ACME compatibility fix for /.well-known/

+ Updated acme well known take-over regrex
+ Added experimental config export and import
+ Added unit test for location rewrite in dpcore
+ Moved all config files to ./conf and original proxy files to ./conf/proxy
+ Minor optimization on UI regarding TLS verification logo on subdomain and vdir list

src/mod/acme/acme.go

@@ -134,12 +134,12 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
 
 	// Each certificate comes back with the cert bytes, the bytes of the client's
 	// private key, and a certificate URL.
-	err = ioutil.WriteFile("./certs/"+certificateName+".crt", certificates.Certificate, 0777)
+	err = ioutil.WriteFile("./conf/certs/"+certificateName+".crt", certificates.Certificate, 0777)
 	if err != nil {
 		log.Println(err)
 		return false, err
 	}
-	err = ioutil.WriteFile("./certs/"+certificateName+".key", certificates.PrivateKey, 0777)
+	err = ioutil.WriteFile("./conf/certs/"+certificateName+".key", certificates.PrivateKey, 0777)
 	if err != nil {
 		log.Println(err)
 		return false, err
@@ -154,7 +154,7 @@ func (a *ACMEHandler) ObtainCert(domains []string, certificateName string, email
 // it will said expired as well!
 func (a *ACMEHandler) CheckCertificate() []string {
 	// read from dir
-	filenames, err := os.ReadDir("./certs/")
+	filenames, err := os.ReadDir("./conf/certs/")
 
 	expiredCerts := []string{}
 
@@ -164,7 +164,7 @@ func (a *ACMEHandler) CheckCertificate() []string {
 	}
 
 	for _, filename := range filenames {
-		certFilepath := filepath.Join("./certs/", filename.Name())
+		certFilepath := filepath.Join("./conf/certs/", filename.Name())
 
 		certBytes, err := os.ReadFile(certFilepath)
 		if err != nil {

src/mod/acme/autorenew.go

@@ -341,6 +341,12 @@ func (a *AutoRenewer) CheckAndRenewCertificates() ([]string, error) {
 	return a.renewExpiredDomains(expiredCertList)
 }
 
+func (a *AutoRenewer) Close() {
+	if a.TickerstopChan != nil {
+		a.TickerstopChan <- true
+	}
+}
+
 // Renew the certificate by filename extract all DNS name from the
 // certificate and renew them one by one by calling to the acmeHandler
 func (a *AutoRenewer) renewExpiredDomains(certs []*ExpiredCerts) ([]string, error) {

src/mod/dynamicproxy/dpcore/dpcore.go

@@ -91,11 +91,12 @@ func NewDynamicProxyCore(target *url.URL, prepender string, ignoreTLSVerificatio
 
 	//Hack the default transporter to handle more connections
 	thisTransporter := http.DefaultTransport
-	thisTransporter.(*http.Transport).MaxIdleConns = 3000
-	thisTransporter.(*http.Transport).MaxIdleConnsPerHost = 3000
-	thisTransporter.(*http.Transport).IdleConnTimeout = 10 * time.Second
-	thisTransporter.(*http.Transport).MaxConnsPerHost = 0
-	//thisTransporter.(*http.Transport).DisableCompression = true
+	optimalConcurrentConnection := 32
+	thisTransporter.(*http.Transport).MaxIdleConns = optimalConcurrentConnection * 2
+	thisTransporter.(*http.Transport).MaxIdleConnsPerHost = optimalConcurrentConnection
+	thisTransporter.(*http.Transport).IdleConnTimeout = 30 * time.Second
+	thisTransporter.(*http.Transport).MaxConnsPerHost = optimalConcurrentConnection * 2
+	thisTransporter.(*http.Transport).DisableCompression = true
 
 	if ignoreTLSVerification {
 		//Ignore TLS certificate validation error

src/mod/dynamicproxy/dpcore/dpcore_test.go

@@ -0,0 +1,49 @@
+package dpcore_test
+
+import (
+	"testing"
+
+	"imuslab.com/zoraxy/mod/dynamicproxy/dpcore"
+)
+
+func TestReplaceLocationHost(t *testing.T) {
+	urlString := "http://private.com/test/newtarget/"
+	rrr := &dpcore.ResponseRewriteRuleSet{
+		OriginalHost: "test.example.com",
+		ProxyDomain:  "private.com/test",
+		UseTLS:       true,
+	}
+	useTLS := true
+
+	expectedResult := "https://test.example.com/newtarget/"
+
+	result, err := dpcore.ReplaceLocationHost(urlString, rrr, useTLS)
+	if err != nil {
+		t.Errorf("Error occurred: %v", err)
+	}
+
+	if result != expectedResult {
+		t.Errorf("Expected: %s, but got: %s", expectedResult, result)
+	}
+}
+
+func TestReplaceLocationHostRelative(t *testing.T) {
+	urlString := "api/"
+	rrr := &dpcore.ResponseRewriteRuleSet{
+		OriginalHost: "test.example.com",
+		ProxyDomain:  "private.com/test",
+		UseTLS:       true,
+	}
+	useTLS := true
+
+	expectedResult := "https://test.example.com/api/"
+
+	result, err := dpcore.ReplaceLocationHost(urlString, rrr, useTLS)
+	if err != nil {
+		t.Errorf("Error occurred: %v", err)
+	}
+
+	if result != expectedResult {
+		t.Errorf("Expected: %s, but got: %s", expectedResult, result)
+	}
+}

src/mod/dynamicproxy/dpcore/utils.go

@@ -44,3 +44,8 @@ func replaceLocationHost(urlString string, rrr *ResponseRewriteRuleSet, useTLS b
 
 	return u.String(), nil
 }
+
+// Debug functions
+func ReplaceLocationHost(urlString string, rrr *ResponseRewriteRuleSet, useTLS bool) (string, error) {
+	return replaceLocationHost(urlString, rrr, useTLS)
+}

src/mod/dynamicproxy/redirection/handler.go

@@ -30,8 +30,13 @@ func (t *RuleTable) HandleRedirect(w http.ResponseWriter, r *http.Request) int {
 		redirectTarget := rr.TargetURL
 
 		if rr.ForwardChildpath {
-			//Remove the first / in the path
-			redirectTarget += strings.TrimPrefix(r.URL.Path, "/")
+			//Remove the first / in the path if the redirect target already have tailing slash
+			if strings.HasSuffix(redirectTarget, "/") {
+				redirectTarget += strings.TrimPrefix(r.URL.Path, "/")
+			} else {
+				redirectTarget += r.URL.Path
+			}
+
 			if r.URL.RawQuery != "" {
 				redirectTarget += "?" + r.URL.RawQuery
 			}

src/mod/ganserv/authkeyLinux.go

@@ -13,8 +13,8 @@ import (
 )
 
 func readAuthTokenAsAdmin() (string, error) {
-	if utils.FileExists("./authtoken.secret") {
-		authKey, err := os.ReadFile("./authtoken.secret")
+	if utils.FileExists("./conf/authtoken.secret") {
+		authKey, err := os.ReadFile("./conf/authtoken.secret")
 		if err == nil {
 			return strings.TrimSpace(string(authKey)), nil
 		}

src/mod/ganserv/authkeyWin.go

@@ -19,8 +19,8 @@ import (
 // Use admin permission to read auth token on Windows
 func readAuthTokenAsAdmin() (string, error) {
 	//Check if the previous startup already extracted the authkey
-	if utils.FileExists("./authtoken.secret") {
-		authKey, err := os.ReadFile("./authtoken.secret")
+	if utils.FileExists("./conf/authtoken.secret") {
+		authKey, err := os.ReadFile("./conf/authtoken.secret")
 		if err == nil {
 			return strings.TrimSpace(string(authKey)), nil
 		}
@@ -30,7 +30,7 @@ func readAuthTokenAsAdmin() (string, error) {
 	exe := "cmd.exe"
 	cwd, _ := os.Getwd()
 
-	output, _ := filepath.Abs(filepath.Join("./", "authtoken.secret"))
+	output, _ := filepath.Abs(filepath.Join("./conf/", "authtoken.secret"))
 	os.WriteFile(output, []byte(""), 0775)
 	args := fmt.Sprintf("/C type \"C:\\ProgramData\\ZeroTier\\One\\authtoken.secret\" > \"" + output + "\"")
 
@@ -49,13 +49,13 @@ func readAuthTokenAsAdmin() (string, error) {
 	log.Println("Please click agree to allow access to ZeroTier authtoken from ProgramData")
 	retry := 0
 	time.Sleep(3 * time.Second)
-	for !utils.FileExists("./authtoken.secret") && retry < 10 {
+	for !utils.FileExists("./conf/authtoken.secret") && retry < 10 {
 		time.Sleep(3 * time.Second)
 		log.Println("Waiting for ZeroTier authtoken extraction...")
 		retry++
 	}
 
-	authKey, err := os.ReadFile("./authtoken.secret")
+	authKey, err := os.ReadFile("./conf/authtoken.secret")
 	if err != nil {
 		return "", err
 	}