app: add support for TLS key/cert options

Run in TLS mode if anything is specified.
This commit is contained in:
Roman Khimov 2021-04-15 17:12:24 +03:00 committed by Stanislav Bogatyrev
parent a6f63c2bac
commit 491ae13190
3 changed files with 20 additions and 3 deletions

View file

@ -38,6 +38,8 @@ version Show current version
--request_timeout duration gRPC request timeout (default 5s) --request_timeout duration gRPC request timeout (default 5s)
--connect_timeout duration gRPC connect timeout (default 30s) --connect_timeout duration gRPC connect timeout (default 30s)
--listen_address string HTTP gate's listen address (default "0.0.0.0:8082") --listen_address string HTTP gate's listen address (default "0.0.0.0:8082")
--tls_certificate string TLS certificate path
--tls_key string TLS key path
-p, --peers stringArray NeoFS nodes -p, --peers stringArray NeoFS nodes
# Environments: # Environments:
@ -47,6 +49,8 @@ HTTP_GW_CONNECT_TIMEOUT=duration - Timeout for connection
HTTP_GW_REQUEST_TIMEOUT=duration - Timeout for request HTTP_GW_REQUEST_TIMEOUT=duration - Timeout for request
HTTP_GW_REBALANCE_TIMER=duration - Time between connections checks HTTP_GW_REBALANCE_TIMER=duration - Time between connections checks
HTTP_GW_LISTEN_ADDRESS=host:port - Address to listen connections HTTP_GW_LISTEN_ADDRESS=host:port - Address to listen connections
HTTP_GW_TLS_CERTIFICATE=path - File with TLS certificate
HTTP_GW_TLS_KEY=path - File with TLS private key
HTTP_GW_PEERS_<X>_ADDRESS=host:port - Address of NeoFS Node HTTP_GW_PEERS_<X>_ADDRESS=host:port - Address of NeoFS Node
HTTP_GW_PEERS_<X>_WEIGHT=float - Weight of NeoFS Node (1 if not specified) HTTP_GW_PEERS_<X>_WEIGHT=float - Weight of NeoFS Node (1 if not specified)
HTTP_GW_PPROF=bool - Enable/disable pprof (/debug/pprof) HTTP_GW_PPROF=bool - Enable/disable pprof (/debug/pprof)

13
app.go
View file

@ -178,9 +178,18 @@ func (a *app) Serve(ctx context.Context) {
attachProfiler(r) attachProfiler(r)
} }
bind := a.cfg.GetString(cfgListenAddress) bind := a.cfg.GetString(cfgListenAddress)
a.log.Info("running web server", zap.String("address", bind)) tlsCertPath := a.cfg.GetString(cfgTLSCertificate)
tlsKeyPath := a.cfg.GetString(cfgTLSKey)
a.webServer.Handler = r.Handler a.webServer.Handler = r.Handler
if err := a.webServer.ListenAndServe(bind); err != nil { if tlsCertPath == "" && tlsKeyPath == "" {
a.log.Info("running web server", zap.String("address", bind))
err = a.webServer.ListenAndServe(bind)
} else {
a.log.Info("running web server (TLS-enabled)", zap.String("address", bind))
err = a.webServer.ListenAndServeTLS(bind, tlsCertPath, tlsKeyPath)
}
if err != nil {
a.log.Fatal("could not start server", zap.Error(err)) a.log.Fatal("could not start server", zap.Error(err))
} }
} }

View file

@ -26,7 +26,9 @@ const (
defaultKeepaliveTime = 10 * time.Second defaultKeepaliveTime = 10 * time.Second
defaultKeepaliveTimeout = 10 * time.Second defaultKeepaliveTimeout = 10 * time.Second
cfgListenAddress = "listen_address" cfgListenAddress = "listen_address"
cfgTLSCertificate = "tls_certificate"
cfgTLSKey = "tls_key"
// KeepAlive // KeepAlive
cfgKeepaliveTime = "keepalive.time" cfgKeepaliveTime = "keepalive.time"
@ -112,6 +114,8 @@ func settings() *viper.Viper {
flags.Duration(cfgRebalance, defaultRebalanceTimer, "gRPC connection rebalance timer") flags.Duration(cfgRebalance, defaultRebalanceTimer, "gRPC connection rebalance timer")
flags.String(cfgListenAddress, "0.0.0.0:8082", "address to listen") flags.String(cfgListenAddress, "0.0.0.0:8082", "address to listen")
flags.String(cfgTLSCertificate, "", "TLS certificate path")
flags.String(cfgTLSKey, "", "TLS key path")
peers := flags.StringArrayP(cfgPeers, "p", nil, "NeoFS nodes") peers := flags.StringArrayP(cfgPeers, "p", nil, "NeoFS nodes")
// set prefers: // set prefers: