Merge pull request Jigsaw-Code#392 from Jigsaw-Code/fortuna-single-port

Single port cleanup
paulzwoo · Feb 8, 2019 · 8211a48 · 8211a48
2 parents c6b3e3a + 12b4d57
commit 8211a48
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 38 deletions.
diff --git a/src/server_manager/install_scripts/install_server.sh b/src/server_manager/install_scripts/install_server.sh
@@ -312,27 +312,19 @@ function check_firewall() {
      FIREWALL_STATUS="\
 You won’t be able to access it externally, despite your server being correctly
 set up, because there's a firewall (in this machine, your router or cloud
-provider) that is preventing incoming connections to ports ${SB_API_PORT} and ${ACCESS_KEY_PORT}.
-
-- If you plan to have a single access key to access your server, opening those
-  ports for TCP and UDP should suffice.
-- If you plan on adding additional access keys, you’ll have to open ports 1024
-  through 65535 on your firewall since the Outline server may allocate any of
-  those ports to new access keys.
-"
+provider) that is preventing incoming connections to ports ${SB_API_PORT} and ${ACCESS_KEY_PORT}."
   else
     FIREWALL_STATUS="\
 If you have connection problems, it may be that your router or cloud provider
-blocks inbound connections, even though your machine seems to allow them.
-
-- If you plan to have a single access key to access your server make sure
-  ports ${SB_API_PORT} and ${ACCESS_KEY_PORT} are open for TCP and UDP on
-  your router or cloud provider.
-- If you plan on adding additional access keys, you’ll have to open ports
-  1024 through 65535 on your router or cloud provider since the Outline
-  Server may allocate any of those ports to new access keys.
-"
+blocks inbound connections, even though your machine seems to allow them."
   fi
+  FIREWALL_STATUS="\
+$FIREWALL_STATUS
+
+Make sure to open the following ports on your firewall, router or cloud provider:
+- Management port ${SB_API_PORT}, for TCP
+- Access key port ${ACCESS_KEY_PORT}, for TCP and UDP
+"
 }
 
 install_shadowbox() {

diff --git a/src/shadowbox/server/main.ts b/src/shadowbox/server/main.ts
@@ -24,7 +24,6 @@ import {PortProvider} from '../infrastructure/get_port';
 import * as json_config from '../infrastructure/json_config';
 import * as logging from '../infrastructure/logging';
 import {PrometheusClient, runPrometheusScraper} from '../infrastructure/prometheus_scraper';
-import {RolloutTracker} from '../infrastructure/rollout';
 import {AccessKeyId} from '../model/access_key';
 
 import {PrometheusManagerMetrics} from './manager_metrics';
@@ -78,20 +77,10 @@ async function reservePortForNewAccessKeys(
     portProvider: PortProvider,
     serverConfig: json_config.JsonConfig<server_config.ServerConfigJson>): Promise<number> {
   serverConfig.data().portForNewAccessKeys = await portProvider.reserveNewPort();
+  serverConfig.write();
   return serverConfig.data().portForNewAccessKeys;
 }
 
-function createRolloutTracker(serverConfig: json_config.JsonConfig<server_config.ServerConfigJson>):
-    RolloutTracker {
-  const rollouts = new RolloutTracker(serverConfig.data().serverId);
-  if (serverConfig.data().rollouts) {
-    for (const rollout of serverConfig.data().rollouts) {
-      rollouts.forceRollout(rollout.id, rollout.enabled);
-    }
-  }
-  return rollouts;
-}
-
 async function main() {
   const verbose = process.env.LOG_LEVEL === 'debug';
   const portProvider = new PortProvider();
@@ -174,15 +163,9 @@ async function main() {
   const accessKeyRepository = new ServerAccessKeyRepository(
       portProvider, proxyHostname, accessKeyConfig, shadowsocksServer);
 
-  // TODO(fortuna): Once single-port is fully rollout, we should:
-  // - update `install_server.sh` to stop using `--net=host` for new servers (old servers are stuck
-  //   with that forever) and output new instructions for port configuration.
-  // - update manger UI to provide new instructions for port configuration in manual mode.
-  if (createRolloutTracker(serverConfig).isRolloutEnabled('single-port', 100)) {
-    const portForNewAccessKeys = getPortForNewAccessKeys(serverConfig, accessKeyConfig) ||
-        await reservePortForNewAccessKeys(portProvider, serverConfig);
-    accessKeyRepository.enableSinglePort(portForNewAccessKeys);
-  }
+  const portForNewAccessKeys = getPortForNewAccessKeys(serverConfig, accessKeyConfig) ||
+      await reservePortForNewAccessKeys(portProvider, serverConfig);
+  accessKeyRepository.enableSinglePort(portForNewAccessKeys);
 
   const prometheusClient = new PrometheusClient(`http://${prometheusLocation}`);
   const metricsReader = new PrometheusUsageMetrics(prometheusClient);