Add read only public port on volume server

Add read only public port on volume server

4 files changed, 57 insertions, 48 deletions

diff --git a/go/weed/server.go b/go/weed/server.go
index dd05d035a..dd0355d55 100644
--- a/go/weed/server.go
+++ b/go/weed/server.go
@@ -64,7 +64,7 @@ var (
 	masterConfFile                = cmdServer.Flag.String("master.conf", "/etc/weedfs/weedfs.conf", "xml configuration file")
 	masterDefaultReplicaPlacement = cmdServer.Flag.String("master.defaultReplicaPlacement", "000", "Default replication type if not specified.")
 	volumePort                    = cmdServer.Flag.Int("volume.port", 8080, "volume server http listen port")
-	volumeAdminPort               = cmdServer.Flag.Int("volume.port.admin", 0, "volume server admin port to talk with master and other volume servers")
+	volumePublicPort              = cmdServer.Flag.Int("volume.port.public", 0, "volume server public port")
 	volumeDataFolders             = cmdServer.Flag.String("dir", os.TempDir(), "directories to store data files. dir[,dir]...")
 	volumeMaxDataVolumeCounts     = cmdServer.Flag.String("volume.max", "7", "maximum numbers of volumes, count[,count]...")
 	volumePulse                   = cmdServer.Flag.Int("pulseSeconds", 5, "number of seconds between heartbeats")
@@ -109,8 +109,8 @@ func runServer(cmd *Command, args []string) bool {
 		*filerOptions.defaultReplicaPlacement = *masterDefaultReplicaPlacement
 	}
 
-	if *volumeAdminPort == 0 {
-		*volumeAdminPort = *volumePort
+	if *volumePublicPort == 0 {
+		*volumePublicPort = *volumePort
 	}
 
 	if *serverMaxCpu < 1 {
@@ -223,9 +223,17 @@ func runServer(cmd *Command, args []string) bool {
 
 	volumeWait.Wait()
 	time.Sleep(100 * time.Millisecond)
-	r := http.NewServeMux()
-	volumeServer := weed_server.NewVolumeServer(r, r,
-		*serverIp, *volumePort, *volumeAdminPort, *serverPublicUrl,
+	if *volumePublicPort == 0 {
+		*volumePublicPort = *volumePort
+	}
+	isSeperatedPublicPort := *volumePublicPort != *volumePort
+	volumeMux := http.NewServeMux()
+	publicVolumeMux := volumeMux
+	if isSeperatedPublicPort {
+		publicVolumeMux = http.NewServeMux()
+	}
+	volumeServer := weed_server.NewVolumeServer(volumeMux, publicVolumeMux,
+		*serverIp, *volumePort, *serverPublicUrl,
 		folders, maxCounts,
 		*serverIp+":"+strconv.Itoa(*masterPort), *volumePulse, *serverDataCenter, *serverRack,
 		serverWhiteList, *volumeFixJpgOrientation,
@@ -239,13 +247,26 @@ func runServer(cmd *Command, args []string) bool {
 	if eListen != nil {
 		glog.Fatalf("Volume server listener error: %v", eListen)
 	}
+	if isSeperatedPublicPort {
+		publicListeningAddress := *serverIp + ":" + strconv.Itoa(*volumePublicPort)
+		glog.V(0).Infoln("Start Seaweed volume server", util.VERSION, "public at", publicListeningAddress)
+		publicListener, e := util.NewListener(publicListeningAddress, time.Duration(*serverTimeout)*time.Second)
+		if e != nil {
+			glog.Fatalf("Volume server listener error:%v", e)
+		}
+		go func() {
+			if e := http.Serve(publicListener, publicVolumeMux); e != nil {
+				glog.Fatalf("Volume server fail to serve public: %v", e)
+			}
+		}()
+	}
 
 	OnInterrupt(func() {
 		volumeServer.Shutdown()
 		pprof.StopCPUProfile()
 	})
 
-	if e := http.Serve(volumeListener, r); e != nil {
+	if e := http.Serve(volumeListener, volumeMux); e != nil {
 		glog.Fatalf("Volume server fail to serve:%v", e)
 	}
 
diff --git a/go/weed/volume.go b/go/weed/volume.go
index f346d4b1c..aa2643d20 100644
--- a/go/weed/volume.go
+++ b/go/weed/volume.go
@@ -19,7 +19,7 @@ var (
 
 type VolumeServerOptions struct {
 	port                  *int
-	adminPort             *int
+	publicPort            *int
 	folders               []string
 	folderMaxLimits       []int
 	ip                    *string
@@ -38,7 +38,7 @@ type VolumeServerOptions struct {
 func init() {
 	cmdVolume.Run = runVolume // break init cycle
 	v.port = cmdVolume.Flag.Int("port", 8080, "http listen port")
-	v.adminPort = cmdVolume.Flag.Int("port.admin", 0, "admin port to talk with master and other volume servers")
+	v.publicPort = cmdVolume.Flag.Int("port.public", 0, "port opened to public")
 	v.ip = cmdVolume.Flag.String("ip", "", "ip or server name")
 	v.publicUrl = cmdVolume.Flag.String("publicUrl", "", "Publicly accessible address")
 	v.bindIp = cmdVolume.Flag.String("ip.bind", "0.0.0.0", "ip address to bind to")
@@ -102,19 +102,19 @@ func runVolume(cmd *Command, args []string) bool {
 		*v.publicUrl = *v.ip + ":" + strconv.Itoa(*v.port)
 	}
 
-	if *v.adminPort == 0 {
-		*v.adminPort = *v.port
+	if *v.publicPort == 0 {
+		*v.publicPort = *v.port
 	}
-	isSeperatedAdminPort := *v.adminPort != *v.port
+	isSeperatedPublicPort := *v.publicPort != *v.port
 
-	publicMux := http.NewServeMux()
-	adminMux := publicMux
-	if isSeperatedAdminPort {
-		adminMux = http.NewServeMux()
+	volumeMux := http.NewServeMux()
+	publicVolumeMux := volumeMux
+	if isSeperatedPublicPort {
+		publicVolumeMux = http.NewServeMux()
 	}
 
-	volumeServer := weed_server.NewVolumeServer(publicMux, adminMux,
-		*v.ip, *v.port, *v.adminPort, *v.publicUrl,
+	volumeServer := weed_server.NewVolumeServer(volumeMux, publicVolumeMux,
+		*v.ip, *v.port, *v.publicUrl,
 		v.folders, v.folderMaxLimits,
 		*v.master, *v.pulseSeconds, *v.dataCenter, *v.rack,
 		v.whiteList,
@@ -127,16 +127,16 @@ func runVolume(cmd *Command, args []string) bool {
 	if e != nil {
 		glog.Fatalf("Volume server listener error:%v", e)
 	}
-	if isSeperatedAdminPort {
-		adminListeningAddress := *v.bindIp + ":" + strconv.Itoa(*v.adminPort)
-		glog.V(0).Infoln("Start Seaweed volume server", util.VERSION, "admin at", adminListeningAddress)
-		adminListener, e := util.NewListener(adminListeningAddress, time.Duration(*v.idleConnectionTimeout)*time.Second)
+	if isSeperatedPublicPort {
+		publicListeningAddress := *v.bindIp + ":" + strconv.Itoa(*v.publicPort)
+		glog.V(0).Infoln("Start Seaweed volume server", util.VERSION, "public at", publicListeningAddress)
+		publicListener, e := util.NewListener(publicListeningAddress, time.Duration(*v.idleConnectionTimeout)*time.Second)
 		if e != nil {
 			glog.Fatalf("Volume server listener error:%v", e)
 		}
 		go func() {
-			if e := http.Serve(adminListener, adminMux); e != nil {
-				glog.Fatalf("Volume server fail to serve admin: %v", e)
+			if e := http.Serve(publicListener, publicVolumeMux); e != nil {
+				glog.Fatalf("Volume server fail to serve public: %v", e)
 			}
 		}()
 	}
@@ -145,7 +145,7 @@ func runVolume(cmd *Command, args []string) bool {
 		volumeServer.Shutdown()
 	})
 
-	if e := http.Serve(listener, publicMux); e != nil {
+	if e := http.Serve(listener, volumeMux); e != nil {
 		glog.Fatalf("Volume server fail to serve: %v", e)
 	}
 	return true
diff --git a/go/weed/weed_server/volume_server.go b/go/weed/weed_server/volume_server.go
index 9fb7fac99..0bcbc693c 100644
--- a/go/weed/weed_server/volume_server.go
+++ b/go/weed/weed_server/volume_server.go
@@ -23,8 +23,8 @@ type VolumeServer struct {
 	FixJpgOrientation bool
 }
 
-func NewVolumeServer(publicMux, adminMux *http.ServeMux, ip string,
-	port, adminPort int, publicUrl string,
+func NewVolumeServer(adminMux, publicMux *http.ServeMux, ip string,
+	port int, publicUrl string,
 	folders []string, maxCounts []int,
 	masterNode string, pulseSeconds int,
 	dataCenter string, rack string,
@@ -37,7 +37,7 @@ func NewVolumeServer(publicMux, adminMux *http.ServeMux, ip string,
 		FixJpgOrientation: fixJpgOrientation,
 	}
 	vs.SetMasterNode(masterNode)
-	vs.store = storage.NewStore(port, adminPort, ip, publicUrl, folders, maxCounts)
+	vs.store = storage.NewStore(port, ip, publicUrl, folders, maxCounts)
 
 	vs.guard = security.NewGuard(whiteList, "")
 
@@ -56,8 +56,7 @@ func NewVolumeServer(publicMux, adminMux *http.ServeMux, ip string,
 		adminMux.HandleFunc("/delete", vs.guard.WhiteList(vs.batchDeleteHandler))
 		adminMux.HandleFunc("/", vs.privateStoreHandler)
 	}
-	publicMux.HandleFunc("/delete", vs.guard.Secure(vs.batchDeleteHandler))
-	publicMux.HandleFunc("/", vs.publicStoreHandler)
+	publicMux.HandleFunc("/", vs.publicReadOnlyHandler)
 
 	go func() {
 		connected := true
diff --git a/go/weed/weed_server/volume_server_handlers.go b/go/weed/weed_server/volume_server_handlers.go
index a9179b284..8bd5934ae 100644
--- a/go/weed/weed_server/volume_server_handlers.go
+++ b/go/weed/weed_server/volume_server_handlers.go
@@ -8,19 +8,17 @@ import (
 
 /*
 
-Public port supports reads. Writes on public port can have one of the 3
+If volume server is started with a separated public port, the public port will
+be more "secure".
+
+Public port currently only supports reads.
+
+Later writes on public port can have one of the 3
 security settings:
 1. not secured
 2. secured by white list
 3. secured by JWT(Json Web Token)
 
-If volume server is started with a separated admin port, the admin port will
-have less "security" for easier implementation.
-Admin port always supports reads.  Writes on admin port can have one of
-the 2 security settings:
-1. not secured
-2. secured by white list
-
 */
 
 func (vs *VolumeServer) privateStoreHandler(w http.ResponseWriter, r *http.Request) {
@@ -43,7 +41,7 @@ func (vs *VolumeServer) privateStoreHandler(w http.ResponseWriter, r *http.Reque
 	}
 }
 
-func (vs *VolumeServer) publicStoreHandler(w http.ResponseWriter, r *http.Request) {
+func (vs *VolumeServer) publicReadOnlyHandler(w http.ResponseWriter, r *http.Request) {
 	switch r.Method {
 	case "GET":
 		stats.ReadRequest()
@@ -51,14 +49,5 @@ func (vs *VolumeServer) publicStoreHandler(w http.ResponseWriter, r *http.Reques
 	case "HEAD":
 		stats.ReadRequest()
 		vs.GetOrHeadHandler(w, r)
-	case "DELETE":
-		stats.DeleteRequest()
-		vs.guard.Secure(vs.DeleteHandler)(w, r)
-	case "PUT":
-		stats.WriteRequest()
-		vs.guard.Secure(vs.PostHandler)(w, r)
-	case "POST":
-		stats.WriteRequest()
-		vs.guard.Secure(vs.PostHandler)(w, r)
 	}
 }