(Socket, Address),
  652    tcp_listen(Socket, 5).
  653
  654make_socket_error(error(socket_error(_,_), _), Address) :-
  655    address_port(Address, Port),
  656    integer(Port),
  657    Port =< 1000,
  658    !,
  659    verify_root(open_port(Port)).
  660make_socket_error(Error, _) :-
  661    throw(Error).
  662
  663address_port(_:Port, Port) :- !.
  664address_port(Port, Port).
  665
  666%!  disable_development_system
  667%
  668%   Disable some development stuff.
  669
  670disable_development_system :-
  671    set_prolog_flag(editor, '/bin/false').
  672
  673%!  enable_development_system
  674%
  675%   Re-enable the development environment. Currently  re-enables xpce if
  676%   this was loaded, but not  initialised   and  causes  the interactive
  677%   toplevel to be re-enabled.
  678
  679enable_development_system :-
  680    assertz(interactive),
  681    set_prolog_flag(xpce_threaded, true),
  682    set_prolog_flag(message_ide, true),
  683    (   current_prolog_flag(xpce_version, _)
  684    ->  call(pce_dispatch([]))
  685    ;   true
  686    ),
  687    set_prolog_flag(toplevel_goal, prolog).
  688
  689%!  setup_syslog(+Options) is det.
  690%
  691%   Setup syslog interaction.
  692
  693setup_syslog(Options) :-
  694    option(syslog(Ident), Options),
  695    !,
  696    openlog(Ident, [pid], user).
  697setup_syslog(_).
  698
  699
  700%!  setup_output(+Options) is det.
  701%
  702%   Setup output from the daemon process. The default is to send all
  703%   output to a  null-stream  (see   open_null_stream/1).  With  the
  704%   option output(File), all output is written to File.
  705
  706setup_output(Options) :-
  707    option(output(File), Options),
  708    !,
  709    open(File, write, Out, [encoding(utf8)]),
  710    set_stream(Out, buffer(line)),
  711    detach_IO(Out).
  712setup_output(_) :-
  713    open_null_stream(Out),
  714    detach_IO(Out).
  715
  716
  717%!  write_pid(+Options) is det.
  718%
  719%   If the option pidfile(File) is  present,   write  the PID of the
  720%   daemon to this file.
  721
  722write_pid(Options) :-
  723    option(pidfile(File), Options),
  724    current_prolog_flag(pid, PID),
  725    !,
  726    setup_call_cleanup(
  727        open(File, write, Out),
  728        format(Out, '~d~n', [PID]),
  729        close(Out)),
  730    at_halt(catch(delete_file(File), _, true)).
  731write_pid(_).
  732
  733
  734%!  switch_user(+Options) is det.
  735%
  736%   Switch to the target user and group. If the server is started as
  737%   root, this option *must* be present.
  738
  739switch_user(Options) :-
  740    option(user(User), Options),
  741    !,
  742    verify_root(switch_user(User)),
  743    (   option(group(Group), Options)
  744    ->  set_user_and_group(User, Group)
  745    ;   set_user_and_group(User)
  746    ),
  747    prctl(set_dumpable(true)).      % re-enable core dumps on Linux
  748switch_user(_Options) :-
  749    verify_no_root.
  750
  751%!  can_switch_user(Options) is det.
  752%
  753%   Verify the user options before  forking,   so  we  can print the
  754%   message in time.
  755
  756can_switch_user(Options) :-
  757    option(user(User), Options),
  758    !,
  759    verify_root(switch_user(User)).
  760can_switch_user(_Options) :-
  761    verify_no_root.
  762
  763verify_root(_Task) :-
  764    geteuid(0),
  765    !.
  766verify_root(Task) :-
  767    print_message(error, http_daemon(no_root(Task))),
  768    halt(1).
  769
  770verify_no_root :-
  771    geteuid(0),
  772    !,
  773    throw(error(permission_error(open, server, http),
  774                context('Refusing to run HTTP server as root', _))).
  775verify_no_root.
  776
  777:- if(\+current_predicate(prctl/1)).  778prctl(_).
  779:- endif.  780
  781%!  server_redirect(+To, +Request)
  782%
  783%   Redirect al requests for this server to the specified server. To
  784%   is one of:
  785%
  786%     $ A port (integer) :
  787%     Redirect to the server running on that port in the same
  788%     Prolog process.
  789%     $ =true= :
  790%     Results from just passing =|--redirect|=.  Redirects to
  791%     an HTTPS server in the same Prolog process.
  792%     $ A URL :
  793%     Redirect to the the given URL + the request uri.  This can
  794%     be used if the server cannot find its public address.  For
  795%     example:
  796%
  797%       ```
  798%       --http --redirect=https://myhost.org --https
  799%       ```
  800
  801server_redirect(Port, Request) :-
  802    integer(Port),
  803    http_server_property(Port, scheme(Scheme)),
  804    http_public_host(Request, Host, _Port, []),
  805    memberchk(request_uri(Location), Request),
  806    (   default_port(Scheme, Port)
  807    ->  format(string(To), '~w://~w~w', [Scheme, Host, Location])
  808    ;   format(string(To), '~w://~w:~w~w', [Scheme, Host, Port, Location])
  809    ),
  810    throw(http_reply(moved_temporary(To))).
  811server_redirect(true, Request) :-
  812    !,
  813    http_server_property(P, scheme(https)),
  814    server_redirect(P, Request).
  815server_redirect(URI, Request) :-
  816    memberchk(request_uri(Location), Request),
  817    atom_concat(URI, Location, To),
  818    throw(http_reply(moved_temporary(To))).
  819
  820default_port(http, 80).
  821default_port(https, 443).
  822
  823
  824%!  setup_debug(+Options) is det.
  825%
  826%   Initialse debug/3 topics. The  =|--debug|=   option  may be used
  827%   multiple times.
  828
  829setup_debug(Options) :-
  830    setup_trace(Options),
  831    nodebug(_),
  832    debug(daemon),
  833    enable_debug(Options).
  834
  835enable_debug([]).
  836enable_debug([debug(Topic)|T]) :-
  837    !,
  838    atom_to_term(Topic, Term, _),
  839    debug(Term),
  840    enable_debug(T).
  841enable_debug([_|T]) :-
  842    enable_debug(T).
  843
  844setup_trace(Options) :-
  845    option(gtrace(true), Options),
  846    !,
  847    gtrace.
  848setup_trace(_).
  849
  850
  851%!  kill_x11(+Options) is det.
  852%
  853%   Get rid of X11 access if interactive is false.
  854
  855kill_x11(Options) :-
  856    getenv('DISPLAY', Display),
  857    Display \== '',
  858    option(interactive(false), Options, false),
  859    !,
  860    setenv('DISPLAY', ''),
  861    set_prolog_flag(gui, false).
  862kill_x11(_).
  863
  864
  865%!  setup_signals(+Options)
  866%
  867%   Prepare the server for signal handling.   By  default SIGINT and
  868%   SIGTERM terminate the server. SIGHUP causes   the  server to run
  869%   make/0.
  870
  871setup_signals(Options) :-
  872    option(interactive(true), Options, false),
  873    !.
  874setup_signals(Options) :-
  875    on_signal(int,  _, quit),
  876    on_signal(term, _, quit),
  877    option(sighup(Action), Options, reload),
  878    must_be(oneof([reload,quit]), Action),
  879    on_signal(usr1, _, logrotate),
  880    on_signal(hup,  _, Action).
  881
  882:- public
  883    quit/1,
  884    reload/1,
  885    logrotate/1.  886
  887quit(Signal) :-
  888    debug(daemon, 'Dying on signal ~w', [Signal]),
  889    thread_send_message(main, quit(Signal)).
  890
  891reload(Signal) :-
  892    debug(daemon, 'Reload on signal ~w', [Signal]),
  893    thread_send_message(main, reload).
  894
  895logrotate(Signal) :-
  896    debug(daemon, 'Closing log files on signal ~w', [Signal]),
  897    thread_send_message(main, logrotate).
  898
  899%!  wait(+Options)
  900%
  901%   This predicate runs in the  main   thread,  waiting for messages
  902%   send by signal handlers to control   the server. In addition, it
  903%   broadcasts  maintenance(Interval,  Deadline)    messages   every
  904%   Interval seconds. These messages may   be trapped using listen/2
  905%   for performing scheduled maintenance such as rotating log files,
  906%   cleaning stale data, etc.
  907
  908wait(Options) :-
  909    option(interactive(true), Options, false),
  910    !,
  911    enable_development_system.
  912wait(Options) :-
  913    thread_self(Me),
  914    option(maintenance_interval(Interval), Options, 300),
  915    Interval > 0,
  916    !,
  917    first_deadline(Interval, FirstDeadline),
  918    State = deadline(0),
  919    repeat,
  920        State = deadline(Count),
  921        Deadline is FirstDeadline+Count*Interval,
  922        (   thread_idle(thread_get_message(Me, Msg, [deadline(Deadline)]),
  923                        long)
  924        ->  catch(ignore(handle_message(Msg)), E,
  925                  print_message(error, E)),
  926            Msg = quit(Signal),
  927            catch(broadcast(http(shutdown)), E,
  928                  print_message(error, E)),
  929            halt(Signal)
  930        ;   Count1 is Count + 1,
  931            nb_setarg(1, State, Count1),
  932            catch(broadcast(maintenance(Interval, Deadline)), E,
  933                  print_message(error, E)),
  934            fail
  935        ).
  936wait(_) :-
  937    thread_self(Me),
  938    repeat,
  939        thread_idle(thread_get_message(Me, Msg), long),
  940        catch(ignore(handle_message(Msg)), E,
  941              print_message(error, E)),
  942        Msg == quit,
  943        !,
  944        halt(0).
  945
  946handle_message(reload) :-
  947    make,
  948    broadcast(logrotate).
  949handle_message(logrotate) :-
  950    broadcast(logrotate).
  951
  952first_deadline(Interval, Deadline) :-
  953    get_time(Now),
  954    Deadline is ((integer(Now) + Interval - 1)//Interval)*Interval.
  955
  956
  957                 /*******************************
  958                 *            HOOKS             *
  959                 *******************************/
  960
  961%!  http_server_hook(+Options) is semidet.
  962%
  963%   Hook that is called to start the  HTTP server. This hook must be
  964%   compatible to http_server(Handler,  Options).   The  default  is
  965%   provided by start_server/1.
  966
  967
  968%!  http:sni_options(-HostName, -SSLOptions) is multi.
  969%
  970%   Hook  to   provide  Server  Name  Indication   (SNI)  for  TLS
  971%   servers. When starting an HTTPS  server, all solutions of this
  972%   predicate are  collected and a suitable  sni_hook/1 is defined
  973%   for ssl_context/3  to use different contexts  depending on the
  974%   host  name  of the  client  request.   This hook  is  executed
  975%   _before_ privileges are dropped.
  976
  977
  978                 /*******************************
  979                 *           MESSAGES           *
  980                 *******************************/
  981
  982:- multifile
  983    prolog:message//1.  984
  985prolog:message(http_daemon(no_root(switch_user(User)))) -->
  986    [ 'Program must be started as root to use --user=~w.'-[User] ].
  987prolog:message(http_daemon(no_root(open_port(Port)))) -->
  988    [ 'Cannot open port ~w.  Only root can open ports below 1000.'-[Port] ]