forked from TrueCloudLab/frostfs-s3-gw
Add posibility to serve HTTPS/TLS connection
This commit is contained in:
parent
b9c4156e5b
commit
c38c4ca5db
4 changed files with 82 additions and 7 deletions
22
cert/server.crt
Normal file
22
cert/server.crt
Normal file
|
@ -0,0 +1,22 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDpDCCAowCCQDXZEH0aQRqFzANBgkqhkiG9w0BAQsFADCBkzELMAkGA1UEBhMC
|
||||
UlUxFjAUBgNVBAgMDVN0LlBldGVyc2J1cmcxGTAXBgNVBAcMEFNhaW50IFBldGVy
|
||||
c2J1cmcxDjAMBgNVBAoMBU5TUENDMREwDwYDVQQLDAhOZW8gU1BDQzERMA8GA1UE
|
||||
AwwIbnNwY2MucnUxGzAZBgkqhkiG9w0BCQEWDG9wc0Buc3BjYy5ydTAeFw0yMDA3
|
||||
MTMxNTQyMzZaFw0zMDA3MTExNTQyMzZaMIGTMQswCQYDVQQGEwJSVTEWMBQGA1UE
|
||||
CAwNU3QuUGV0ZXJzYnVyZzEZMBcGA1UEBwwQU2FpbnQgUGV0ZXJzYnVyZzEOMAwG
|
||||
A1UECgwFTlNQQ0MxETAPBgNVBAsMCE5lbyBTUENDMREwDwYDVQQDDAhuc3BjYy5y
|
||||
dTEbMBkGCSqGSIb3DQEJARYMb3BzQG5zcGNjLnJ1MIIBIjANBgkqhkiG9w0BAQEF
|
||||
AAOCAQ8AMIIBCgKCAQEAwqo2l4fS0U6wZCLh7VjQn1LXN8pZlVaA62C+g1SwoWV2
|
||||
Q5qM8FDihWj3UBO3F+6vUVJl8N5S0JroxxU6L48Wmshei145SLSl/F28tsk7Bbuz
|
||||
NOchonlelW77Xr6l7cDJBWUWGkDoq6a/S6w6jjCGhZq+X0gyS5nZ4HTouVNv2oFK
|
||||
eeJGtueLsS4zoVovrHdLSYdZH9/yC+E1WVCzQB+vdUF/vJLTuULgqncLV0sELmRl
|
||||
+xsnnAV/REJswtCmKgrmAv9pMebBw5EEgROTGazdToWdD5X44xTlHjUb1bMuF9tL
|
||||
YtUMdLxXceXZFhYhiTBO7ev9awKaNYslbxh+goJo1wIDAQABMA0GCSqGSIb3DQEB
|
||||
CwUAA4IBAQBDEGhAyOtfsNwbZ0oZIw06e0JXCmri+8jsn5Ly/yHU0+ecHgMA5AAQ
|
||||
AG2QRpZZtZCtD/Cj4i6nSTWbRhS0FgqY998p5Lnh/AXTZHBx0t3LKJupN59CIjCK
|
||||
1eMEfQChoAZg66oO/obAFkq72gj8gpagMY9vFNVcszmse3FWrvlKmO1TwTEh+CzM
|
||||
7wbmiL/ujm0lIf44pp0U4qYFcSimSDqbwOfeDPif9lMinzylDxMfaAKBHBHPj5Vt
|
||||
fX8dgf6MIqyz51u/2G0gHfXMDxXec8huYKt2EtPyavh6kFxxGvcA15m6seJTcu+h
|
||||
6WzeQFa2NBg7Z3ai4DiPXirNtcHWeqxK
|
||||
-----END CERTIFICATE-----
|
27
cert/server.key
Normal file
27
cert/server.key
Normal file
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAwqo2l4fS0U6wZCLh7VjQn1LXN8pZlVaA62C+g1SwoWV2Q5qM
|
||||
8FDihWj3UBO3F+6vUVJl8N5S0JroxxU6L48Wmshei145SLSl/F28tsk7BbuzNOch
|
||||
onlelW77Xr6l7cDJBWUWGkDoq6a/S6w6jjCGhZq+X0gyS5nZ4HTouVNv2oFKeeJG
|
||||
tueLsS4zoVovrHdLSYdZH9/yC+E1WVCzQB+vdUF/vJLTuULgqncLV0sELmRl+xsn
|
||||
nAV/REJswtCmKgrmAv9pMebBw5EEgROTGazdToWdD5X44xTlHjUb1bMuF9tLYtUM
|
||||
dLxXceXZFhYhiTBO7ev9awKaNYslbxh+goJo1wIDAQABAoIBAEIp3mJEjPgNOdDf
|
||||
NlEYpdfxLStOQIKMo0bdXAOBToOc28SAjDTGGSflFGIIQWwF+Vq3meRzfExgyouY
|
||||
AG3XwYQcZF4USX4XwG71YUXzQXdiY7ewc3Mos2gxD4kVXYpgwzJtOET2GN72zwAm
|
||||
asSXY7GXdesmu8mMYkxzEAKlhFgMj+bGE/4QQUBKG9ylGIdo07zmU6rAsVhnwQTb
|
||||
LE3cf+AxCeTVA7OsJCUUR4S9qsgXUN1WeaV8LNg0lYx8UTu1xlbrpSjx7B4eYy6J
|
||||
FGJWuT9b3X+cBLcGk3BzheUAfqBG2UFDxUCt0grqmmTBkB850MtCDhffhPjxxrD7
|
||||
KrwAcpECgYEA6HApn2VtWI/tDYCbNix6yxeqq73fO3ng6yFry1u7EYvl8hJXBgR4
|
||||
b6kAVc3y/9pZO/5D23dHl1PQtnU5401/j6dQrb8A2TMqZ1vA8XIdIMjOiVjZtYMF
|
||||
nXzmf78PEbw9jWlDVARJdAwkJeuDI4/HVvgiDAh3zxx5F8uDVP16/r8CgYEA1mXS
|
||||
9owfLIPtPSxyMJoGU0jP7OP+HVwlKkXpvg7uBtINKSDW4UU4rnpIGW5MohR3ACWO
|
||||
ReFliOnGA5FXBp9GzkbJ+wIYovPIsGuBdxSsBlPY1S0yPlo30hr7E6cK3B3EuxDg
|
||||
SkbJcWp2EwXYEIyEcopbVUTTlBO3wmBFgm/Ps+kCgYA/+Kar9OlMR4hRgAS3uzQs
|
||||
cx4I2F/46YlKjU8yj9ODd8JYhk2nHVHcQWITO3RWkEyg41DftQtiDbJSlR7SfUDP
|
||||
U5gzyW69WISiH7GRgfucS0f0qxx4BVBlULvLitTl5631HnRmSivBIZpNSW01O1v8
|
||||
hpwwPaBjww1czCkgGgdg1wKBgQCkaSdTW/bX+z9lpvzWWnc5TN/uSJRpTW1Osphh
|
||||
4C8WWeQvwvglfiDOZAWAQv5PWKQ9H4+v9P4Y9TSdLcpv0JrKuqxPabcc1xfyei6o
|
||||
89hLbecc6vDZsfOWkowx8Oo6DDX+Qh3Nt+TorXxocBXV8vvqnkEV7ZbWuhwz2gHT
|
||||
2gyMaQKBgEE7rNzm8Q03IqQ08eYaRw8gWz8EpLeVebrGqtoH9AR5cd4OeTeZAEqc
|
||||
iPehXctke2pUgS47XgG98G7Yg3E9UuOYM+H2nzQCoT7jrM0dZrVGZ0ty7z1a8QGe
|
||||
UrjaAC/cyIGdszhf0Rf3qA7450nit9Txh+ilLiumgnUezl+eJXyI
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -55,6 +55,10 @@ const ( // settings
|
|||
cfgKeepaliveTimeout = "keepalive.timeout"
|
||||
cfgKeepalivePermitWithoutStream = "keepalive.permit_without_stream"
|
||||
|
||||
// HTTPS/TLS:
|
||||
cfgTLSKeyFile = "tls.key_file"
|
||||
cfgTLSCertFile = "tls.cert_file"
|
||||
|
||||
// Timeouts
|
||||
cfgConnectionTTL = "con_ttl"
|
||||
cfgConnectTimeout = "connect_timeout"
|
||||
|
|
|
@ -24,6 +24,7 @@ type (
|
|||
cli pool.Pool
|
||||
log *zap.Logger
|
||||
cfg *viper.Viper
|
||||
tls *tlsConfig
|
||||
obj minio.ObjectLayer
|
||||
|
||||
conTimeout time.Duration
|
||||
|
@ -34,6 +35,11 @@ type (
|
|||
webDone chan struct{}
|
||||
wrkDone chan struct{}
|
||||
}
|
||||
|
||||
tlsConfig struct {
|
||||
KeyFile string
|
||||
CertFile string
|
||||
}
|
||||
)
|
||||
|
||||
func newApp(l *zap.Logger, v *viper.Viper) *App {
|
||||
|
@ -41,6 +47,7 @@ func newApp(l *zap.Logger, v *viper.Viper) *App {
|
|||
err error
|
||||
wif string
|
||||
cli pool.Pool
|
||||
tls *tlsConfig
|
||||
uid refs.OwnerID
|
||||
obj minio.ObjectLayer
|
||||
|
||||
|
@ -52,6 +59,13 @@ func newApp(l *zap.Logger, v *viper.Viper) *App {
|
|||
reqTimeout = defaultRequestTimeout
|
||||
)
|
||||
|
||||
if v.IsSet(cfgTLSKeyFile) && v.IsSet(cfgTLSCertFile) {
|
||||
tls = &tlsConfig{
|
||||
KeyFile: v.GetString(cfgTLSKeyFile),
|
||||
CertFile: v.GetString(cfgTLSCertFile),
|
||||
}
|
||||
}
|
||||
|
||||
if v := v.GetDuration(cfgConnectTimeout); v > 0 {
|
||||
conTimeout = v
|
||||
}
|
||||
|
@ -133,6 +147,7 @@ func newApp(l *zap.Logger, v *viper.Viper) *App {
|
|||
log: l,
|
||||
cfg: v,
|
||||
obj: obj,
|
||||
tls: tls,
|
||||
|
||||
webDone: make(chan struct{}, 1),
|
||||
wrkDone: make(chan struct{}, 1),
|
||||
|
@ -188,14 +203,21 @@ func (a *App) Server(ctx context.Context) {
|
|||
a.log.Info("starting server",
|
||||
zap.String("bind", addr))
|
||||
|
||||
// var (
|
||||
// keyPath string
|
||||
// certPath string
|
||||
// )
|
||||
switch a.tls {
|
||||
case nil:
|
||||
if err = srv.Serve(lis); err != nil && err != http.ErrServerClosed {
|
||||
a.log.Fatal("listen and serve",
|
||||
zap.Error(err))
|
||||
}
|
||||
default:
|
||||
a.log.Info("using certificate",
|
||||
zap.String("key", a.tls.KeyFile),
|
||||
zap.String("cert", a.tls.CertFile))
|
||||
|
||||
if err = srv.Serve(lis); err != nil && err != http.ErrServerClosed {
|
||||
a.log.Fatal("listen and serve",
|
||||
zap.Error(err))
|
||||
if err = srv.ServeTLS(lis, a.tls.CertFile, a.tls.KeyFile); err != nil && err != http.ErrServerClosed {
|
||||
a.log.Fatal("listen and serve",
|
||||
zap.Error(err))
|
||||
}
|
||||
}
|
||||
}()
|
||||
|
||||
|
|
Loading…
Reference in a new issue