ISSUE-313

Remove explicit OS and Arch builds

Dockerfile

@@ -10,9 +10,11 @@ ADD . /go/src/github.com/dutchcoders/transfer.sh
 WORKDIR /go/src/github.com/dutchcoders/transfer.sh
 
 ENV GO111MODULE=on
+ENV GOOS=${GOOS}
+ENV GOARCH=${GOARCH}
 
 # build & install server
-RUN go get -u ./... && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags -a -tags netgo -ldflags '-w -extldflags "-static"' -o /go/bin/transfersh github.com/dutchcoders/transfer.sh
+RUN go get -u ./... && CGO_ENABLED=0 go build -ldflags -a -tags netgo -ldflags '-w -extldflags "-static"' -o /go/bin/transfersh github.com/dutchcoders/transfer.sh
 
 FROM scratch AS final
 LABEL maintainer="Andrea Spacca <andrea.spacca@gmail.com>"

README.md

@@ -90,6 +90,7 @@ ip-blacklist | comma separated list of ips not allowed to connect to the service
 temp-path | path to temp folder | system temp | TEMP_PATH |
 web-path | path to static web files (for development or custom front end) | | WEB_PATH |
 proxy-path | path prefix when service is run behind a proxy | | PROXY_PATH |
+proxy-port | port of the proxy when the service is run behind a proxy | | PROXY_PORT |
 ga-key | google analytics key for the front end | | GA_KEY |
 uservoice-key | user voice key for the front end  | | USERVOICE_KEY |
 provider | which storage provider to use | (s3, gdrive or local) | PROVIDER |

cmd/cmd.go

@@ -91,6 +91,12 @@ var globalFlags = []cli.Flag{
 		Value: "",
 		EnvVar: "PROXY_PATH",
 	},
+	cli.StringFlag{
+		Name:  "proxy-port",
+		Usage: "port of the proxy when the service is run behind a proxy",
+		Value: "",
+		EnvVar: "PROXY_PORT",
+	},
 	cli.StringFlag{
 		Name:  "ga-key",
 		Usage: "key for google analytics (front end)",
@@ -299,6 +305,10 @@ func New() *Cmd {
 			options = append(options, server.ProxyPath(v))
 		}
 
+		if v := c.String("proxy-port"); v != "" {
+			options = append(options, server.ProxyPort(v))
+		}
+
 		if v := c.String("ga-key"); v != "" {
 			options = append(options, server.GoogleAnalytics(v))
 		}

hooks/.config

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+
+set +u
+echo "variables (see https://docs.docker.com/docker-hub/builds/advanced/):"
+echo "SOURCE_BRANCH:   $SOURCE_BRANCH"
+echo "SOURCE_COMMIT:   $SOURCE_COMMIT"
+echo "COMMIT_MSG:      $COMMIT_MSG"
+echo "DOCKER_REPO:     $DOCKER_REPO"
+echo "DOCKERFILE_PATH: $DOCKERFILE_PATH"
+echo "CACHE_TAG:       $CACHE_TAG"
+echo "IMAGE_NAME:      $IMAGE_NAME"
+echo
+
+: "${DOCKERFILE_PATH:=./Dockerfile}"
+: "${IMAGE_NAME:=dutchcoders/transer.sh}"
+
+echo "variables after applying defaults:"
+echo "DOCKERFILE_PATH: $DOCKERFILE_PATH"
+echo "IMAGE_NAME:      $IMAGE_NAME"
+echo
+
+export PATH="$PWD/docker:$PATH"
+
+# =>
+# https://hub.docker.com/u/arm64v8/
+# https://hub.docker.com/u/arm32v7/
+# https://hub.docker.com/u/arm32v6/
+# https://hub.docker.com/u/arm32v5/
+declare -A base_image_prefix_map=( ["aarch64"]="arm64v8/" ["arm"]="arm32v5/" ["amd64"]="")
+
+# => dpkg -L qemu-user-static | grep /usr/bin/
+declare -A docker_qemu_arch_map=( ["aarch64"]="aarch64" ["arm"]="arm" ["amd64"]="x86_64")
+
+# => https://github.com/docker/docker-ce/blob/76ac3a4952a9c03f04f26fc88d3160acd51d1702/components/cli/cli/command/manifest/util.go#L22
+declare -A docker_to_manifest_map=( ["aarch64"]="arm64" ["arm"]="arm" ["amd64"]="amd64")
+
+# what we want to build
+build_architectures=(amd64 aarch64 arm)
+verified_build_architectures=()
+verified_build_architectures+=("$(docker version -f '{{.Server.Arch}}')")
+
+# what we can build
+for arch in ${build_architectures[@]}; do
+  if [ -f "qemu-${docker_qemu_arch_map[${arch}]}-static" ]; then
+    echo "qemu binary for $arch found";
+    verified_build_architectures+=($arch)
+  fi
+done
+
+echo $verified_build_architectures
+set -u
+
+docker -v
+echo

hooks/build

@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+set -eu
+
+echo "build"
+source hooks/.config
+
+echo "Will build the following architectures: $verified_build_architectures"
+echo "⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯"
+
+for arch in ${verified_build_architectures[@]}; do
+  echo "building $arch"
+  echo "⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯"
+
+  BASE_IMAGE_PREFIX="${base_image_prefix_map[${arch}]}"
+  docker build \
+    --build-arg GOOS=linux \
+    --build-arg GOARCH=${arch} \
+    --file $DOCKERFILE_PATH \
+    --tag "${IMAGE_NAME}-${arch}"  \
+    .
+done
+
+echo "images built:"
+echo "⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯"
+docker image ls
+
+# https://github.com/moby/moby/issues/36552
+#
+tempdir=$(mktemp -d -t yolo.XXXXXXXX)
+cd $tempdir
+
+for arch in ${verified_build_architectures[@]}; do
+  echo "yolo fixing platform $arch"
+  echo "⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯"
+
+  manifest_arch=${docker_to_manifest_map[${arch}]}
+  docker save "${IMAGE_NAME}-${arch}"| tar xv
+
+  for filename in */json; do
+    [ -e "$filename" ] || continue
+    jq --compact-output 'del(.architecture)' < "$filename" | sponge "$filename"
+  done
+
+  for filename in *.json; do
+    [ -e "$filename" ] || continue
+    ! [ $filename = "manifest.json" ] || continue
+
+    jq --arg architecture "$manifest_arch" \
+       --compact-output '.architecture=$architecture' < "$filename" | sponge "$filename"
+  done
+
+  tar cv . | docker load
+  rm -rf $tempdir/*
+done
+
+trap "exit 1"          HUP INT PIPE QUIT TERM
+trap "rm -rf $tempdir" EXIT

hooks/get_qemu.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+set -ex
+
+# NOTE: this url will change regularly because it's unstable
+PACKAGE=http://ftp.de.debian.org/debian/pool/main/q/qemu/qemu-user-static_4.2-2_amd64.deb
+
+mkdir tmp/
+cd tmp/
+
+curl $PACKAGE -o $(basename ${PACKAGE})
+dpkg-deb -X $(basename ${PACKAGE}) .
+cp usr/bin/qemu-aarch64-static ..
+cp usr/bin/qemu-arm-static ..
+cd ..
+rm -rf tmp

hooks/post_checkout

@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+set -eu
+
+echo "post_checkout"
+source hooks/.config
+
+echo "Install qemu + binfmt support"
+echo "⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯"
+# it's an Ubuntu VM and you can install stuff.
+apt-get update
+apt-get install -y curl qemu-user-static binfmt-support jq moreutils
+
+# Sadly docker itself uses Docker EE 17.06 on Dockerhub which does not support
+# manifests.
+echo "Install a fresh docker cli binary"
+echo "⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯"
+
+curl https://download.docker.com/linux/static/stable/x86_64/docker-19.03.9.tgz | \
+  tar xvz docker/docker
+
+echo "Build a usable config.json file"
+echo "⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯"
+# Manifests are still experimental and enabled by a config file flag.
+# Interestingly, there is no config file and the credential parts to push
+# images is available in an environment variable. Let's create a config file to
+# combine the two things:
+#
+mkdir -p ~/.docker
+jq --null-input --argjson auths "$DOCKERCFG" '. + {auths: $auths}' | \
+jq --arg experimental enabled '. + {experimental: $experimental}' | \
+sponge ~/.docker/config.json
+
+echo "copy qemu binaries into docker build context"
+echo "⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯"
+# The current setup copies the qemu binary into the image (see Dockerfile)
+# Pro:
+#      - it's easy to run non-amd64 images on amd64 systems for debugging
+# Contra:
+#      - it's dead weight in the "destination" architecture and consumes space
+# Alternative:
+#      - use a multistage Dockerfile (no RUN in the last stage possible of course)
+#      - wait for https://github.com/moby/moby/issues/14080
+#
+for arch in ${build_architectures[@]}; do
+  cp /usr/bin/qemu-${docker_qemu_arch_map[${arch}]}-static qemu-${arch}-static
+done
+
+ls -la

hooks/pre_build

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -eu
+
+echo "pre_build"
+source hooks/.config
+
+echo "Register qemu-*-static for all supported processors except current"
+echo "⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯"
+
+docker run --rm --privileged multiarch/qemu-user-static:register --reset

hooks/push

@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+set -eu
+
+echo "push"
+source hooks/.config
+
+# 1. push all images
+IMAGE_NAME="${IMAGE_NAME//index.docker.io\/}"
+
+for arch in ${verified_build_architectures[@]}; do
+  echo "Pushing ${IMAGE_NAME}-${arch}"
+  echo "⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯"
+  echo
+  docker push ${IMAGE_NAME}-${arch}
+done
+
+docker image ls
+
+# 2. build and push manifest
+#DOCKER_REPO="index.docker.io/${DOCKER_REPO}"
+manifests=""
+
+for arch in ${verified_build_architectures[@]}; do
+  manifests="${manifests} ${IMAGE_NAME}-${arch}"
+done
+
+echo "Creating manifest ${IMAGE_NAME}"
+echo "⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯"
+docker manifest create ${IMAGE_NAME} \
+                            $manifests
+echo
+
+echo "Annotating manifest"
+echo "⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯"
+for arch in ${verified_build_architectures[@]}; do
+    docker manifest annotate ${IMAGE_NAME} \
+    ${IMAGE_NAME}-${arch} \
+    --os linux \
+    --arch ${docker_to_manifest_map[${arch}]}
+done
+
+echo "Inspecting manifest ${IMAGE_NAME}-${arch}"
+echo "⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯"
+docker manifest inspect ${IMAGE_NAME}-${arch}
+echo
+
+echo "Pushing manifest ${IMAGE_NAME}"
+echo "⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯"
+docker manifest push --purge "${IMAGE_NAME}"
+echo
+
+echo
+echo "Done"

server/handlers.go

@@ -158,9 +158,9 @@ func (s *Server) previewHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	relativeURL, _ := url.Parse(path.Join(s.proxyPath, token, filename))
-	resolvedURL := resolveURL(r, relativeURL)
+	resolvedURL := resolveURL(r, relativeURL, s.proxyPort)
 	relativeURLGet, _ := url.Parse(path.Join(s.proxyPath, getPathPart, token, filename))
-	resolvedURLGet := resolveURL(r, relativeURLGet)
+	resolvedURLGet := resolveURL(r, relativeURLGet, s.proxyPort)
 	var png []byte
 	png, err = qrcode.Encode(resolvedURL, qrcode.High, 150)
 	if err != nil {
@@ -170,8 +170,8 @@ func (s *Server) previewHandler(w http.ResponseWriter, r *http.Request) {
 
 	qrCode := base64.StdEncoding.EncodeToString(png)
 
-	hostname := getURL(r).Host
-	webAddress := resolveWebAddress(r, s.proxyPath)
+	hostname := getURL(r, s.proxyPort).Host
+	webAddress := resolveWebAddress(r, s.proxyPath, s.proxyPort)
 
 	data := struct {
 		ContentType   string
@@ -212,8 +212,8 @@ func (s *Server) previewHandler(w http.ResponseWriter, r *http.Request) {
 func (s *Server) viewHandler(w http.ResponseWriter, r *http.Request) {
 	// vars := mux.Vars(r)
 
-	hostname := getURL(r).Host
-	webAddress := resolveWebAddress(r, s.proxyPath)
+	hostname := getURL(r, s.proxyPort).Host
+	webAddress := resolveWebAddress(r, s.proxyPath, s.proxyPort)
 
 	data := struct {
 		Hostname     string
@@ -339,7 +339,7 @@ func (s *Server) postHandler(w http.ResponseWriter, r *http.Request) {
 
 			filename = url.PathEscape(filename)
 			relativeURL, _ := url.Parse(path.Join(s.proxyPath, token, filename))
-			fmt.Fprintln(w, getURL(r).ResolveReference(relativeURL).String())
+			fmt.Fprintln(w, getURL(r, s.proxyPort).ResolveReference(relativeURL).String())
 
 			cleanTmpFile(file)
 		}
@@ -500,15 +500,15 @@ func (s *Server) putHandler(w http.ResponseWriter, r *http.Request) {
 	relativeURL, _ := url.Parse(path.Join(s.proxyPath, token, filename))
 	deleteURL, _ := url.Parse(path.Join(s.proxyPath, token, filename, metadata.DeletionToken))
 
-	w.Header().Set("X-Url-Delete", resolveURL(r, deleteURL))
+	w.Header().Set("X-Url-Delete", resolveURL(r, deleteURL, s.proxyPort))
 
-	fmt.Fprint(w, resolveURL(r, relativeURL))
+	fmt.Fprint(w, resolveURL(r, relativeURL, s.proxyPort))
 }
 
-func resolveURL(r *http.Request, u *url.URL) string {
+func resolveURL(r *http.Request, u *url.URL, proxyPort string) string {
 	r.URL.Path = ""
 
-	return getURL(r).ResolveReference(u).String()
+	return getURL(r, proxyPort).ResolveReference(u).String()
 }
 
 func resolveKey(key, proxyPath string) string {
@@ -525,8 +525,8 @@ func resolveKey(key, proxyPath string) string {
 	return key
 }
 
-func resolveWebAddress(r *http.Request, proxyPath string) string {
-	url := getURL(r)
+func resolveWebAddress(r *http.Request, proxyPath string, proxyPort string) string {
+	url := getURL(r, proxyPort)
 
 	var webAddress string
 
@@ -544,7 +544,7 @@ func resolveWebAddress(r *http.Request, proxyPath string) string {
 	return webAddress
 }
 
-func getURL(r *http.Request) *url.URL {
+func getURL(r *http.Request, proxyPort string) *url.URL {
 	u, _ := url.Parse(r.URL.String())
 
 	if r.TLS != nil {
@@ -555,16 +555,25 @@ func getURL(r *http.Request) *url.URL {
 		u.Scheme = "http"
 	}
 
-	if u.Host != "" {
-	} else if host, port, err := net.SplitHostPort(r.Host); err != nil {
-		u.Host = r.Host
-	} else {
-		if port == "80" && u.Scheme == "http" {
-			u.Host = host
-		} else if port == "443" && u.Scheme == "https" {
+	if u.Host == "" {
+		host, port, err := net.SplitHostPort(r.Host)
+		if err != nil {
+			host = r.Host
+			port = ""
+		}
+		if len(proxyPort) != 0 {
+			port = proxyPort
+		}
+		if len(port) == 0 {
 			u.Host = host
 		} else {
-			u.Host = net.JoinHostPort(host, port)
+			if port == "80" && u.Scheme == "http" {
+				u.Host = host
+			} else if port == "443" && u.Scheme == "https" {
+				u.Host = host
+			} else {
+				u.Host = net.JoinHostPort(host, port)
+			}
 		}
 	}
 
@@ -1009,7 +1018,7 @@ func (s *Server) RedirectHandler(h http.Handler) http.HandlerFunc {
 		} else if r.Header.Get("X-Forwarded-Proto") == "https" {
 		} else if r.URL.Scheme == "https" {
 		} else {
-			u := getURL(r)
+			u := getURL(r, s.proxyPort)
 			u.Scheme = "https"
 
 			http.Redirect(w, r, u.String(), http.StatusPermanentRedirect)

server/server.go

@@ -28,6 +28,8 @@ import (
 	"errors"
 	gorillaHandlers "github.com/gorilla/handlers"
 	"log"
+	crypto_rand "crypto/rand"
+	"encoding/binary"
 	"math/rand"
 	"mime"
 	"net/http"
@@ -139,6 +141,12 @@ func ProxyPath(s string) OptionFn {
 	}
 }
 
+func ProxyPort(s string) OptionFn {
+	return func(srvr *Server) {
+		srvr.proxyPort = s
+	}
+}
+
 func TempPath(s string) OptionFn {
 	return func(srvr *Server) {
 		if s[len(s)-1:] != "/" {
@@ -278,6 +286,7 @@ type Server struct {
 
 	webPath      string
 	proxyPath    string
+	proxyPort    string
 	gaKey        string
 	userVoiceKey string
 
@@ -306,7 +315,11 @@ func New(options ...OptionFn) (*Server, error) {
 }
 
 func init() {
-	rand.Seed(time.Now().UTC().UnixNano())
+	var seedBytes [8]byte
+	if _, err := crypto_rand.Read(seedBytes[:]); err != nil {
+		panic("cannot obtain cryptographically secure seed")
+	}
+	rand.Seed(int64(binary.LittleEndian.Uint64(seedBytes[:])))
 }
 
 func (s *Server) Run() {