Feature: TLS and HTTP/2 (#39)
This commit is contained in:
parent
22f21a270b
commit
86763bd3aa
@ -116,6 +116,14 @@ manually, you can install newer version of Go into your `GOPATH`:
|
|||||||
|
|
||||||
# if you use `bolt` as database, set database_file to database file location
|
# if you use `bolt` as database, set database_file to database file location
|
||||||
database_file="speedtest.db"
|
database_file="speedtest.db"
|
||||||
|
|
||||||
|
# TLS and HTTP/2 settings. TLS is required for HTTP/2
|
||||||
|
enable_tls=false
|
||||||
|
enable_http2=false
|
||||||
|
|
||||||
|
# if you use HTTP/2 or TLS, you need to prepare certificates and private keys
|
||||||
|
# tls_cert_file="cert.pem"
|
||||||
|
# tls_key_file="privkey.pem"
|
||||||
```
|
```
|
||||||
|
|
||||||
## Differences between Go and PHP implementation and caveats
|
## Differences between Go and PHP implementation and caveats
|
||||||
|
@ -25,6 +25,11 @@ type Config struct {
|
|||||||
DatabasePassword string `mapstructure:"database_password"`
|
DatabasePassword string `mapstructure:"database_password"`
|
||||||
|
|
||||||
DatabaseFile string `mapstructure:"database_file"`
|
DatabaseFile string `mapstructure:"database_file"`
|
||||||
|
|
||||||
|
EnableHTTP2 bool `mapstructure:"enable_http2"`
|
||||||
|
EnableTLS bool `mapstructure:"enable_tls"`
|
||||||
|
TLSCertFile string `mapstructure:"tls_cert_file"`
|
||||||
|
TLSKeyFile string `mapstructure:"tls_key_file"`
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@ -44,6 +49,8 @@ func init() {
|
|||||||
viper.SetDefault("database_hostname", "localhost")
|
viper.SetDefault("database_hostname", "localhost")
|
||||||
viper.SetDefault("database_name", "speedtest")
|
viper.SetDefault("database_name", "speedtest")
|
||||||
viper.SetDefault("database_username", "postgres")
|
viper.SetDefault("database_username", "postgres")
|
||||||
|
viper.SetDefault("enable_tls", false)
|
||||||
|
viper.SetDefault("enable_http2", false)
|
||||||
|
|
||||||
viper.SetConfigName("settings")
|
viper.SetConfigName("settings")
|
||||||
viper.AddConfigPath(".")
|
viper.AddConfigPath(".")
|
||||||
|
@ -28,3 +28,11 @@ database_password=""
|
|||||||
|
|
||||||
# if you use `bolt` as database, set database_file to database file location
|
# if you use `bolt` as database, set database_file to database file location
|
||||||
database_file="speedtest.db"
|
database_file="speedtest.db"
|
||||||
|
|
||||||
|
# TLS and HTTP/2 settings. TLS is required for HTTP/2
|
||||||
|
enable_tls=false
|
||||||
|
enable_http2=false
|
||||||
|
|
||||||
|
# if you use HTTP/2 or TLS, you need to prepare certificates and private keys
|
||||||
|
# tls_cert_file="cert.pem"
|
||||||
|
# tls_key_file="privkey.pem"
|
24
web/web.go
24
web/web.go
@ -1,6 +1,7 @@
|
|||||||
package web
|
package web
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
"embed"
|
"embed"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"io"
|
"io"
|
||||||
@ -107,10 +108,29 @@ func ListenAndServe(conf *config.Config) error {
|
|||||||
case 0:
|
case 0:
|
||||||
addr := net.JoinHostPort(conf.BindAddress, conf.Port)
|
addr := net.JoinHostPort(conf.BindAddress, conf.Port)
|
||||||
log.Infof("Starting backend server on %s", addr)
|
log.Infof("Starting backend server on %s", addr)
|
||||||
s = http.ListenAndServe(addr, r)
|
|
||||||
|
// TLS and HTTP/2.
|
||||||
|
if conf.EnableTLS {
|
||||||
|
log.Info("Use TLS connection.")
|
||||||
|
if !(conf.EnableHTTP2) {
|
||||||
|
srv := &http.Server{
|
||||||
|
Addr: addr,
|
||||||
|
Handler: r,
|
||||||
|
TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler)),
|
||||||
|
}
|
||||||
|
s = srv.ListenAndServeTLS(conf.TLSCertFile, conf.TLSKeyFile)
|
||||||
|
} else {
|
||||||
|
s = http.ListenAndServeTLS(addr, conf.TLSCertFile, conf.TLSKeyFile, r)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if conf.EnableHTTP2 {
|
||||||
|
log.Errorf("TLS is mandatory for HTTP/2. Ignore settings that enable HTTP/2.")
|
||||||
|
}
|
||||||
|
s = http.ListenAndServe(addr, r)
|
||||||
|
}
|
||||||
case 1:
|
case 1:
|
||||||
log.Info("Starting backend server on inherited file descriptor via systemd socket activation")
|
log.Info("Starting backend server on inherited file descriptor via systemd socket activation")
|
||||||
if (conf.BindAddress != "" || conf.Port != "") {
|
if conf.BindAddress != "" || conf.Port != "" {
|
||||||
log.Errorf("Both an address/port (%s:%s) has been specificed in the config AND externally configured socket activation has been detected", conf.BindAddress, conf.Port)
|
log.Errorf("Both an address/port (%s:%s) has been specificed in the config AND externally configured socket activation has been detected", conf.BindAddress, conf.Port)
|
||||||
log.Fatal(`Please deconfigure socket activation (e.g. in systemd unit files), or set both 'bind_address' and 'listen_port' to ''`)
|
log.Fatal(`Please deconfigure socket activation (e.g. in systemd unit files), or set both 'bind_address' and 'listen_port' to ''`)
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user