Dear Gitlab users, due to maintenance reasons, Gitlab will not be available on Thursday 30.09.2021 from 5:00 pm to approximately 5:30 pm.

Commit 998356ed authored by Andreas Wagner's avatar Andreas Wagner
Browse files

Add ssl/tls options.

parent 4fe65471
......@@ -56,6 +56,13 @@ The configuration file is a json file that has several sections:
### Root elements
- `ListenSpec` *numeric*: This allows you to specify which port the t2z daemon should be listening on. It defaults to 8081.
- `Https` *string*: This allows you to take one of three approaches to tls/ssl encryption: (1) either the value is `none` (the default), in which case
you will not have TLS/SSL encryption. Your server will listen to http requests at the port specified in `ListenSpec`. Or (2) the value is
`letsencrypt`, in which case an automatic [Letsencrypt.org](https://letsencrypt.org/) certificate management routine will be used. This requires
that the server runs on the standard https port 443, however, so any `ListenSpec` value is ignored. Finally, (3) you can take care of certificates
yourself. Then, the service binds to the port specified in `ListenSpec` and every value of `Https` other than `none` and `letsencrypt` will be
interpreted as colon-separated pair of paths to the private certificate and public key files, e.g.
`/etc/ssl/private/ssl-cert-snakeoil.key:/etc/ssl/certs/t2z.pem`.
- `Verbose` *boolean*: This switches between terse and verbose mode for the console output. It defaults to false.
- `APIRoot` *string*: This allows you to specify a path below which the various api endpoints can be reached. It defaults to `/api/v1`.
- `FileAPI` *string*: Subfolder of `APIRoot` where the API endpoint that receives direct file upload POST requests can be reached. Setting this to an empty string disables the file upload API endpoint. It defaults to `/file`.
......
package main
import (
"bytes"
"fmt"
"os/exec"
"strconv"
"strings"
// "github.com/davecgh/go-spew/spew"
"github.com/gin-gonic/autotls"
"github.com/sirupsen/logrus"
"gitlab.gwdg.de/rg-mpg-de/tei2zenodo"
"gitlab.gwdg.de/rg-mpg-de/tei2zenodo/internal/pkg/conf"
......@@ -21,47 +24,54 @@ func main() {
var Config tei2zenodo.Config
Cerr := conf.Configure(&Config)
if Cerr != nil {
panic(fmt.Errorf("Error during config phase_ %+v", Cerr))
log.Fatal(fmt.Errorf("Error during config phase_ %+v", Cerr))
}
log, Lerr := logger.ConfigureLogging(&Config.Log)
if Lerr != nil {
panic(fmt.Errorf("Error during log setup phase: %+v", Lerr))
log.Fatal(fmt.Errorf("Error during log setup phase: %+v", Lerr))
}
log.Printf("Starting tei2zenodo daemon")
if Config.Verbose {
log.Printf("conf: %v", Config)
} else {
log.Tracef("conf: %v", Config)
}
// Get routes
router := routing.SetupRoutes(Config)
/*
// Get server specs
url, HNErr := os.Hostname()
if HNErr != nil {
panic(fmt.Errorf("Could not find hostname: %+v", HNErr))
// Run server, taking into account different SSL/TLS approaches
switch Config.HTTPS {
case "letsencrypt":
{
fqdn, _ := getHostnameFQDN()
log.Fatal(autotls.Run(router, fqdn))
}
port := strconv.Itoa(int(Config.ListenSpec))
address := url
if len(port) > 0 {
address = address + ":" + port
case "none":
{
log.Fatal(router.Run(":" + strconv.FormatInt(Config.ListenSpec, 10)))
}
// Build server struct
srv := &http.Server{
Addr: address,
Handler: router,
default:
{
certfile := strings.Split(Config.HTTPS, ":")[0]
keyfile := strings.Split(Config.HTTPS, ":")[1]
log.Fatal(router.RunTLS(":"+strconv.FormatInt(Config.ListenSpec, 10), certfile, keyfile))
}
}
}
err := autotls.Run(router, url)
if err != nil && err != http.ErrServerClosed {
fmt.Errorf("listen: %s", err)
}
*/
func getHostnameFQDN() (string, error) {
cmd := exec.Command("/bin/hostname", "-f")
var out bytes.Buffer
cmd.Stdout = &out
err := cmd.Run()
if err != nil {
return "", fmt.Errorf("Error when get_hostname_fqdn: %v", err)
}
fqdn := out.String()
fqdn = fqdn[:len(fqdn)-1] // removing EOL
log.Fatal(router.Run(":" + strconv.FormatInt(Config.ListenSpec, 10)))
// router.RunTLS(":"+strconv.Itoa(Config.ListenSpec), "./policey_server.cert", "./policey_server.key")
// log.Fatal(autotls.Run(router, os.Hostname()))
return fqdn, nil
}
{
"ListenSpec": 8081,
"Https": "none",
"Verbose": false,
"APIRoot": "/api/v1",
"FileAPI": "/file",
......
......@@ -21,6 +21,7 @@ func Configure(Config *tei2zenodo.Config) error {
// set defaults
viper.SetDefault("ListenSpec", "8081")
viper.SetDefault("HTTPS", "none")
viper.SetDefault("Verbose", false)
viper.SetDefault("APIRoot", "/api/v1")
viper.SetDefault("FileAPI", "/file")
......
......@@ -5,6 +5,7 @@ package tei2zenodo
// Config is the struct of the application's general configuration.
type Config struct {
ListenSpec int64
HTTPS string
Verbose bool
APIRoot string
FileAPI string
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment