Update monolith -api behaviour (#1484)

* Update monolith -api mode listeners

* Fix check

* Fix another check

* Update HTTP API addr behaviour

* Redefine NoExternalListener

* NoListener

cmd/dendrite-appservice-server/main.go

@@ -31,8 +31,8 @@ func main() {
 	appservice.AddInternalRoutes(base.InternalAPIMux, intAPI)
 
 	base.SetupAndServeHTTP(
-		base.Cfg.AppServiceAPI.InternalAPI.Listen,
+		base.Cfg.AppServiceAPI.InternalAPI.Listen, // internal listener
-		setup.NoExternalListener,
+		setup.NoListener, // external listener
 		nil, nil,
 	)
 }

cmd/dendrite-edu-server/main.go

@@ -34,8 +34,8 @@ func main() {
 	eduserver.AddInternalRoutes(base.InternalAPIMux, intAPI)
 
 	base.SetupAndServeHTTP(
-		base.Cfg.EDUServer.InternalAPI.Listen,
+		base.Cfg.EDUServer.InternalAPI.Listen, // internal listener
-		setup.NoExternalListener,
+		setup.NoListener,                      // external listener
 		nil, nil,
 	)
 }

cmd/dendrite-federation-sender-server/main.go

@@ -36,8 +36,8 @@ func main() {
 	federationsender.AddInternalRoutes(base.InternalAPIMux, fsAPI)
 
 	base.SetupAndServeHTTP(
-		base.Cfg.FederationSender.InternalAPI.Listen,
+		base.Cfg.FederationSender.InternalAPI.Listen, // internal listener
-		setup.NoExternalListener,
+		setup.NoListener, // external listener
 		nil, nil,
 	)
 }

cmd/dendrite-key-server/main.go

@@ -30,8 +30,8 @@ func main() {
 	keyserver.AddInternalRoutes(base.InternalAPIMux, intAPI)
 
 	base.SetupAndServeHTTP(
-		base.Cfg.KeyServer.InternalAPI.Listen,
+		base.Cfg.KeyServer.InternalAPI.Listen, // internal listener
-		setup.NoExternalListener,
+		setup.NoListener,                      // external listener
 		nil, nil,
 	)
 }

cmd/dendrite-monolith-server/main.go

@@ -29,11 +29,13 @@ import (
 	"github.com/matrix-org/dendrite/roomserver/api"
 	"github.com/matrix-org/dendrite/signingkeyserver"
 	"github.com/matrix-org/dendrite/userapi"
+	"github.com/sirupsen/logrus"
 )
 
 var (
 	httpBindAddr   = flag.String("http-bind-address", ":8008", "The HTTP listening port for the server")
 	httpsBindAddr  = flag.String("https-bind-address", ":8448", "The HTTPS listening port for the server")
+	apiBindAddr    = flag.String("api-bind-address", "localhost:18008", "The HTTP listening port for the internal HTTP APIs (if -api is enabled)")
 	certFile       = flag.String("tls-cert", "", "The PEM formatted X509 certificate to use for TLS")
 	keyFile        = flag.String("tls-key", "", "The PEM private key to use for TLS")
 	enableHTTPAPIs = flag.Bool("api", false, "Use HTTP APIs instead of short-circuiting (warning: exposes API endpoints!)")
@@ -44,22 +46,25 @@ func main() {
 	cfg := setup.ParseFlags(true)
 	httpAddr := config.HTTPAddress("http://" + *httpBindAddr)
 	httpsAddr := config.HTTPAddress("https://" + *httpsBindAddr)
+	httpAPIAddr := httpAddr
 
 	if *enableHTTPAPIs {
+		logrus.Warnf("DANGER! The -api option is enabled, exposing internal APIs on %q!", *apiBindAddr)
+		httpAPIAddr = config.HTTPAddress("http://" + *apiBindAddr)
 		// If the HTTP APIs are enabled then we need to update the Listen
 		// statements in the configuration so that we know where to find
 		// the API endpoints. They'll listen on the same port as the monolith
 		// itself.
-		cfg.AppServiceAPI.InternalAPI.Connect = httpAddr
+		cfg.AppServiceAPI.InternalAPI.Connect = httpAPIAddr
-		cfg.ClientAPI.InternalAPI.Connect = httpAddr
+		cfg.ClientAPI.InternalAPI.Connect = httpAPIAddr
-		cfg.EDUServer.InternalAPI.Connect = httpAddr
+		cfg.EDUServer.InternalAPI.Connect = httpAPIAddr
-		cfg.FederationAPI.InternalAPI.Connect = httpAddr
+		cfg.FederationAPI.InternalAPI.Connect = httpAPIAddr
-		cfg.FederationSender.InternalAPI.Connect = httpAddr
+		cfg.FederationSender.InternalAPI.Connect = httpAPIAddr
-		cfg.KeyServer.InternalAPI.Connect = httpAddr
+		cfg.KeyServer.InternalAPI.Connect = httpAPIAddr
-		cfg.MediaAPI.InternalAPI.Connect = httpAddr
+		cfg.MediaAPI.InternalAPI.Connect = httpAPIAddr
-		cfg.RoomServer.InternalAPI.Connect = httpAddr
+		cfg.RoomServer.InternalAPI.Connect = httpAPIAddr
-		cfg.SigningKeyServer.InternalAPI.Connect = httpAddr
+		cfg.SigningKeyServer.InternalAPI.Connect = httpAPIAddr
-		cfg.SyncAPI.InternalAPI.Connect = httpAddr
+		cfg.SyncAPI.InternalAPI.Connect = httpAPIAddr
 	}
 
 	base := setup.NewBaseDendrite(cfg, "Monolith", *enableHTTPAPIs)
@@ -148,18 +153,18 @@ func main() {
 	// Expose the matrix APIs directly rather than putting them under a /api path.
 	go func() {
 		base.SetupAndServeHTTP(
-			config.HTTPAddress(httpAddr), // internal API
+			httpAPIAddr, // internal API
-			config.HTTPAddress(httpAddr), // external API
+			httpAddr,    // external API
-			nil, nil,                     // TLS settings
+			nil, nil,    // TLS settings
 		)
 	}()
 	// Handle HTTPS if certificate and key are provided
 	if *certFile != "" && *keyFile != "" {
 		go func() {
 			base.SetupAndServeHTTP(
-				config.HTTPAddress(httpsAddr), // internal API
+				setup.NoListener,  // internal API
-				config.HTTPAddress(httpsAddr), // external API
+				httpsAddr,         // external API
-				certFile, keyFile,             // TLS settings
+				certFile, keyFile, // TLS settings
 			)
 		}()
 	}

cmd/dendrite-room-server/main.go

@@ -33,8 +33,8 @@ func main() {
 	roomserver.AddInternalRoutes(base.InternalAPIMux, rsAPI)
 
 	base.SetupAndServeHTTP(
-		base.Cfg.RoomServer.InternalAPI.Listen,
+		base.Cfg.RoomServer.InternalAPI.Listen, // internal listener
-		setup.NoExternalListener,
+		setup.NoListener,                       // external listener
 		nil, nil,
 	)
 }

cmd/dendrite-signing-key-server/main.go

@@ -31,7 +31,7 @@ func main() {
 
 	base.SetupAndServeHTTP(
 		base.Cfg.SigningKeyServer.InternalAPI.Listen,
-		setup.NoExternalListener,
+		setup.NoListener,
 		nil, nil,
 	)
 }

cmd/dendrite-user-api-server/main.go

@@ -31,8 +31,8 @@ func main() {
 	userapi.AddInternalRoutes(base.InternalAPIMux, userAPI)
 
 	base.SetupAndServeHTTP(
-		base.Cfg.UserAPI.InternalAPI.Listen,
+		base.Cfg.UserAPI.InternalAPI.Listen, // internal listener
-		setup.NoExternalListener,
+		setup.NoListener,                    // external listener
 		nil, nil,
 	)
 }

internal/setup/base.go

@@ -80,7 +80,7 @@ type BaseDendrite struct {
 const HTTPServerTimeout = time.Minute * 5
 const HTTPClientTimeout = time.Second * 30
 
-const NoExternalListener = ""
+const NoListener = ""
 
 // NewBaseDendrite creates a new instance to be used by a component.
 // The componentName is used for logging purposes, and should be a friendly name
@@ -272,22 +272,21 @@ func (b *BaseDendrite) SetupAndServeHTTP(
 	internalAddr, _ := internalHTTPAddr.Address()
 	externalAddr, _ := externalHTTPAddr.Address()
 
-	internalRouter := mux.NewRouter().SkipClean(true).UseEncodedPath()
+	externalRouter := mux.NewRouter().SkipClean(true).UseEncodedPath()
-	externalRouter := internalRouter
+	internalRouter := externalRouter
 
-	internalServ := &http.Server{
+	externalServ := &http.Server{
-		Addr:         string(internalAddr),
+		Addr:         string(externalAddr),
 		WriteTimeout: HTTPServerTimeout,
-		Handler:      internalRouter,
+		Handler:      externalRouter,
 	}
-	externalServ := internalServ
+	internalServ := externalServ
 
-	if externalAddr != NoExternalListener && externalAddr != internalAddr {
+	if internalAddr != NoListener && externalAddr != internalAddr {
-		externalRouter = mux.NewRouter().SkipClean(true).UseEncodedPath()
+		internalRouter = mux.NewRouter().SkipClean(true).UseEncodedPath()
-		externalServ = &http.Server{
+		internalServ = &http.Server{
-			Addr:         string(externalAddr),
+			Addr:    string(internalAddr),
-			WriteTimeout: HTTPServerTimeout,
+			Handler: internalRouter,
-			Handler:      externalRouter,
 		}
 	}
 
@@ -301,23 +300,25 @@ func (b *BaseDendrite) SetupAndServeHTTP(
 	externalRouter.PathPrefix(httputil.PublicFederationPathPrefix).Handler(b.PublicFederationAPIMux)
 	externalRouter.PathPrefix(httputil.PublicMediaPathPrefix).Handler(b.PublicMediaAPIMux)
 
-	go func() {
+	if internalAddr != NoListener && internalAddr != externalAddr {
-		logrus.Infof("Starting %s listener on %s", b.componentName, internalServ.Addr)
-		if certFile != nil && keyFile != nil {
-			if err := internalServ.ListenAndServeTLS(*certFile, *keyFile); err != nil {
-				logrus.WithError(err).Fatal("failed to serve HTTPS")
-			}
-		} else {
-			if err := internalServ.ListenAndServe(); err != nil {
-				logrus.WithError(err).Fatal("failed to serve HTTP")
-			}
-		}
-		logrus.Infof("Stopped %s listener on %s", b.componentName, internalServ.Addr)
-	}()
-
-	if externalAddr != NoExternalListener && internalAddr != externalAddr {
 		go func() {
-			logrus.Infof("Starting %s listener on %s", b.componentName, externalServ.Addr)
+			logrus.Infof("Starting internal %s listener on %s", b.componentName, internalServ.Addr)
+			if certFile != nil && keyFile != nil {
+				if err := internalServ.ListenAndServeTLS(*certFile, *keyFile); err != nil {
+					logrus.WithError(err).Fatal("failed to serve HTTPS")
+				}
+			} else {
+				if err := internalServ.ListenAndServe(); err != nil {
+					logrus.WithError(err).Fatal("failed to serve HTTP")
+				}
+			}
+			logrus.Infof("Stopped internal %s listener on %s", b.componentName, internalServ.Addr)
+		}()
+	}
+
+	if externalAddr != NoListener {
+		go func() {
+			logrus.Infof("Starting external %s listener on %s", b.componentName, externalServ.Addr)
 			if certFile != nil && keyFile != nil {
 				if err := externalServ.ListenAndServeTLS(*certFile, *keyFile); err != nil {
 					logrus.WithError(err).Fatal("failed to serve HTTPS")
@@ -327,7 +328,7 @@ func (b *BaseDendrite) SetupAndServeHTTP(
 					logrus.WithError(err).Fatal("failed to serve HTTP")
 				}
 			}
-			logrus.Infof("Stopped %s listener on %s", b.componentName, externalServ.Addr)
+			logrus.Infof("Stopped external %s listener on %s", b.componentName, externalServ.Addr)
 		}()
 	}