corazawaf · DavidProdinger · Nov 14, 2024 · Nov 18, 2024 · Nov 19, 2024 · Nov 20, 2024
diff --git a/contrib/coraza-spoa.service b/contrib/coraza-spoa.service
@@ -4,9 +4,9 @@ Documentation=https://www.coraza.io
 
 [Service]
 ExecStart=/usr/bin/coraza-spoa -config=/etc/coraza-spoa/config.yaml
-WorkingDirectory=/
+WorkingDirectory=/etc/coraza-spoa/
 Restart=always
-Type=exec
+Type=notify-reload
 User=coraza-spoa
 Group=coraza-spoa
 
@@ -45,7 +45,7 @@ InaccessiblePaths=-/opt
 InaccessiblePaths=-/srv
 #InaccessiblePaths=-/bin
 InaccessiblePaths=-/bin/bash
-inaccessiblepaths=-/bin/find
+InaccessiblePaths=-/bin/find
 InaccessiblePaths=-/bin/less
 InaccessiblePaths=-/bin/zcat
 InaccessiblePaths=-/bin/rm

diff --git a/go.mod b/go.mod
@@ -5,11 +5,11 @@ go 1.23.1
 require (
 	github.com/corazawaf/coraza-coreruleset v0.0.0-20240226094324-415b1017abdc
 	github.com/corazawaf/coraza/v3 v3.2.1
+	github.com/coreos/go-systemd/v22 v22.5.0
 	github.com/dropmorepackets/haproxy-go v0.0.5
 	github.com/jcchavezs/mergefs v0.0.0-20230503083351-07f27d256761
 	github.com/magefile/mage v1.15.0
 	github.com/mccutchen/go-httpbin/v2 v2.14.0
-	github.com/pires/go-proxyproto v0.8.0
 	github.com/rs/zerolog v1.33.0
 	gopkg.in/yaml.v3 v3.0.1
 	istio.io/istio v0.0.0-20240218163812-d80ef7b19049

diff --git a/go.sum b/go.sum
@@ -4,6 +4,7 @@ github.com/corazawaf/coraza/v3 v3.2.1 h1:zBIji4ut9FtFe8lXdqFwXMAkUoDJZ7HsOlEUYWE
 github.com/corazawaf/coraza/v3 v3.2.1/go.mod h1:fVndCGdUHJWl9c26VZPcORQRzUYwMPnRkC6TyTkhbUg=
 github.com/corazawaf/libinjection-go v0.2.1 h1:vNJ7L6c4xkhRgYU6sIO0Tl54TmeCQv/yfxBma30Dy/Y=
 github.com/corazawaf/libinjection-go v0.2.1/go.mod h1:OP4TM7xdJ2skyXqNX1AN1wN5nNZEmJNuWbNPOItn7aw=
+github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -30,8 +31,6 @@ github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4=
 github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY=
 github.com/petar-dambovaliev/aho-corasick v0.0.0-20240411101913-e07a1f0e8eb4 h1:1Kw2vDBXmjop+LclnzCb/fFy+sgb3gYARwfmoUcQe6o=
 github.com/petar-dambovaliev/aho-corasick v0.0.0-20240411101913-e07a1f0e8eb4/go.mod h1:EHPiTAKtiFmrMldLUNswFwfZ2eJIYBHktdaUTZxYWRw=
-github.com/pires/go-proxyproto v0.7.0 h1:IukmRewDQFWC7kfnb66CSomk2q/seBuilHBYFwyq0Hs=
-github.com/pires/go-proxyproto v0.7.0/go.mod h1:Vz/1JPY/OACxWGQNIRY2BeyDmpoaWmEP40O9LbuiFR4=
 github.com/pires/go-proxyproto v0.8.0/go.mod h1:iknsfgnH8EkjrMeMyvfKByp9TiBZCKZM0jx2xmKqnVY=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=

diff --git a/main.go b/main.go
@@ -13,6 +13,7 @@ import (
 	"runtime/pprof"
 	"syscall"
 
+	"github.com/coreos/go-systemd/v22/daemon"
 	"github.com/rs/zerolog"
 
 	"github.com/corazawaf/coraza-spoa/internal"
@@ -79,8 +80,15 @@ func main() {
 		defer cancelFunc()
 
 		globalLogger.Info().Msg("Starting coraza-spoa")
+
+		_, err := daemon.SdNotify(false, daemon.SdNotifyReady)
+		if err != nil {
+			globalLogger.Error().Err(err).Msg("Failed notifying daemon")
+		}
+
 		if err := a.Serve(l); err != nil {
 			globalLogger.Fatal().Err(err).Msg("listener closed")
+			_, _ = daemon.SdNotify(false, daemon.SdNotifyStopping)
 		}
 	}()
 
@@ -92,10 +100,20 @@ outer:
 		switch sig {
 		case syscall.SIGTERM:
 			globalLogger.Info().Msg("Received SIGTERM, shutting down...")
+
+			_, err := daemon.SdNotify(false, daemon.SdNotifyStopping)
+			if err != nil {
+				globalLogger.Error().Err(err).Msg("Failed notifying daemon")
+			}
 			// this return will run cancel() and close the server
 			break outer
 		case syscall.SIGINT:
 			globalLogger.Info().Msg("Received SIGINT, shutting down...")
+
+			_, err := daemon.SdNotify(false, daemon.SdNotifyStopping)
+			if err != nil {
+				globalLogger.Error().Err(err).Msg("Failed notifying daemon")
+			}
 			break outer
 		case syscall.SIGHUP:
 			globalLogger.Info().Msg("Received SIGHUP, reloading configuration...")
@@ -126,8 +144,18 @@ outer:
 				continue
 			}
 
+			_, err = daemon.SdNotify(false, daemon.SdNotifyReloading)
+			if err != nil {
+				globalLogger.Error().Err(err).Msg("Failed notifying daemon")
+			}
+
 			a.ReplaceApplications(apps)
 			cfg = newCfg
+
+			_, err = daemon.SdNotify(false, daemon.SdNotifyReady)
+			if err != nil {
+				globalLogger.Error().Err(err).Msg("Failed notifying daemon")
+			}
 		}
 	}