[server] Add support for specifying TLS certificate
This commit is contained in:
parent
7019c78c2e
commit
5ea19f0f9d
4 changed files with 139 additions and 5 deletions
47
examples/tls-bundle.pem
Normal file
47
examples/tls-bundle.pem
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDIzCCAgugAwIBAgIUVyUIITgu0+by4ASAy3b9vOM+B2wwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwHzEdMBsGA1UEAxMUa2F3aXBpa28udm9sdXRpb24ucm8wIBcNMTkwODE0MTUw
|
||||||
|
OTEzWhgPMjA1OTA4MTQxNTA5MTNaMB8xHTAbBgNVBAMTFGthd2lwaWtvLnZvbHV0
|
||||||
|
aW9uLnJvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvo6I70Xe87KO
|
||||||
|
aj764hlWEcAWWaEnBmzMgJtOiAgFfG6B3vMuSE84Ro7a0uqVwkHqhYOrE66jFBo8
|
||||||
|
moPBOBABovVpDtNGjWGE+xFqf609MEuWloDNu4d6wgBjdjcXfZZ6KYcsfsctcoRe
|
||||||
|
eYljgujx+lvRgORKS4nWnOOyY3O9wJRMxa3ITkRfVUwlQgampKKcIk3iXdRqdAOt
|
||||||
|
ws6TO3VTwVZ1poDDSyYcKTW6aQoQmsOCDEgQh+pyYQJSVIEqiFP32cjq43opHonf
|
||||||
|
OpykAiL2e7MiRYJur5E5xH2ZmT9SersPcACMoCu1DiHPJaGvxfl693gf4pgX6rDb
|
||||||
|
PWTNJqWpqwIDAQABo1UwUzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUF
|
||||||
|
BwMBMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFPDjABVCI490LdvHPeotzNq3
|
||||||
|
xa9KMA0GCSqGSIb3DQEBCwUAA4IBAQA0cYKpYneOgBRGL/5q86g17qGOrQOWjdDr
|
||||||
|
1k7i817pBjIfRj9bm1n2iaSrC4GCt4Ok+hl/DyjPNDDUXZxEmfmxlugi6dKLPQp9
|
||||||
|
p30hlTB7E3ArHKkWXYGo19URewAUYOMEIR1lB5/RS21rnpUKHawrwi9pZHTwYQ5Q
|
||||||
|
QcnpA9/FvCbPo8gb9kPAuDyj39tdzzgNK/Xvj8ym9RhUbTtBgbWujRCIWU0L6bfl
|
||||||
|
i7DLfJoPSK+s6S5YGr88VAz0y9zAGD/2wGq9R1hUSDw0OfMgEm9GoSz6FpXKKBtl
|
||||||
|
M01bP11akztK8sWChdels4OXOsPQ1SdF2XE4od82cm6lA8IgE1hY
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+jojvRd7zso5q
|
||||||
|
PvriGVYRwBZZoScGbMyAm06ICAV8boHe8y5ITzhGjtrS6pXCQeqFg6sTrqMUGjya
|
||||||
|
g8E4EAGi9WkO00aNYYT7EWp/rT0wS5aWgM27h3rCAGN2Nxd9lnophyx+xy1yhF55
|
||||||
|
iWOC6PH6W9GA5EpLidac47Jjc73AlEzFrchORF9VTCVCBqakopwiTeJd1Gp0A63C
|
||||||
|
zpM7dVPBVnWmgMNLJhwpNbppChCaw4IMSBCH6nJhAlJUgSqIU/fZyOrjeikeid86
|
||||||
|
nKQCIvZ7syJFgm6vkTnEfZmZP1J6uw9wAIygK7UOIc8loa/F+Xr3eB/imBfqsNs9
|
||||||
|
ZM0mpamrAgMBAAECggEAORjSVQeVj2XAIHuwhtDapkTtLXwJCnbNK/fdJwtoQWmH
|
||||||
|
RnuNMaNzFEk3rh0WNHe1wr26JBKe0KYv5Ih3+8loBCEOkp+hszk2NFh6lbkd7Xuo
|
||||||
|
qn37pyYoFTsykjhdtIbDIfBb17zslDSvbjFJfO85mi+q7bj5vfqWMLpVOFF02N/S
|
||||||
|
SmASAzAYTAOE+wheMuTWkm8r3PXh8WhJViWLp/9l6gyLT0mOazxaVayOWyJ/pg1w
|
||||||
|
qPZiNOavTbNyP7jzUysA4LX9CdBQx3k48IQm0c59Zu49Rl7H6ZT9Vp2CSkvbZRZS
|
||||||
|
qVLKYtE4o5SIyAPI5QBCRyNVkHQnZAzPIv/vwbky4QKBgQDmcxY9YVIVpjZQCcVg
|
||||||
|
R++ClrjKKzuR4dmUvmF3H6F4uT6S+7zPsaaIbgBUo2B/Z5QZ+vv6FeKcGZhGSVzU
|
||||||
|
gtiQeNvEPE25oHbJm3ui71Wvw2mEpTp52bYL6k68b45ydq/CCpohSLym/WjlVVSz
|
||||||
|
ce2IJZaviGn68jY175bRRDAb2wKBgQDTrykGt8gfACmSBZcULkaXCDqT0nfnWccx
|
||||||
|
OHuimbIDgSU0Q/KJA9P0pSbtL/2rUXEnZpUJ0oDDEi0MpBkSX3Tb3U959aY97hXK
|
||||||
|
arHI0iziUcW1ZZ2XGO5KtRviQ0D5CKZWR1Ttjm1oCJkmxAag070CF/UdcTGEizrK
|
||||||
|
OeI7o1l6cQKBgBo21z3ON0ctLBp4shIcvLsPKCAfQNx8Y4LPEUk6uOSBtgOETVsW
|
||||||
|
60mzsafvGcgEYU1/RnCRUsDNDIxaRgwKglYU2XL+JR1Lipeubyb+sLGYugUTwo4f
|
||||||
|
3NyIH8LBseOFasLY7+V/X65jPy5vQX5UJGALXpPDIcMhEFecVHyjlBFnAoGABtWs
|
||||||
|
+W6No5KZxQExM5Ga7d1yJruw62NWrxwnwcQ8nyhYTyuydQIOoeODMj1Ob22dvavu
|
||||||
|
O/bz+Vho4/OYa6NxXnfyzPlFeNJrGbIAM3+1u0jwnT6+q9Y+O2NFlzScsG27ESYU
|
||||||
|
c+cZWTaN21aQ8Dhl7d9gJqc09haYu1bLGynXBcECgYEAsxgIbbO3CtxPfqgtJrAo
|
||||||
|
eRPPLX7UOdXmarOBYFL+jsG5SWSyECqKDgkjyeQFVqHzK+W4k654TobZoMUhDIUL
|
||||||
|
GeNAoNAIjPciush/0yYI8w3EybHIkB6JSi4LyhWBQazGaAr3Ai0NHbKt3ZzcOM1D
|
||||||
|
azCipM9H6CJO+MjoG+S53Xo=
|
||||||
|
-----END PRIVATE KEY-----
|
28
examples/tls-private.pem
Normal file
28
examples/tls-private.pem
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+jojvRd7zso5q
|
||||||
|
PvriGVYRwBZZoScGbMyAm06ICAV8boHe8y5ITzhGjtrS6pXCQeqFg6sTrqMUGjya
|
||||||
|
g8E4EAGi9WkO00aNYYT7EWp/rT0wS5aWgM27h3rCAGN2Nxd9lnophyx+xy1yhF55
|
||||||
|
iWOC6PH6W9GA5EpLidac47Jjc73AlEzFrchORF9VTCVCBqakopwiTeJd1Gp0A63C
|
||||||
|
zpM7dVPBVnWmgMNLJhwpNbppChCaw4IMSBCH6nJhAlJUgSqIU/fZyOrjeikeid86
|
||||||
|
nKQCIvZ7syJFgm6vkTnEfZmZP1J6uw9wAIygK7UOIc8loa/F+Xr3eB/imBfqsNs9
|
||||||
|
ZM0mpamrAgMBAAECggEAORjSVQeVj2XAIHuwhtDapkTtLXwJCnbNK/fdJwtoQWmH
|
||||||
|
RnuNMaNzFEk3rh0WNHe1wr26JBKe0KYv5Ih3+8loBCEOkp+hszk2NFh6lbkd7Xuo
|
||||||
|
qn37pyYoFTsykjhdtIbDIfBb17zslDSvbjFJfO85mi+q7bj5vfqWMLpVOFF02N/S
|
||||||
|
SmASAzAYTAOE+wheMuTWkm8r3PXh8WhJViWLp/9l6gyLT0mOazxaVayOWyJ/pg1w
|
||||||
|
qPZiNOavTbNyP7jzUysA4LX9CdBQx3k48IQm0c59Zu49Rl7H6ZT9Vp2CSkvbZRZS
|
||||||
|
qVLKYtE4o5SIyAPI5QBCRyNVkHQnZAzPIv/vwbky4QKBgQDmcxY9YVIVpjZQCcVg
|
||||||
|
R++ClrjKKzuR4dmUvmF3H6F4uT6S+7zPsaaIbgBUo2B/Z5QZ+vv6FeKcGZhGSVzU
|
||||||
|
gtiQeNvEPE25oHbJm3ui71Wvw2mEpTp52bYL6k68b45ydq/CCpohSLym/WjlVVSz
|
||||||
|
ce2IJZaviGn68jY175bRRDAb2wKBgQDTrykGt8gfACmSBZcULkaXCDqT0nfnWccx
|
||||||
|
OHuimbIDgSU0Q/KJA9P0pSbtL/2rUXEnZpUJ0oDDEi0MpBkSX3Tb3U959aY97hXK
|
||||||
|
arHI0iziUcW1ZZ2XGO5KtRviQ0D5CKZWR1Ttjm1oCJkmxAag070CF/UdcTGEizrK
|
||||||
|
OeI7o1l6cQKBgBo21z3ON0ctLBp4shIcvLsPKCAfQNx8Y4LPEUk6uOSBtgOETVsW
|
||||||
|
60mzsafvGcgEYU1/RnCRUsDNDIxaRgwKglYU2XL+JR1Lipeubyb+sLGYugUTwo4f
|
||||||
|
3NyIH8LBseOFasLY7+V/X65jPy5vQX5UJGALXpPDIcMhEFecVHyjlBFnAoGABtWs
|
||||||
|
+W6No5KZxQExM5Ga7d1yJruw62NWrxwnwcQ8nyhYTyuydQIOoeODMj1Ob22dvavu
|
||||||
|
O/bz+Vho4/OYa6NxXnfyzPlFeNJrGbIAM3+1u0jwnT6+q9Y+O2NFlzScsG27ESYU
|
||||||
|
c+cZWTaN21aQ8Dhl7d9gJqc09haYu1bLGynXBcECgYEAsxgIbbO3CtxPfqgtJrAo
|
||||||
|
eRPPLX7UOdXmarOBYFL+jsG5SWSyECqKDgkjyeQFVqHzK+W4k654TobZoMUhDIUL
|
||||||
|
GeNAoNAIjPciush/0yYI8w3EybHIkB6JSi4LyhWBQazGaAr3Ai0NHbKt3ZzcOM1D
|
||||||
|
azCipM9H6CJO+MjoG+S53Xo=
|
||||||
|
-----END PRIVATE KEY-----
|
19
examples/tls-public.pem
Normal file
19
examples/tls-public.pem
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDIzCCAgugAwIBAgIUVyUIITgu0+by4ASAy3b9vOM+B2wwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwHzEdMBsGA1UEAxMUa2F3aXBpa28udm9sdXRpb24ucm8wIBcNMTkwODE0MTUw
|
||||||
|
OTEzWhgPMjA1OTA4MTQxNTA5MTNaMB8xHTAbBgNVBAMTFGthd2lwaWtvLnZvbHV0
|
||||||
|
aW9uLnJvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvo6I70Xe87KO
|
||||||
|
aj764hlWEcAWWaEnBmzMgJtOiAgFfG6B3vMuSE84Ro7a0uqVwkHqhYOrE66jFBo8
|
||||||
|
moPBOBABovVpDtNGjWGE+xFqf609MEuWloDNu4d6wgBjdjcXfZZ6KYcsfsctcoRe
|
||||||
|
eYljgujx+lvRgORKS4nWnOOyY3O9wJRMxa3ITkRfVUwlQgampKKcIk3iXdRqdAOt
|
||||||
|
ws6TO3VTwVZ1poDDSyYcKTW6aQoQmsOCDEgQh+pyYQJSVIEqiFP32cjq43opHonf
|
||||||
|
OpykAiL2e7MiRYJur5E5xH2ZmT9SersPcACMoCu1DiHPJaGvxfl693gf4pgX6rDb
|
||||||
|
PWTNJqWpqwIDAQABo1UwUzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUF
|
||||||
|
BwMBMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFPDjABVCI490LdvHPeotzNq3
|
||||||
|
xa9KMA0GCSqGSIb3DQEBCwUAA4IBAQA0cYKpYneOgBRGL/5q86g17qGOrQOWjdDr
|
||||||
|
1k7i817pBjIfRj9bm1n2iaSrC4GCt4Ok+hl/DyjPNDDUXZxEmfmxlugi6dKLPQp9
|
||||||
|
p30hlTB7E3ArHKkWXYGo19URewAUYOMEIR1lB5/RS21rnpUKHawrwi9pZHTwYQ5Q
|
||||||
|
QcnpA9/FvCbPo8gb9kPAuDyj39tdzzgNK/Xvj8ym9RhUbTtBgbWujRCIWU0L6bfl
|
||||||
|
i7DLfJoPSK+s6S5YGr88VAz0y9zAGD/2wGq9R1hUSDw0OfMgEm9GoSz6FpXKKBtl
|
||||||
|
M01bP11akztK8sWChdels4OXOsPQ1SdF2XE4od82cm6lA8IgE1hY
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -457,6 +457,8 @@ func main_0 () (error) {
|
||||||
var _bind string
|
var _bind string
|
||||||
var _bindTls string
|
var _bindTls string
|
||||||
var _bindTls2 string
|
var _bindTls2 string
|
||||||
|
var _tlsPrivate string
|
||||||
|
var _tlsPublic string
|
||||||
var _archivePath string
|
var _archivePath string
|
||||||
var _archiveInmem bool
|
var _archiveInmem bool
|
||||||
var _archiveMmap bool
|
var _archiveMmap bool
|
||||||
|
@ -544,6 +546,9 @@ func main_0 () (error) {
|
||||||
_timeoutDisabled_0 := _flags.Bool ("timeout-disable", false, "")
|
_timeoutDisabled_0 := _flags.Bool ("timeout-disable", false, "")
|
||||||
_securityHeadersTls_0 := _flags.Bool ("security-headers-tls", false, "")
|
_securityHeadersTls_0 := _flags.Bool ("security-headers-tls", false, "")
|
||||||
_securityHeadersDisabled_0 := _flags.Bool ("security-headers-disable", false, "")
|
_securityHeadersDisabled_0 := _flags.Bool ("security-headers-disable", false, "")
|
||||||
|
_tlsPrivate_0 := _flags.String ("tls-private", "", "")
|
||||||
|
_tlsPublic_0 := _flags.String ("tls-public", "", "")
|
||||||
|
_tlsBundle_0 := _flags.String ("tls-bundle", "", "")
|
||||||
_processes_0 := _flags.Uint ("processes", 0, "")
|
_processes_0 := _flags.Uint ("processes", 0, "")
|
||||||
_threads_0 := _flags.Uint ("threads", 0, "")
|
_threads_0 := _flags.Uint ("threads", 0, "")
|
||||||
_slave_0 := _flags.Uint ("slave", 0, "")
|
_slave_0 := _flags.Uint ("slave", 0, "")
|
||||||
|
@ -589,6 +594,22 @@ func main_0 () (error) {
|
||||||
if (_bind == "") && (_bindTls == "") && (_bindTls2 == "") {
|
if (_bind == "") && (_bindTls == "") && (_bindTls2 == "") {
|
||||||
AbortError (nil, "[6edd9512] expected bind address argument!")
|
AbortError (nil, "[6edd9512] expected bind address argument!")
|
||||||
}
|
}
|
||||||
|
if (*_tlsBundle_0 != "") && ((*_tlsPrivate_0 != "") || (*_tlsPublic_0 != "")) {
|
||||||
|
AbortError (nil, "[717f5f84] TLS bundle and TLS private/public are mutually exclusive!")
|
||||||
|
}
|
||||||
|
if (*_tlsBundle_0 != "") {
|
||||||
|
_tlsPrivate = *_tlsBundle_0
|
||||||
|
_tlsPublic = *_tlsBundle_0
|
||||||
|
} else {
|
||||||
|
_tlsPrivate = *_tlsPrivate_0
|
||||||
|
_tlsPublic = *_tlsPublic_0
|
||||||
|
}
|
||||||
|
if ((_tlsPrivate != "") && (_tlsPublic == "")) || ((_tlsPublic != "") && (_tlsPrivate == "")) {
|
||||||
|
AbortError (nil, "[6e5b42e4] TLS private/public must be specified together!")
|
||||||
|
}
|
||||||
|
if ((_tlsPrivate != "") || (_tlsPublic != "")) && ((_bindTls == "") && (_bindTls2 == "")) {
|
||||||
|
AbortError (nil, "[4e31f251] TLS certificate specified, but TLS not enabled!")
|
||||||
|
}
|
||||||
|
|
||||||
if !_dummy {
|
if !_dummy {
|
||||||
if _archivePath == "" {
|
if _archivePath == "" {
|
||||||
|
@ -700,6 +721,12 @@ func main_0 () (error) {
|
||||||
if !_securityHeadersEnabled {
|
if !_securityHeadersEnabled {
|
||||||
_processArguments = append (_processArguments, "--security-headers-disable")
|
_processArguments = append (_processArguments, "--security-headers-disable")
|
||||||
}
|
}
|
||||||
|
if _tlsPrivate != "" {
|
||||||
|
_processArguments = append (_processArguments, "--tls-private")
|
||||||
|
}
|
||||||
|
if _tlsPublic != "" {
|
||||||
|
_processArguments = append (_processArguments, "--tls-public")
|
||||||
|
}
|
||||||
if _timeoutDisabled {
|
if _timeoutDisabled {
|
||||||
_processArguments = append (_processArguments, "--timeout-disable")
|
_processArguments = append (_processArguments, "--timeout-disable")
|
||||||
}
|
}
|
||||||
|
@ -1092,12 +1119,25 @@ func main_0 () (error) {
|
||||||
NextProtos : []string { "http/1.1", "http/1.0" },
|
NextProtos : []string { "http/1.1", "http/1.0" },
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (_bindTls != "") || (_bindTls2 != "") {
|
||||||
|
if _tlsPrivate != "" {
|
||||||
|
if _certificate, _error := tls.LoadX509KeyPair (_tlsPublic, _tlsPrivate); _error == nil {
|
||||||
|
_tlsConfig.Certificates = append (_tlsConfig.Certificates, _certificate)
|
||||||
|
} else {
|
||||||
|
AbortError (_error, "[ecdf443d] failed loading TLS certificate!")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if len (_tlsConfig.Certificates) == 0 {
|
||||||
|
if !_quiet {
|
||||||
|
log.Printf ("[ii] [344ba198] no TLS certificate specified; using self-signed!")
|
||||||
|
}
|
||||||
if _certificate, _error := tls.X509KeyPair ([]byte (DefaultTlsCertificatePublic), []byte (DefaultTlsCertificatePrivate)); _error == nil {
|
if _certificate, _error := tls.X509KeyPair ([]byte (DefaultTlsCertificatePublic), []byte (DefaultTlsCertificatePrivate)); _error == nil {
|
||||||
_tlsConfig.Certificates = append (_tlsConfig.Certificates, _certificate)
|
_tlsConfig.Certificates = append (_tlsConfig.Certificates, _certificate)
|
||||||
} else {
|
} else {
|
||||||
AbortError (_error, "[98ba6d23] failed parsing TLS certificate!")
|
AbortError (_error, "[98ba6d23] failed parsing TLS certificate!")
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
_httpServer := & fasthttp.Server {
|
_httpServer := & fasthttp.Server {
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue