forked from TrueCloudLab/frostfs-http-gw
app: add support for TLS key/cert options
Run in TLS mode if anything is specified.
This commit is contained in:
parent
a6f63c2bac
commit
491ae13190
3 changed files with 20 additions and 3 deletions
|
@ -38,6 +38,8 @@ version Show current version
|
|||
--request_timeout duration gRPC request timeout (default 5s)
|
||||
--connect_timeout duration gRPC connect timeout (default 30s)
|
||||
--listen_address string HTTP gate's listen address (default "0.0.0.0:8082")
|
||||
--tls_certificate string TLS certificate path
|
||||
--tls_key string TLS key path
|
||||
-p, --peers stringArray NeoFS nodes
|
||||
|
||||
# Environments:
|
||||
|
@ -47,6 +49,8 @@ HTTP_GW_CONNECT_TIMEOUT=duration - Timeout for connection
|
|||
HTTP_GW_REQUEST_TIMEOUT=duration - Timeout for request
|
||||
HTTP_GW_REBALANCE_TIMER=duration - Time between connections checks
|
||||
HTTP_GW_LISTEN_ADDRESS=host:port - Address to listen connections
|
||||
HTTP_GW_TLS_CERTIFICATE=path - File with TLS certificate
|
||||
HTTP_GW_TLS_KEY=path - File with TLS private key
|
||||
HTTP_GW_PEERS_<X>_ADDRESS=host:port - Address of NeoFS Node
|
||||
HTTP_GW_PEERS_<X>_WEIGHT=float - Weight of NeoFS Node (1 if not specified)
|
||||
HTTP_GW_PPROF=bool - Enable/disable pprof (/debug/pprof)
|
||||
|
|
13
app.go
13
app.go
|
@ -178,9 +178,18 @@ func (a *app) Serve(ctx context.Context) {
|
|||
attachProfiler(r)
|
||||
}
|
||||
bind := a.cfg.GetString(cfgListenAddress)
|
||||
a.log.Info("running web server", zap.String("address", bind))
|
||||
tlsCertPath := a.cfg.GetString(cfgTLSCertificate)
|
||||
tlsKeyPath := a.cfg.GetString(cfgTLSKey)
|
||||
|
||||
a.webServer.Handler = r.Handler
|
||||
if err := a.webServer.ListenAndServe(bind); err != nil {
|
||||
if tlsCertPath == "" && tlsKeyPath == "" {
|
||||
a.log.Info("running web server", zap.String("address", bind))
|
||||
err = a.webServer.ListenAndServe(bind)
|
||||
} else {
|
||||
a.log.Info("running web server (TLS-enabled)", zap.String("address", bind))
|
||||
err = a.webServer.ListenAndServeTLS(bind, tlsCertPath, tlsKeyPath)
|
||||
}
|
||||
if err != nil {
|
||||
a.log.Fatal("could not start server", zap.Error(err))
|
||||
}
|
||||
}
|
||||
|
|
|
@ -26,7 +26,9 @@ const (
|
|||
defaultKeepaliveTime = 10 * time.Second
|
||||
defaultKeepaliveTimeout = 10 * time.Second
|
||||
|
||||
cfgListenAddress = "listen_address"
|
||||
cfgListenAddress = "listen_address"
|
||||
cfgTLSCertificate = "tls_certificate"
|
||||
cfgTLSKey = "tls_key"
|
||||
|
||||
// KeepAlive
|
||||
cfgKeepaliveTime = "keepalive.time"
|
||||
|
@ -112,6 +114,8 @@ func settings() *viper.Viper {
|
|||
flags.Duration(cfgRebalance, defaultRebalanceTimer, "gRPC connection rebalance timer")
|
||||
|
||||
flags.String(cfgListenAddress, "0.0.0.0:8082", "address to listen")
|
||||
flags.String(cfgTLSCertificate, "", "TLS certificate path")
|
||||
flags.String(cfgTLSKey, "", "TLS key path")
|
||||
peers := flags.StringArrayP(cfgPeers, "p", nil, "NeoFS nodes")
|
||||
|
||||
// set prefers:
|
||||
|
|
Loading…
Reference in a new issue