├── .dockerignore ├── .github └── workflows │ └── ci.yml ├── Dockerfile ├── LICENSE ├── README.md ├── child.go ├── go.mod ├── go.sum ├── hack-my-builds.sh ├── main.go └── server.go /.dockerignore: -------------------------------------------------------------------------------- 1 | ** 2 | !*.go 3 | !go.* 4 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: CI 2 | 3 | on: 4 | pull_request: 5 | push: 6 | 7 | defaults: 8 | run: 9 | shell: 'bash -Eeuo pipefail -x {0}' 10 | 11 | jobs: 12 | test: 13 | name: Test 14 | runs-on: ubuntu-latest 15 | steps: 16 | - uses: actions/checkout@v2 17 | 18 | - name: Build 19 | run: | 20 | docker build --pull -t tianon/pgp-happy-eyeballs . 21 | 22 | - run: docker pull tianon/network-toolbox:alpine 23 | 24 | - name: Smoke Test 25 | run: | 26 | docker run -d --name test --dns 1.1.1.1 --dns 1.0.0.1 tianon/pgp-happy-eyeballs 27 | docker run --rm --link test tianon/network-toolbox:alpine gpg --keyserver test --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 28 | ! docker run --rm --link test tianon/network-toolbox:alpine gpg --keyserver test --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD5 29 | docker logs test 30 | docker rm -vf test 31 | 32 | - run: ./hack-my-builds.sh 33 | 34 | - run: docker images 35 | if: ${{ always() }} 36 | - run: docker logs pgp-happy-eyeballs 37 | if: ${{ always() }} 38 | - run: docker logs rawdns 39 | if: ${{ always() }} 40 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.17-bullseye AS build 2 | 3 | WORKDIR /phe 4 | 5 | COPY go.mod go.sum ./ 6 | RUN go mod download 7 | 8 | COPY *.go ./ 9 | RUN go build -v -tags netgo -installsuffix netgo -ldflags '-d -s -w' -o /pgp-happy-eyeballs ./... 10 | 11 | # # TODO make proper tagged releases (with binaries) and consume those instead 12 | FROM alpine:3.14 13 | 14 | COPY --from=build /pgp-happy-eyeballs /usr/local/bin/ 15 | 16 | EXPOSE 9000 17 | CMD ["pgp-happy-eyeballs"] 18 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2017 Tianon Gravi 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in all 11 | copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 | SOFTWARE. 20 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # DEPRECATED 2 | 3 | See [#4](https://github.com/tianon/pgp-happy-eyeballs/issues/4) for some discussion around why this tool is no longer actively maintained (nor recommended for use). 4 | 5 | The TL;DR is that the SKS network is mostly too decentralized now to track well with a naive approach like that of this tool. 6 | 7 | # PGP "Happy Eyeballs" 8 | 9 | PGP keyservers are flaky: 10 | 11 | - https://github.com/docker-library/official-images/issues/4252#issuecomment-381783035 12 | - https://github.com/docker-library/cassandra/pull/131#issuecomment-358444537 13 | - https://github.com/docker-library/tomcat/issues/87 14 | - https://github.com/docker-library/tomcat/pull/108 15 | - https://github.com/docker-library/mysql/issues/263#issuecomment-354025886 16 | - https://github.com/docker-library/httpd/issues/66#issuecomment-316832441 17 | - https://github.com/docker-library/php/issues/586 18 | - https://github.com/docker-library/wordpress/pull/291 19 | - https://github.com/docker-library/postgres/pull/471#issuecomment-407902513 20 | 21 | This tool was intended to sit in front of clients to keyservers (most easily via DNS or transparent traffic hijacking) and "multiplex" requests across several servers simultaneously, returning the fastest successful result. 22 | 23 | **Note:** if you're looking at this tool, you should seriously consider using [the `hkps://keys.openpgp.org` server](https://keys.openpgp.org/about) / ["Hagrid"](https://gitlab.com/hagrid-keyserver/hagrid) instead! (It's a refreshingly modern take on OpenPGP infrastructure in general.) 24 | 25 | Barring that, I would recommend sticking with a single stable server like `hkps://keyserver.ubuntu.com`. 26 | 27 | ## How to Use 28 | 29 | The easiest/intended way to use this (and the way Tianon used it) is to hijack your personal DNS requests and redirect relevant domains to a running instance of it. The hard part of that is doing so in a way that also affects any Docker instances and works in a way that other Docker instances can hit the running instance of `pgp-happy-eyeballs` successfully. 30 | 31 | See [rawdns](https://github.com/tianon/rawdns) for the tool Tianon uses; example configuration snippet: 32 | 33 | ```json 34 | ... 35 | "ha.pool.sks-keyservers.net.": { 36 | "type": "static", 37 | "cnames": [ 38 | "pgp-happy-eyeballs.docker" 39 | ], 40 | "nameservers": [ 41 | "127.0.0.1" 42 | ] 43 | }, 44 | ... 45 | ``` 46 | 47 | See also [the `hack-my-builds.sh` script](hack-my-builds.sh) which was intended for use in disposable CI environments such as those provided by Travis CI (see [docker-library/php#666](https://github.com/docker-library/php/pull/666) and the linked PRs for implementation examples). 48 | 49 | ## Known Issues 50 | 51 | - using `gpg --send-keys` doesn't work, among other things (our server hijacking is a tad too aggressive -- should probably *only* perform our aggressive logic for `.../pks/lookup?op=get...` requests and pass everything else through as-is as a standard transparent proxy) 52 | 53 | ## "Happy Eyeballs" ? 54 | 55 | See [RFC 6555](https://tools.ietf.org/html/rfc6555). 56 | -------------------------------------------------------------------------------- /child.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | // this file implements the "child" half of our CGI server 4 | 5 | import ( 6 | "bytes" 7 | "fmt" 8 | "io" 9 | "net" 10 | "os" 11 | "sync" 12 | "time" 13 | 14 | "github.com/valyala/fasthttp" 15 | ) 16 | 17 | var servers = [][2]string{ 18 | {"keyserver.ubuntu.com", "11371"}, 19 | 20 | // https://lists.gnupg.org/pipermail/gnupg-devel/2021-September/034962.html 21 | // https://lists.gnupg.org/pipermail/gnupg-devel/2021-September/034965.html 22 | // https://lists.gnupg.org/pipermail/gnupg-devel/2021-October/034968.html 23 | // $ wget -qO- 'https://spider.pgpkeys.eu/graphs/walk-sks.yaml' | awk '/^- "[.]":$/ { yes = 1; next } yes { if (/^ -/) { printf "\t{\"%s\", \"11371\"},\n", $2 } else { yes = 0; next } }' | sort -u 24 | {"agora.cenditel.gob.ve", "11371"}, 25 | {"a.keyserver.alteholz.eu", "11371"}, 26 | {"data.pgp.gnd.pw", "11371"}, 27 | {"de.pgpkeys.eu", "11371"}, 28 | {"east.keyserver.us", "11371"}, 29 | {"gozer.rediris.es", "11371"}, 30 | {"hkp.openpgpkeys.net", "11371"}, 31 | {"keybath.trifence.ch", "11371"}, 32 | {"keyserver-01.2ndquadrant.com", "11371"}, 33 | {"keyserver-02.2ndquadrant.com", "11371"}, 34 | {"keyserver-03.2ndquadrant.com", "11371"}, 35 | {"keyserver1.computer42.org", "11371"}, 36 | {"keyserver2.computer42.org", "11371"}, 37 | {"keyserver.cert.or.id", "11371"}, 38 | {"keyserver.maxweiss.io", "11371"}, 39 | {"keyserver.snt.utwente.nl", "11371"}, 40 | {"keyserver.spline.inf.fu-berlin.de", "11371"}, 41 | {"keys.i2p-projekt.de", "11371"}, 42 | {"keywin-old.trifence.ch", "11371"}, 43 | {"keywin.trifence.ch", "11371"}, 44 | {"openpgp.circl.lu", "11371"}, 45 | {"pgp.benny-baumann.de", "11371"}, 46 | {"pgp.cyberbits.eu", "11371"}, 47 | {"pgp.flexyz.com", "11371"}, 48 | {"pgp.gnd.pw", "11371"}, 49 | {"pgpkeys.eu", "11371"}, 50 | {"pgp.mit.edu", "11371"}, 51 | {"pgp.net.nz", "11371"}, 52 | {"pgp.re", "11371"}, 53 | {"pgp.surf.nl", "11371"}, 54 | {"pgp.uni-mainz.de", "11371"}, 55 | {"raxus.rnp.br", "11371"}, 56 | {"sks.hnet.se", "11371"}, 57 | {"sks.infcs.de", "11371"}, 58 | {"sks.pgpkeys.eu", "11371"}, 59 | {"sks.pod01.fleetstreetops.com", "11371"}, 60 | {"sks.pod02.fleetstreetops.com", "11371"}, 61 | {"sks.pyro.eu.org", "11371"}, 62 | {"sks.srv.dumain.com", "11371"}, 63 | {"sks.stsisp.ro", "11371"}, 64 | {"sks.ygrek.org", "11371"}, 65 | {"west.keyserver.us", "11371"}, 66 | {"zimmermann.mayfirst.org", "11371"}, 67 | {"zuul.rediris.es", "11371"}, 68 | } 69 | 70 | var ( 71 | fasthttpClient = fasthttp.Client{ 72 | Name: "pgp-happy-eyeballs", 73 | 74 | DialDualStack: true, 75 | } 76 | 77 | start = time.Now() 78 | 79 | successMutex = &sync.Mutex{} 80 | failureMutex = &sync.Mutex{} 81 | finalFailure = &bytes.Buffer{} 82 | ) 83 | 84 | func writeResponse(resp *fasthttp.Response, w io.Writer) error { 85 | // this returns the full "HTTP/x.x 2xx ..." status line as well, which CGI requires as a "Status:" header instead 86 | head := resp.Header.Header() 87 | statusEnd := bytes.IndexByte(head, '\n') 88 | statusLine := head[:statusEnd+1] 89 | statusSpace := bytes.IndexByte(statusLine, ' ') 90 | head = append([]byte("Status: "+string(statusLine[statusSpace+1:])), head[statusEnd+1:]...) 91 | 92 | _, err := w.Write(head) 93 | if err != nil { 94 | return err 95 | } 96 | 97 | err = resp.BodyWriteTo(w) 98 | if err != nil { 99 | return err 100 | } 101 | 102 | return nil 103 | } 104 | 105 | func doTheThing(server string, ip net.IP, port, path string) { 106 | thisReqStart := time.Now() 107 | 108 | ipName := ip.String() 109 | if ip.To4() == nil { 110 | // must be IPv6, and need extra [...] for disambiguation 111 | ipName = "[" + ipName + "]" 112 | } 113 | url := "http://" + ipName + ":" + port + path 114 | 115 | req, resp := fasthttp.AcquireRequest(), fasthttp.AcquireResponse() 116 | req.Reset() 117 | resp.Reset() 118 | req.SetRequestURI(url) 119 | req.Header.SetHost(server) 120 | 121 | // TODO consider making timeout configurable 122 | err := fasthttpClient.DoTimeout(req, resp, 1*time.Second) 123 | if err != nil { 124 | fmt.Fprintf(os.Stderr, "error: fetching %s: %s\n", url, err) 125 | return 126 | } 127 | 128 | if resp.Header.StatusCode() != fasthttp.StatusOK { 129 | fmt.Fprintf(os.Stderr, "error: fetching %s: unexpected status code: %d\n", url, resp.Header.StatusCode()) 130 | failureMutex.Lock() 131 | defer failureMutex.Unlock() 132 | finalFailure.Reset() 133 | err = writeResponse(resp, finalFailure) 134 | if err != nil { 135 | fmt.Fprintf(os.Stderr, "error: saving failure from %s: %s\n", url, err) 136 | } 137 | return 138 | } 139 | 140 | successMutex.Lock() 141 | 142 | fmt.Fprintf(os.Stderr, "note: yay, winner (%s / %s): %s\n", time.Since(thisReqStart).Round(time.Millisecond), time.Since(start).Round(time.Millisecond), url) 143 | 144 | err = writeResponse(resp, os.Stdout) 145 | if err != nil { 146 | fmt.Fprintf(os.Stderr, "error: printing reply from %s: %s\n", url, err) 147 | } 148 | 149 | os.Exit(0) 150 | } 151 | 152 | func handleRequest(path string) { 153 | if path == "" || path[0] != '/' { 154 | path = "/" + path 155 | } 156 | 157 | seenIP := sync.Map{} 158 | 159 | var wg sync.WaitGroup 160 | for _, server := range servers { 161 | wg.Add(1) 162 | go func(name, port string) { 163 | defer wg.Done() 164 | 165 | ips, err := net.LookupIP(name) 166 | if err != nil { 167 | fmt.Fprintf(os.Stderr, "warning: failed to lookup %s (ignoring): %s\n", name, err) 168 | return 169 | } 170 | 171 | for _, ip := range ips { 172 | // skip any IP+port combo we've already checked (especially since *.pool.sks-keyservers.net will likely have lots of overlapping servers) 173 | ipStr := ip.String() + ":" + port 174 | if _, loaded := seenIP.LoadOrStore(ipStr, true); loaded { 175 | continue 176 | } 177 | 178 | doTheThing(name, ip, port, path) 179 | } 180 | }(server[0], server[1]) 181 | } 182 | wg.Wait() 183 | 184 | // FAILURE!!! so sad (return the final failing result so we have something useful to report back) 185 | failureMutex.Lock() 186 | fmt.Fprintf(os.Stderr, "error: wow, total failure (%s)\n", time.Since(start).Round(time.Millisecond)) 187 | _, err := finalFailure.WriteTo(os.Stdout) 188 | if err != nil { 189 | fmt.Fprintf(os.Stderr, "error: writing final failure failed: %s\n", err) 190 | } 191 | os.Exit(1) 192 | } 193 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/tianon/pgp-happy-eyeballs 2 | 3 | go 1.12 4 | 5 | require github.com/valyala/fasthttp v1.34.0 6 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY= 2 | github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= 3 | github.com/klauspost/compress v1.15.0 h1:xqfchp4whNFxn5A4XFyyYtitiWI8Hy5EW59jEwcyL6U= 4 | github.com/klauspost/compress v1.15.0/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= 5 | github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= 6 | github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= 7 | github.com/valyala/fasthttp v1.34.0 h1:d3AAQJ2DRcxJYHm7OXNXtXt2as1vMDfxeIcFvhmGGm4= 8 | github.com/valyala/fasthttp v1.34.0/go.mod h1:epZA5N+7pY6ZaEKRmstzOuYJx9HI8DI1oaCGZpdH4h0= 9 | github.com/valyala/tcplisten v1.0.0/go.mod h1:T0xQ8SeCZGxckz9qRXTfG43PvQ/mcWh7FwZEA7Ioqkc= 10 | golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= 11 | golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= 12 | golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= 13 | golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 14 | golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 15 | golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 16 | golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 17 | golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 18 | golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= 19 | golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= 20 | golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 21 | golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= 22 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 23 | -------------------------------------------------------------------------------- /hack-my-builds.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | echo >&2 5 | echo >&2 'WARNING: this entire tool is deprecated! Please adjust your usage accordingly.' 6 | echo >&2 7 | sleep 2 8 | 9 | # uses https://github.com/tianon/rawdns to install pgp-happy-eyeballs in a way that can be used for "curl|bash" in cloud-based CI builds for transparently happy eyeballs 10 | 11 | set -x 12 | 13 | bip="$(ip address show dev docker0 | awk '$1 == "inet" { print $2; exit }')" 14 | [ -n "$bip" ] 15 | ip="${bip%/*}" 16 | [ -n "$ip" ] 17 | 18 | uid="$(id -u)" 19 | _sudo() { 20 | if [ "$uid" = '0' ]; then 21 | "$@" 22 | else 23 | sudo "$@" 24 | fi 25 | } 26 | 27 | _sudo sh -xec ' 28 | mkdir -p /etc/docker 29 | [ -s /etc/docker/daemon.json ] || echo "{}" > /etc/docker/daemon.json 30 | ' 31 | 32 | _sudo jq --arg bip "$bip" --arg ip "$ip" ' 33 | .bip = $bip 34 | | .dns = [ 35 | $ip, 36 | "1.1.1.1", 37 | "1.0.0.1" 38 | ] 39 | ' /etc/docker/daemon.json \ 40 | | sed 's/ /\t/g' \ 41 | | _sudo tee /etc/docker/daemon.json.rawdns \ 42 | > /dev/null 43 | _sudo mv /etc/docker/daemon.json.rawdns /etc/docker/daemon.json 44 | if [ -d /run/systemd/system ] && command -v systemctl; then 45 | _sudo systemctl --quiet stop docker || : 46 | _sudo systemctl start docker 47 | _sudo systemctl --full --no-pager status docker 48 | else 49 | _sudo service docker stop &> /dev/null || : 50 | _sudo service docker start 51 | fi 52 | docker version > /dev/null 53 | 54 | : "${squignixHostname:="$(docker container inspect squignix &> /dev/null && echo 'squignix.docker' || :)"}" 55 | 56 | docker rm -vf rawdns &> /dev/null || : 57 | docker run -d \ 58 | --restart always \ 59 | --name rawdns \ 60 | -v /var/run/docker.sock:/var/run/docker.sock \ 61 | -p "$ip":53:53/tcp \ 62 | -p "$ip":53:53/udp \ 63 | --dns 1.1.1.1 \ 64 | --dns 1.0.0.1 \ 65 | -e squignixHostname="$squignixHostname" \ 66 | tianon/rawdns sh -xec ' 67 | cat > /rawdns.json <<-EOF 68 | { 69 | EOF 70 | 71 | for host in "keyserver.ubuntu.com" "pgp.mit.edu" "pool.sks-keyservers.net"; do 72 | cat >> /rawdns.json <<-EOF 73 | "$host.": { "type": "static", "cnames": [ "pgp-happy-eyeballs.docker" ], "nameservers": [ "127.0.0.1" ] }, 74 | EOF 75 | done 76 | cat >> /rawdns.json <<-EOF 77 | "hkps.pool.sks-keyservers.net.": { "type": "forwarding", "nameservers": [ "1.1.1.1", "1.0.0.1", "8.8.8.8", "8.8.4.4" ] }, 78 | EOF 79 | 80 | # if we have a squignix host, we should use it! 81 | if [ -n "$squignixHostname" ]; then 82 | for host in "deb.debian.org" "snapshot.debian.org" "archive.ubuntu.com" "dl-cdn.alpinelinux.org"; do 83 | cat >> /rawdns.json <<-EOF 84 | "$host.": { "type": "static", "cnames": [ "$squignixHostname" ], "nameservers": [ "127.0.0.1" ] }, 85 | EOF 86 | done 87 | fi 88 | 89 | cat >> /rawdns.json <<-EOF 90 | "docker.": { "type": "containers", "socket": "unix:///var/run/docker.sock" }, 91 | ".": { "type": "forwarding", "nameservers": [ "1.1.1.1", "1.0.0.1" ] } 92 | } 93 | EOF 94 | 95 | cat /rawdns.json 96 | exec rawdns /rawdns.json 97 | ' 98 | docker rm -vf pgp-happy-eyeballs &> /dev/null || : 99 | docker run -d --restart always --name pgp-happy-eyeballs --dns 1.1.1.1 --dns 1.0.0.1 tianon/pgp-happy-eyeballs 100 | 101 | # trust, but verify 102 | docker run --rm tianon/network-toolbox:alpine gpg --keyserver fake.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 103 | docker logs rawdns 104 | docker logs pgp-happy-eyeballs 105 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | ) 6 | 7 | func main() { 8 | path := os.Getenv("REQUEST_URI") 9 | if path != "" { 10 | handleRequest(path) 11 | } else { 12 | cgiServer() 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | "net/http/cgi" 6 | ) 7 | 8 | func cgiServer() { 9 | cgiHandler := &cgi.Handler{ 10 | Path: "/proc/self/exe", 11 | Dir: ".", 12 | } 13 | go http.ListenAndServe(":80", cgiHandler) 14 | http.ListenAndServe(":11371", cgiHandler) 15 | } 16 | --------------------------------------------------------------------------------