From 45ee3c060433c58a0a89de223655381933e7df11 Mon Sep 17 00:00:00 2001 From: Ben Morrison Date: Tue, 11 Jun 2019 18:49:16 -0400 Subject: added support for TLS and hostname resolution --- svc/conf.go | 37 ++++++++++++++++++++++++++++++++----- svc/init.go | 1 - svc/svc.go | 9 ++++++++- 3 files changed, 40 insertions(+), 7 deletions(-) (limited to 'svc') diff --git a/svc/conf.go b/svc/conf.go index f15bd13..538b701 100644 --- a/svc/conf.go +++ b/svc/conf.go @@ -25,6 +25,7 @@ type Configuration struct { CacheInterval time.Duration `yaml:"StatusFetchInterval"` DBInterval time.Duration `yaml:"DatabasePushInterval"` Instance `yaml:"Instance"` + TLS } // Instance refers to meta data about @@ -38,6 +39,14 @@ type Instance struct { Desc string `yaml:"Instance.Description"` } +// TLS holds the tls config from the +// config file +type TLS struct { + Use bool `yaml:"UseTLS"` + Cert string `yaml:"TLSCert"` + Key string `yaml:"TLSKey"` +} + // Called on start-up. Initializes everything // related to configuration values. func initConfig() { @@ -88,6 +97,10 @@ func initLogging() { // Default values should a config file // not be available. func setConfigDefaults() { + viper.SetDefault("BehindProxy", true) + viper.SetDefault("UseTLS", false) + viper.SetDefault("TLSCert", "cert.pem") + viper.SetDefault("TLSKey", "key.pem") viper.SetDefault("ListenPort", 9001) viper.SetDefault("LogFile", "getwtxt.log") viper.SetDefault("DatabasePath", "getwtxt.db") @@ -150,6 +163,12 @@ func bindConfig() { confObj.Instance.Mail = viper.GetString("Instance.Email") confObj.Instance.Desc = viper.GetString("Instance.Description") + confObj.TLS.Use = viper.GetBool("UseTLS") + if confObj.TLS.Use { + confObj.TLS.Cert = viper.GetString("TLSCert") + confObj.TLS.Key = viper.GetString("TLSKey") + } + if *flagDBType != "" { confObj.DBType = *flagDBType } @@ -159,15 +178,24 @@ func bindConfig() { if *flagAssets != "" { confObj.AssetsDir = *flagAssets } - if *flagProxied { - confObj.IsProxied = true - } + confObj.Mu.Unlock() + + announceConfig() +} + +func announceConfig() { + confObj.Mu.RLock() if confObj.IsProxied { log.Printf("Behind reverse proxy, not using host matching\n") } else { log.Printf("Matching host: %v\n", confObj.Instance.URL) } + if confObj.TLS.Use { + log.Printf("Using TLS\n") + log.Printf("Cert: %v\n", confObj.TLS.Cert) + log.Printf("Key: %v\n", confObj.TLS.Key) + } if confObj.StdoutLogging { log.Printf("Logging to: stdout\n") } else { @@ -176,6 +204,5 @@ func bindConfig() { log.Printf("Using %v database: %v\n", confObj.DBType, confObj.DBPath) log.Printf("Database push interval: %v\n", confObj.DBInterval) log.Printf("User status fetch interval: %v\n", confObj.CacheInterval) - - confObj.Mu.Unlock() + confObj.Mu.RUnlock() } diff --git a/svc/init.go b/svc/init.go index 082cef8..fe83145 100644 --- a/svc/init.go +++ b/svc/init.go @@ -22,7 +22,6 @@ var ( flagAssets *string = pflag.StringP("assets", "a", "", "The location of the getwtxt assets directory.") flagDBPath *string = pflag.StringP("db", "d", "", "Path to the getwtxt database.") flagDBType *string = pflag.StringP("dbtype", "t", "", "Type of database being used.") - flagProxied *bool = pflag.BoolP("proxied", "p", false, "Use if getwtxt is behind a reverse proxy.") ) // Holds the global configuration diff --git a/svc/svc.go b/svc/svc.go index e5802d2..1748bf0 100644 --- a/svc/svc.go +++ b/svc/svc.go @@ -25,6 +25,9 @@ func Start() { if !confObj.IsProxied { index.Host(confObj.Instance.URL) } + TLS := confObj.TLS.Use + TLSCert := confObj.TLS.Cert + TLSKey := confObj.TLS.Key confObj.Mu.RUnlock() setIndexRouting(index) @@ -34,7 +37,11 @@ func Start() { server := newServer(portnum, index) log.Printf("*** Listening on %v\n", portnum) log.Printf("*** getwtxt %v Startup finished at %v, took %v\n\n", Vers, time.Now().Format(time.RFC3339), time.Since(before)) - errLog("", server.ListenAndServe()) + if TLS { + errLog("", server.ListenAndServeTLS(TLSCert, TLSKey)) + } else { + errLog("", server.ListenAndServe()) + } closeLog <- true killTickers() -- cgit 1.4.1-2-gfad0