Support multiple keypairs
Instead of realying ona simgle key file, we now support multiple keypairs and each one an individual keyfile and certfile.
This commit is contained in:
parent
455811066b
commit
b62d5edef5
|
@ -24,11 +24,17 @@ type ConfigSettings struct {
|
|||
}
|
||||
|
||||
type TLSSettings struct {
|
||||
Enabled bool `yaml:"enabled"`
|
||||
MinVersion string `yaml:"minversion"`
|
||||
MaxVersion string `yaml:"maxversion"`
|
||||
Keyfile string `yaml:"keyfile"`
|
||||
Certificates []string `yaml:"certificates"`
|
||||
Enabled bool `yaml:"enabled"`
|
||||
MinVersion string `yaml:"minversion"`
|
||||
MaxVersion string `yaml:"maxversion"`
|
||||
Keypairs []TLSKeypairs `yaml:"keypairs"`
|
||||
Keyfile string `yaml:"keyfile"`
|
||||
Certificates []string `yaml:"certificates"`
|
||||
}
|
||||
|
||||
type TLSKeypairs struct {
|
||||
Keyfile string `yaml:"keyfile"`
|
||||
Certificate string `yaml:"certificate"`
|
||||
}
|
||||
|
||||
func (cf *Config) SetDefaults() {
|
||||
|
|
|
@ -153,37 +153,34 @@ func main() {
|
|||
fmt.Fprintf(os.Stderr, "warning: using of a deprecated TLS version (< 1.2) is not recommended\n")
|
||||
}
|
||||
// Create self-signed certificate, when no keyfile and no certificates are present
|
||||
if cf.Settings.TLS.Keyfile == "" && len(cf.Settings.TLS.Certificates) == 0 {
|
||||
if len(cf.Settings.TLS.Keypairs) == 0 {
|
||||
// TODO
|
||||
fmt.Fprintf(os.Stderr, "error: creating self-signed certificates is not yet implemented")
|
||||
os.Exit(1)
|
||||
} else {
|
||||
var err error
|
||||
// Ensure keyfile AND certificates are present.
|
||||
if cf.Settings.TLS.Keyfile == "" {
|
||||
fmt.Fprintf(os.Stderr, "no keyfile defined\n")
|
||||
os.Exit(1)
|
||||
}
|
||||
if len(cf.Settings.TLS.Certificates) == 0 {
|
||||
fmt.Fprintf(os.Stderr, "no certificates defined\n")
|
||||
os.Exit(1)
|
||||
}
|
||||
|
||||
// Load certificates
|
||||
tlsConfig.Certificates = make([]tls.Certificate, len(cf.Settings.TLS.Certificates))
|
||||
for i, cert := range cf.Settings.TLS.Certificates {
|
||||
tlsConfig.Certificates[i], err = tls.LoadX509KeyPair(cert, cf.Settings.TLS.Keyfile)
|
||||
tlsConfig.Certificates = make([]tls.Certificate, len(cf.Settings.TLS.Keypairs))
|
||||
for i, keypair := range cf.Settings.TLS.Keypairs {
|
||||
tlsConfig.Certificates[i], err = tls.LoadX509KeyPair(keypair.Certificate, keypair.Keyfile)
|
||||
if err != nil {
|
||||
fmt.Fprintf(os.Stderr, "error: certificate '%s' invalid: %s\n", cert, err)
|
||||
fmt.Fprintf(os.Stderr, "error: tls keypair '%s,%s' invalid: %s\n", keypair.Certificate, keypair.Keyfile, err)
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
|
||||
if len(tlsConfig.Certificates) == 1 {
|
||||
log.Printf("Loaded 1 tls certificate")
|
||||
} else {
|
||||
log.Printf("Loaded %d tls certificates", len(tlsConfig.Certificates))
|
||||
}
|
||||
}
|
||||
listener, err := tls.Listen("tcp", cf.Settings.BindAddress, tlsConfig)
|
||||
if err != nil {
|
||||
fmt.Fprintf(os.Stderr, "error: cannot listen on '%s': %s\n", cf.Settings.BindAddress, err)
|
||||
os.Exit(1)
|
||||
}
|
||||
log.Printf("Serving tls requests now on %s", cf.Settings.BindAddress)
|
||||
err = server.Serve(listener)
|
||||
log.Fatal(err)
|
||||
} else {
|
||||
|
@ -194,6 +191,7 @@ func main() {
|
|||
WriteTimeout: time.Duration(cf.Settings.WriteTimeout) * time.Second,
|
||||
MaxHeaderBytes: cf.Settings.MaxHeaderBytes,
|
||||
}
|
||||
log.Printf("Serving requests now on %s", cf.Settings.BindAddress)
|
||||
err := server.ListenAndServe()
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
|
14
weblug.yml
14
weblug.yml
|
@ -17,10 +17,11 @@ settings:
|
|||
# Minimum and maximum requires TLS version. By default TLS1.2 is the minimum
|
||||
minversion: '1.2'
|
||||
maxversion: ''
|
||||
keyfile: 'weblug.key'
|
||||
certificates:
|
||||
- weblug1.pem
|
||||
- weblug2.pem
|
||||
keypairs:
|
||||
- keyfile: 'weblug.key'
|
||||
certificate: 'weblug1.pem'
|
||||
- keyfile: 'weblug.key'
|
||||
certificate: 'weblug2.pem'
|
||||
|
||||
# hook definitions. A hook needs to define the HTTP endpoint ("route") and the command
|
||||
# See the following examples for more possible options.
|
||||
|
@ -28,10 +29,11 @@ hooks:
|
|||
- name: 'hook one'
|
||||
route: "/webhooks/1"
|
||||
|
||||
# if hosts is present, limit requests to this remote hosts
|
||||
# Currently multiplexing the same routes to different hosts does not work.
|
||||
# if hosts is present, then limit the incoming requests to the given remote host(s)
|
||||
# Currently multiplexing the same route to different hosts does not work
|
||||
hosts:
|
||||
- example1.local
|
||||
- example2.local
|
||||
|
||||
command: "sleep 5"
|
||||
background: True # Terminate http request immediately
|
||||
|
|
Loading…
Reference in a new issue