about summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorBen Morrison <ben@gbmor.dev>2019-06-11 18:49:16 -0400
committerBen Morrison <ben@gbmor.dev>2019-06-11 18:49:16 -0400
commit45ee3c060433c58a0a89de223655381933e7df11 (patch)
tree7915b74fe7be9bde61ccfd408cc3bbeb170265d8
parent6dad1372a4680f2314a057b831f8cb2ef44dcf1b (diff)
downloadgetwtxt-45ee3c060433c58a0a89de223655381933e7df11.tar.gz
added support for TLS and hostname resolution
-rw-r--r--Makefile12
-rw-r--r--etc/getwtxt-proxied.service15
-rw-r--r--getwtxt.yml11
-rw-r--r--svc/conf.go37
-rw-r--r--svc/init.go1
-rw-r--r--svc/svc.go9
6 files changed, 51 insertions, 34 deletions
diff --git a/Makefile b/Makefile
index eea8cdd..2151717 100644
--- a/Makefile
+++ b/Makefile
@@ -27,18 +27,6 @@ install:
 	install -m644 assets/tmpl/index.html $(BINDIR)/assets/tmpl
 	install -m644 README.md $(BINDIR)/docs
 	install -m644 LICENSE $(BINDIR)/docs
-	install -m644 etc/getwtxt-proxied.service /etc/systemd/system
-	chown -R getwtxt:getwtxt $(BINDIR)
-
-install-unproxied:
-	adduser -home $(BINDIR) --system --group getwtxt
-	mkdir -p $(BINDIR)/assets/tmpl $(BINDIR)/docs
-	install -m755 getwtxt $(BINDIR)
-	install -m644 getwtxt.yml $(BINDIR)
-	install -m644 assets/style.css $(BINDIR)/assets
-	install -m644 assets/tmpl/index.html $(BINDIR)/assets/tmpl
-	install -m644 README.md $(BINDIR)/docs
-	install -m644 LICENSE $(BINDIR)/docs
 	install -m644 etc/getwtxt.service /etc/systemd/system
 	chown -R getwtxt:getwtxt $(BINDIR)
 
diff --git a/etc/getwtxt-proxied.service b/etc/getwtxt-proxied.service
deleted file mode 100644
index 07ea8cb..0000000
--- a/etc/getwtxt-proxied.service
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=getwtxt
-
-[Service]
-Type=simple
-ExecStart=/usr/local/getwtxt/getwtxt \
-          --assets /usr/local/getwtxt/assets \
-          --config /usr/local/getwtxt/getwtxt.yml \
-          --db /usr/local/getwtxt/getwtxt.db \
-          --dbtype leveldb \
-          --proxied
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
diff --git a/getwtxt.yml b/getwtxt.yml
index 0388651..d9f5c90 100644
--- a/getwtxt.yml
+++ b/getwtxt.yml
@@ -24,8 +24,19 @@
 BehindProxy: true
 
 # This is the port that getwtxt will bind to.
+# If BehindProxy is false, you should probably
+# set this to 80 or 443
 ListenPort: 9001
 
+# Determines whether we're using SSL/TLS. If so,
+# you should set the Cert and Key files.
+# Don't use TLS if you're setting up getwtxt
+# behind a reverse proxy - just let the proxy
+# handle the connection.
+UseTLS: false
+TLSCert: "/etc/ssl/getwtxt.pem"
+TLSKey: "/etc/ssl/private/getwtxt.pem"
+
 # The type of database you want to use. Currently,
 # the following are supported:
 #   leveldb (default)
diff --git a/svc/conf.go b/svc/conf.go
index f15bd13..538b701 100644
--- a/svc/conf.go
+++ b/svc/conf.go
@@ -25,6 +25,7 @@ type Configuration struct {
 	CacheInterval time.Duration `yaml:"StatusFetchInterval"`
 	DBInterval    time.Duration `yaml:"DatabasePushInterval"`
 	Instance      `yaml:"Instance"`
+	TLS
 }
 
 // Instance refers to meta data about
@@ -38,6 +39,14 @@ type Instance struct {
 	Desc  string `yaml:"Instance.Description"`
 }
 
+// TLS holds the tls config from the
+// config file
+type TLS struct {
+	Use  bool   `yaml:"UseTLS"`
+	Cert string `yaml:"TLSCert"`
+	Key  string `yaml:"TLSKey"`
+}
+
 // Called on start-up. Initializes everything
 // related to configuration values.
 func initConfig() {
@@ -88,6 +97,10 @@ func initLogging() {
 // Default values should a config file
 // not be available.
 func setConfigDefaults() {
+	viper.SetDefault("BehindProxy", true)
+	viper.SetDefault("UseTLS", false)
+	viper.SetDefault("TLSCert", "cert.pem")
+	viper.SetDefault("TLSKey", "key.pem")
 	viper.SetDefault("ListenPort", 9001)
 	viper.SetDefault("LogFile", "getwtxt.log")
 	viper.SetDefault("DatabasePath", "getwtxt.db")
@@ -150,6 +163,12 @@ func bindConfig() {
 	confObj.Instance.Mail = viper.GetString("Instance.Email")
 	confObj.Instance.Desc = viper.GetString("Instance.Description")
 
+	confObj.TLS.Use = viper.GetBool("UseTLS")
+	if confObj.TLS.Use {
+		confObj.TLS.Cert = viper.GetString("TLSCert")
+		confObj.TLS.Key = viper.GetString("TLSKey")
+	}
+
 	if *flagDBType != "" {
 		confObj.DBType = *flagDBType
 	}
@@ -159,15 +178,24 @@ func bindConfig() {
 	if *flagAssets != "" {
 		confObj.AssetsDir = *flagAssets
 	}
-	if *flagProxied {
-		confObj.IsProxied = true
-	}
+	confObj.Mu.Unlock()
+
+	announceConfig()
 
+}
+
+func announceConfig() {
+	confObj.Mu.RLock()
 	if confObj.IsProxied {
 		log.Printf("Behind reverse proxy, not using host matching\n")
 	} else {
 		log.Printf("Matching host: %v\n", confObj.Instance.URL)
 	}
+	if confObj.TLS.Use {
+		log.Printf("Using TLS\n")
+		log.Printf("Cert: %v\n", confObj.TLS.Cert)
+		log.Printf("Key: %v\n", confObj.TLS.Key)
+	}
 	if confObj.StdoutLogging {
 		log.Printf("Logging to: stdout\n")
 	} else {
@@ -176,6 +204,5 @@ func bindConfig() {
 	log.Printf("Using %v database: %v\n", confObj.DBType, confObj.DBPath)
 	log.Printf("Database push interval: %v\n", confObj.DBInterval)
 	log.Printf("User status fetch interval: %v\n", confObj.CacheInterval)
-
-	confObj.Mu.Unlock()
+	confObj.Mu.RUnlock()
 }
diff --git a/svc/init.go b/svc/init.go
index 082cef8..fe83145 100644
--- a/svc/init.go
+++ b/svc/init.go
@@ -22,7 +22,6 @@ var (
 	flagAssets   *string = pflag.StringP("assets", "a", "", "The location of the getwtxt assets directory.")
 	flagDBPath   *string = pflag.StringP("db", "d", "", "Path to the getwtxt database.")
 	flagDBType   *string = pflag.StringP("dbtype", "t", "", "Type of database being used.")
-	flagProxied  *bool   = pflag.BoolP("proxied", "p", false, "Use if getwtxt is behind a reverse proxy.")
 )
 
 // Holds the global configuration
diff --git a/svc/svc.go b/svc/svc.go
index e5802d2..1748bf0 100644
--- a/svc/svc.go
+++ b/svc/svc.go
@@ -25,6 +25,9 @@ func Start() {
 	if !confObj.IsProxied {
 		index.Host(confObj.Instance.URL)
 	}
+	TLS := confObj.TLS.Use
+	TLSCert := confObj.TLS.Cert
+	TLSKey := confObj.TLS.Key
 	confObj.Mu.RUnlock()
 
 	setIndexRouting(index)
@@ -34,7 +37,11 @@ func Start() {
 	server := newServer(portnum, index)
 	log.Printf("*** Listening on %v\n", portnum)
 	log.Printf("*** getwtxt %v Startup finished at %v, took %v\n\n", Vers, time.Now().Format(time.RFC3339), time.Since(before))
-	errLog("", server.ListenAndServe())
+	if TLS {
+		errLog("", server.ListenAndServeTLS(TLSCert, TLSKey))
+	} else {
+		errLog("", server.ListenAndServe())
+	}
 
 	closeLog <- true
 	killTickers()