From 4d7c8368102bd896c8efab3bac0bf687ea4f311d Mon Sep 17 00:00:00 2001 From: Tyler Date: Mon, 15 Aug 2022 02:46:25 -0400 Subject: [PATCH] Update README to include check information and code quality --- README.md | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 02722c2..0766ed9 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ This repository contains a redirect service for Armbian downloads, apt, etc. It uses multiple current technologies and best practices, including: - Go 1.19 +- Ginkgo v2 and Gomega testing framework - GeoIP + Distance routing - Server weighting, pooling (top x servers are served instead of a single one) - Health checks (HTTP, TLS) @@ -13,9 +14,28 @@ It uses multiple current technologies and best practices, including: Code Quality ------------ -The code quality isn't the greatest/top tier. All code lives in the "main" package and should be moved at some point. +The code quality isn't the greatest/top tier. Work is being done towards cleaning it up and standardizing it, writing tests, etc. -Regardless, it is meant to be simple and easy to understand. +All contributions are welcome, see the `check_test.go` file for example tests. + +Checks +------ + +The supported checks are HTTP and TLS. + +### HTTP + +Verifies server accessibility via HTTP. If the server returns a forced redirect to an `https://` url, it is considered to be https-only. + +If the server responds on the `https` url with a forced `http` redirect, it will be marked down due to misconfiguration. Requests should never downgrade. + +### TLS + +Certificate checking to ensure no servers are used which have invalid/expired certificates. This check is written to use the Mozilla ca certificate list, loaded on start/config load, to verify roots. + +OS certificate trusts WERE being used to do this, however some issues with the date validation (which could be user error) caused the move to the ca bundle, which could be considered more usable. + +Note: This downloads from github every startup/reload. This should be a reliable process, as long as Mozilla doesn't deprecate their repo. Their HG URL is super slow. Configuration -------------