Add optional TLS support (#340)
* Add optional TLS support Introduce HTTPS support with net/http Server.ListenAndServeTLS. This should enable the option of serving via HTTPS without a reverse proxy. Add two flags: - tls-cert-file (path to the TLS certificate file) - tls-key-file (path to the TLS private key file) Both flags must be supplied together; otherwise exit with error. If both flags are present, call srv.ListenAndServeTLS. If not, fall back to the existing srv.ListenAndServe (HTTP); no changes to existing non‑TLS behavior.
This commit is contained in:
David Wen Riccardi-Zhu
committed by
GitHub
GitHub
parent
d58a8b85bf
commit
6516532568
@@ -28,7 +28,9 @@ var (
|
|||||||
func main() {
|
func main() {
|
||||||
// Define a command-line flag for the port
|
// Define a command-line flag for the port
|
||||||
configPath := flag.String("config", "config.yaml", "config file name")
|
configPath := flag.String("config", "config.yaml", "config file name")
|
||||||
listenStr := flag.String("listen", ":8080", "listen ip/port")
|
listenStr := flag.String("listen", "", "listen ip/port")
|
||||||
|
certFile := flag.String("tls-cert-file", "", "TLS certificate file")
|
||||||
|
keyFile := flag.String("tls-key-file", "", "TLS key file")
|
||||||
showVersion := flag.Bool("version", false, "show version of build")
|
showVersion := flag.Bool("version", false, "show version of build")
|
||||||
watchConfig := flag.Bool("watch-config", false, "Automatically reload config file on change")
|
watchConfig := flag.Bool("watch-config", false, "Automatically reload config file on change")
|
||||||
|
|
||||||
@@ -55,6 +57,23 @@ func main() {
|
|||||||
gin.SetMode(gin.ReleaseMode)
|
gin.SetMode(gin.ReleaseMode)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Validate TLS flags.
|
||||||
|
var useTLS = (*certFile != "" && *keyFile != "")
|
||||||
|
if (*certFile != "" && *keyFile == "") ||
|
||||||
|
(*certFile == "" && *keyFile != "") {
|
||||||
|
fmt.Println("Error: Both --tls-cert-file and --tls-key-file must be provided for TLS.")
|
||||||
|
os.Exit(1)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Set default ports.
|
||||||
|
if *listenStr == "" {
|
||||||
|
defaultPort := ":8080"
|
||||||
|
if useTLS {
|
||||||
|
defaultPort = ":8443"
|
||||||
|
}
|
||||||
|
listenStr = &defaultPort
|
||||||
|
}
|
||||||
|
|
||||||
// Setup channels for server management
|
// Setup channels for server management
|
||||||
exitChan := make(chan struct{})
|
exitChan := make(chan struct{})
|
||||||
sigChan := make(chan os.Signal, 1)
|
sigChan := make(chan os.Signal, 1)
|
||||||
@@ -167,9 +186,16 @@ func main() {
|
|||||||
}()
|
}()
|
||||||
|
|
||||||
// Start server
|
// Start server
|
||||||
fmt.Printf("llama-swap listening on %s\n", *listenStr)
|
|
||||||
go func() {
|
go func() {
|
||||||
if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
|
var err error
|
||||||
|
if useTLS {
|
||||||
|
fmt.Printf("llama-swap listening with TLS on https://%s\n", *listenStr)
|
||||||
|
err = srv.ListenAndServeTLS(*certFile, *keyFile)
|
||||||
|
} else {
|
||||||
|
fmt.Printf("llama-swap listening on http://%s\n", *listenStr)
|
||||||
|
err = srv.ListenAndServe()
|
||||||
|
}
|
||||||
|
if err != nil && err != http.ErrServerClosed {
|
||||||
log.Fatalf("Fatal server error: %v\n", err)
|
log.Fatalf("Fatal server error: %v\n", err)
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
|||||||
Reference in New Issue
Block a user