Feature: TLS and HTTP/2 (#39)

2022-03-27 03:47:16 +09:00
parent 22f21a270b
commit 86763bd3aa
4 changed files with 45 additions and 2 deletions
--- a/web/web.go
+++ b/web/web.go
@@ -1,6 +1,7 @@
 package web

 import (
+	"crypto/tls"
 	"embed"
 	"encoding/json"
 	"io"
@@ -107,10 +108,29 @@ func ListenAndServe(conf *config.Config) error {
 	case 0:
 		addr := net.JoinHostPort(conf.BindAddress, conf.Port)
 		log.Infof("Starting backend server on %s", addr)
-		s = http.ListenAndServe(addr, r)
+
+		// TLS and HTTP/2.
+		if conf.EnableTLS {
+			log.Info("Use TLS connection.")
+			if !(conf.EnableHTTP2) {
+				srv := &http.Server{
+					Addr:         addr,
+					Handler:      r,
+					TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler)),
+				}
+				s = srv.ListenAndServeTLS(conf.TLSCertFile, conf.TLSKeyFile)
+			} else {
+				s = http.ListenAndServeTLS(addr, conf.TLSCertFile, conf.TLSKeyFile, r)
+			}
+		} else {
+			if conf.EnableHTTP2 {
+				log.Errorf("TLS is mandatory for HTTP/2. Ignore settings that enable HTTP/2.")
+			}
+			s = http.ListenAndServe(addr, r)
+		}
 	case 1:
 		log.Info("Starting backend server on inherited file descriptor via systemd socket activation")
-		if (conf.BindAddress != "" || conf.Port != "") {
+		if conf.BindAddress != "" || conf.Port != "" {
 			log.Errorf("Both an address/port (%s:%s) has been specificed in the config AND externally configured socket activation has been detected", conf.BindAddress, conf.Port)
 			log.Fatal(`Please deconfigure socket activation (e.g. in systemd unit files), or set both 'bind_address' and 'listen_port' to ''`)
 		}