forked from TrueCloudLab/frostfs-s3-gw
Add posibility to serve HTTPS/TLS connection
This commit is contained in:
Evgeniy Kulikov
parent
b9c4156e5b
commit
c38c4ca5db
4 changed files with 82 additions and 7 deletions
22
cert/server.crt
Normal file
22
cert/server.crt
Normal file
|
|
@ -0,0 +1,22 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDpDCCAowCCQDXZEH0aQRqFzANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMC
|
||||||
|
UlUxFjAUBgNVBAgMDVN0LlBldGVyc2J1cmcxGTAXBgNVBAcMEFNhaW50IFBldGVy
|
||||||
|
c2J1cmcxDjAMBgNVBAoMBU5TUENDMREwDwYDVQQLDAhOZW8gU1BDQzERMA8GA1UE
|
||||||
|
AwwIbnNwY2MucnUxGzAZBgkqhkiG9w0BCQEWDG9wc0Buc3BjYy5ydTAeFw0yMDA3
|
||||||
|
MTMxNTQyMzZaFw0zMDA3MTExNTQyMzZaMIGTMQswCQYDVQQGEwJSVTEWMBQGA1UE
|
||||||
|
CAwNU3QuUGV0ZXJzYnVyZzEZMBcGA1UEBwwQU2FpbnQgUGV0ZXJzYnVyZzEOMAwG
|
||||||
|
A1UECgwFTlNQQ0MxETAPBgNVBAsMCE5lbyBTUENDMREwDwYDVQQDDAhuc3BjYy5y
|
||||||
|
dTEbMBkGCSqGSIb3DQEJARYMb3BzQG5zcGNjLnJ1MIIBIjANBgkqhkiG9w0BAQEF
|
||||||
|
AAOCAQ8AMIIBCgKCAQEAwqo2l4fS0U6wZCLh7VjQn1LXN8pZlVaA62C+g1SwoWV2
|
||||||
|
Q5qM8FDihWj3UBO3F+6vUVJl8N5S0JroxxU6L48Wmshei145SLSl/F28tsk7Bbuz
|
||||||
|
NOchonlelW77Xr6l7cDJBWUWGkDoq6a/S6w6jjCGhZq+X0gyS5nZ4HTouVNv2oFK
|
||||||
|
eeJGtueLsS4zoVovrHdLSYdZH9/yC+E1WVCzQB+vdUF/vJLTuULgqncLV0sELmRl
|
||||||
|
+xsnnAV/REJswtCmKgrmAv9pMebBw5EEgROTGazdToWdD5X44xTlHjUb1bMuF9tL
|
||||||
|
YtUMdLxXceXZFhYhiTBO7ev9awKaNYslbxh+goJo1wIDAQABMA0GCSqGSIb3DQEB
|
||||||
|
CwUAA4IBAQBDEGhAyOtfsNwbZ0oZIw06e0JXCmri+8jsn5Ly/yHU0+ecHgMA5AAQ
|
||||||
|
AG2QRpZZtZCtD/Cj4i6nSTWbRhS0FgqY998p5Lnh/AXTZHBx0t3LKJupN59CIjCK
|
||||||
|
1eMEfQChoAZg66oO/obAFkq72gj8gpagMY9vFNVcszmse3FWrvlKmO1TwTEh+CzM
|
||||||
|
7wbmiL/ujm0lIf44pp0U4qYFcSimSDqbwOfeDPif9lMinzylDxMfaAKBHBHPj5Vt
|
||||||
|
fX8dgf6MIqyz51u/2G0gHfXMDxXec8huYKt2EtPyavh6kFxxGvcA15m6seJTcu+h
|
||||||
|
6WzeQFa2NBg7Z3ai4DiPXirNtcHWeqxK
|
||||||
|
-----END CERTIFICATE-----
|
||||||
27
cert/server.key
Normal file
27
cert/server.key
Normal file
|
|
@ -0,0 +1,27 @@
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIEowIBAAKCAQEAwqo2l4fS0U6wZCLh7VjQn1LXN8pZlVaA62C+g1SwoWV2Q5qM
|
||||||
|
8FDihWj3UBO3F+6vUVJl8N5S0JroxxU6L48Wmshei145SLSl/F28tsk7BbuzNOch
|
||||||
|
onlelW77Xr6l7cDJBWUWGkDoq6a/S6w6jjCGhZq+X0gyS5nZ4HTouVNv2oFKeeJG
|
||||||
|
tueLsS4zoVovrHdLSYdZH9/yC+E1WVCzQB+vdUF/vJLTuULgqncLV0sELmRl+xsn
|
||||||
|
nAV/REJswtCmKgrmAv9pMebBw5EEgROTGazdToWdD5X44xTlHjUb1bMuF9tLYtUM
|
||||||
|
dLxXceXZFhYhiTBO7ev9awKaNYslbxh+goJo1wIDAQABAoIBAEIp3mJEjPgNOdDf
|
||||||
|
NlEYpdfxLStOQIKMo0bdXAOBToOc28SAjDTGGSflFGIIQWwF+Vq3meRzfExgyouY
|
||||||
|
AG3XwYQcZF4USX4XwG71YUXzQXdiY7ewc3Mos2gxD4kVXYpgwzJtOET2GN72zwAm
|
||||||
|
asSXY7GXdesmu8mMYkxzEAKlhFgMj+bGE/4QQUBKG9ylGIdo07zmU6rAsVhnwQTb
|
||||||
|
LE3cf+AxCeTVA7OsJCUUR4S9qsgXUN1WeaV8LNg0lYx8UTu1xlbrpSjx7B4eYy6J
|
||||||
|
FGJWuT9b3X+cBLcGk3BzheUAfqBG2UFDxUCt0grqmmTBkB850MtCDhffhPjxxrD7
|
||||||
|
KrwAcpECgYEA6HApn2VtWI/tDYCbNix6yxeqq73fO3ng6yFry1u7EYvl8hJXBgR4
|
||||||
|
b6kAVc3y/9pZO/5D23dHl1PQtnU5401/j6dQrb8A2TMqZ1vA8XIdIMjOiVjZtYMF
|
||||||
|
nXzmf78PEbw9jWlDVARJdAwkJeuDI4/HVvgiDAh3zxx5F8uDVP16/r8CgYEA1mXS
|
||||||
|
9owfLIPtPSxyMJoGU0jP7OP+HVwlKkXpvg7uBtINKSDW4UU4rnpIGW5MohR3ACWO
|
||||||
|
ReFliOnGA5FXBp9GzkbJ+wIYovPIsGuBdxSsBlPY1S0yPlo30hr7E6cK3B3EuxDg
|
||||||
|
SkbJcWp2EwXYEIyEcopbVUTTlBO3wmBFgm/Ps+kCgYA/+Kar9OlMR4hRgAS3uzQs
|
||||||
|
cx4I2F/46YlKjU8yj9ODd8JYhk2nHVHcQWITO3RWkEyg41DftQtiDbJSlR7SfUDP
|
||||||
|
U5gzyW69WISiH7GRgfucS0f0qxx4BVBlULvLitTl5631HnRmSivBIZpNSW01O1v8
|
||||||
|
hpwwPaBjww1czCkgGgdg1wKBgQCkaSdTW/bX+z9lpvzWWnc5TN/uSJRpTW1Osphh
|
||||||
|
4C8WWeQvwvglfiDOZAWAQv5PWKQ9H4+v9P4Y9TSdLcpv0JrKuqxPabcc1xfyei6o
|
||||||
|
89hLbecc6vDZsfOWkowx8Oo6DDX+Qh3Nt+TorXxocBXV8vvqnkEV7ZbWuhwz2gHT
|
||||||
|
2gyMaQKBgEE7rNzm8Q03IqQ08eYaRw8gWz8EpLeVebrGqtoH9AR5cd4OeTeZAEqc
|
||||||
|
iPehXctke2pUgS47XgG98G7Yg3E9UuOYM+H2nzQCoT7jrM0dZrVGZ0ty7z1a8QGe
|
||||||
|
UrjaAC/cyIGdszhf0Rf3qA7450nit9Txh+ilLiumgnUezl+eJXyI
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
|
|
@ -55,6 +55,10 @@ const ( // settings
|
||||||
cfgKeepaliveTimeout = "keepalive.timeout"
|
cfgKeepaliveTimeout = "keepalive.timeout"
|
||||||
cfgKeepalivePermitWithoutStream = "keepalive.permit_without_stream"
|
cfgKeepalivePermitWithoutStream = "keepalive.permit_without_stream"
|
||||||
|
|
||||||
|
// HTTPS/TLS:
|
||||||
|
cfgTLSKeyFile = "tls.key_file"
|
||||||
|
cfgTLSCertFile = "tls.cert_file"
|
||||||
|
|
||||||
// Timeouts
|
// Timeouts
|
||||||
cfgConnectionTTL = "con_ttl"
|
cfgConnectionTTL = "con_ttl"
|
||||||
cfgConnectTimeout = "connect_timeout"
|
cfgConnectTimeout = "connect_timeout"
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,7 @@ type (
|
||||||
cli pool.Pool
|
cli pool.Pool
|
||||||
log *zap.Logger
|
log *zap.Logger
|
||||||
cfg *viper.Viper
|
cfg *viper.Viper
|
||||||
|
tls *tlsConfig
|
||||||
obj minio.ObjectLayer
|
obj minio.ObjectLayer
|
||||||
|
|
||||||
conTimeout time.Duration
|
conTimeout time.Duration
|
||||||
|
|
@ -34,6 +35,11 @@ type (
|
||||||
webDone chan struct{}
|
webDone chan struct{}
|
||||||
wrkDone chan struct{}
|
wrkDone chan struct{}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
tlsConfig struct {
|
||||||
|
KeyFile string
|
||||||
|
CertFile string
|
||||||
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
func newApp(l *zap.Logger, v *viper.Viper) *App {
|
func newApp(l *zap.Logger, v *viper.Viper) *App {
|
||||||
|
|
@ -41,6 +47,7 @@ func newApp(l *zap.Logger, v *viper.Viper) *App {
|
||||||
err error
|
err error
|
||||||
wif string
|
wif string
|
||||||
cli pool.Pool
|
cli pool.Pool
|
||||||
|
tls *tlsConfig
|
||||||
uid refs.OwnerID
|
uid refs.OwnerID
|
||||||
obj minio.ObjectLayer
|
obj minio.ObjectLayer
|
||||||
|
|
||||||
|
|
@ -52,6 +59,13 @@ func newApp(l *zap.Logger, v *viper.Viper) *App {
|
||||||
reqTimeout = defaultRequestTimeout
|
reqTimeout = defaultRequestTimeout
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if v.IsSet(cfgTLSKeyFile) && v.IsSet(cfgTLSCertFile) {
|
||||||
|
tls = &tlsConfig{
|
||||||
|
KeyFile: v.GetString(cfgTLSKeyFile),
|
||||||
|
CertFile: v.GetString(cfgTLSCertFile),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if v := v.GetDuration(cfgConnectTimeout); v > 0 {
|
if v := v.GetDuration(cfgConnectTimeout); v > 0 {
|
||||||
conTimeout = v
|
conTimeout = v
|
||||||
}
|
}
|
||||||
|
|
@ -133,6 +147,7 @@ func newApp(l *zap.Logger, v *viper.Viper) *App {
|
||||||
log: l,
|
log: l,
|
||||||
cfg: v,
|
cfg: v,
|
||||||
obj: obj,
|
obj: obj,
|
||||||
|
tls: tls,
|
||||||
|
|
||||||
webDone: make(chan struct{}, 1),
|
webDone: make(chan struct{}, 1),
|
||||||
wrkDone: make(chan struct{}, 1),
|
wrkDone: make(chan struct{}, 1),
|
||||||
|
|
@ -188,14 +203,21 @@ func (a *App) Server(ctx context.Context) {
|
||||||
a.log.Info("starting server",
|
a.log.Info("starting server",
|
||||||
zap.String("bind", addr))
|
zap.String("bind", addr))
|
||||||
|
|
||||||
// var (
|
switch a.tls {
|
||||||
// keyPath string
|
case nil:
|
||||||
// certPath string
|
if err = srv.Serve(lis); err != nil && err != http.ErrServerClosed {
|
||||||
// )
|
a.log.Fatal("listen and serve",
|
||||||
|
zap.Error(err))
|
||||||
|
}
|
||||||
|
default:
|
||||||
|
a.log.Info("using certificate",
|
||||||
|
zap.String("key", a.tls.KeyFile),
|
||||||
|
zap.String("cert", a.tls.CertFile))
|
||||||
|
|
||||||
if err = srv.Serve(lis); err != nil && err != http.ErrServerClosed {
|
if err = srv.ServeTLS(lis, a.tls.CertFile, a.tls.KeyFile); err != nil && err != http.ErrServerClosed {
|
||||||
a.log.Fatal("listen and serve",
|
a.log.Fatal("listen and serve",
|
||||||
zap.Error(err))
|
zap.Error(err))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue