diff options
| author |  Frédéric Guillot <fred@miniflux.net> | 2017-11-22 11:16:48 -0800 |
|---|---|---|
| committer | Frédéric Guillot <fred@miniflux.net> | 2017-11-22 11:16:48 -0800 |
| commit | 199b1fd6c36bf767967435ebb33acb795564aa48 (patch) | |
| tree | b86b0f042e78ce8c0854760068c52f6884863349 | |
| parent | 38941f58cf72e8e8811377570fdab1426cc6947b (diff) | |
Add the possibility to use TLS
| -rw-r--r-- | config/config.go | 2 | ||||
| -rw-r--r-- | server/server.go | 33 |
2 files changed, 29 insertions, 6 deletions
diff --git a/config/config.go b/config/config.go index 2eaa31c..aa8f16f 100644 --- a/config/config.go +++ b/config/config.go @@ -18,6 +18,8 @@ const ( DefaultBatchSize = 10 DefaultDatabaseMaxConns = 20 DefaultListenAddr = "127.0.0.1:8080" + DefaultCertFile = "" + DefaultKeyFile = "" ) // Config manages configuration parameters. diff --git a/server/server.go b/server/server.go index f1a2a57..1514b30 100644 --- a/server/server.go +++ b/server/server.go @@ -5,10 +5,12 @@ package server import ( + "crypto/tls" "log" "net/http" "time" + "github.com/gorilla/mux" "github.com/miniflux/miniflux2/scheduler" "github.com/miniflux/miniflux2/config" @@ -18,20 +20,39 @@ import ( // NewServer returns a new HTTP server. func NewServer(cfg *config.Config, store *storage.Storage, pool *scheduler.WorkerPool, feedHandler *feed.Handler) *http.Server { + return startServer(cfg, getRoutes(cfg, store, feedHandler, pool)) +} + +func startServer(cfg *config.Config, handler *mux.Router) *http.Server { + certFile := cfg.Get("CERT_FILE", config.DefaultCertFile) + keyFile := cfg.Get("KEY_FILE", config.DefaultKeyFile) server := &http.Server{ ReadTimeout: 5 * time.Second, WriteTimeout: 10 * time.Second, IdleTimeout: 60 * time.Second, Addr: cfg.Get("LISTEN_ADDR", config.DefaultListenAddr), - Handler: getRoutes(cfg, store, feedHandler, pool), + Handler: handler, } - go func() { - log.Printf("Listening on %s\n", server.Addr) - if err := server.ListenAndServe(); err != nil { - log.Fatal(err) + if certFile != "" && keyFile != "" { + server.TLSConfig = &tls.Config{ + MinVersion: tls.VersionTLS12, } - }() + + go func() { + log.Printf(`Listening on "%s" by using certificate "%s" and key "%s"`, server.Addr, certFile, keyFile) + if err := server.ListenAndServeTLS(certFile, keyFile); err != nil { + log.Fatalln(err) + } + }() + } else { + go func() { + log.Printf(`Listening on "%s" without TLS`, server.Addr) + if err := server.ListenAndServe(); err != nil { + log.Fatalln(err) + } + }() + } return server } |