diff --git a/.gitignore b/.gitignore index 71983f6..89d0c7b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ /letsencrypt +/certs .DS_Store \ No newline at end of file diff --git a/pkg/cmd/server/main.go b/pkg/cmd/server/main.go index 812aa01..0a8c380 100644 --- a/pkg/cmd/server/main.go +++ b/pkg/cmd/server/main.go @@ -58,17 +58,13 @@ func main() { hypertext.InitServer(), viper.GetStringSlice("hypertext.ports"), viper.GetStringSlice("hypertext.secured_ports"), - viper.GetString("hypertext.certificate.pem"), - viper.GetString("hypertext.certificate.key"), ) // Init sideload server hypertext.RunServer( sideload.InitSideload(), viper.GetStringSlice("hypertext.sideload_ports"), - viper.GetStringSlice("hypertext.sideload_secured_ports"), - viper.GetString("hypertext.certificate.sideload_pem"), - viper.GetString("hypertext.certificate.sideload_key"), + []string{}, ) log.Info().Msgf("RoadSign v%s is started...", roadsign.AppVersion) diff --git a/pkg/hypertext/server.go b/pkg/hypertext/server.go index 1b8a3c3..5c89463 100644 --- a/pkg/hypertext/server.go +++ b/pkg/hypertext/server.go @@ -1,7 +1,9 @@ package hypertext import ( + "crypto/tls" jsoniter "github.com/json-iterator/go" + "net" "strings" "time" @@ -43,7 +45,33 @@ func InitServer() *fiber.App { return app } -func RunServer(app *fiber.App, ports []string, securedPorts []string, pem string, key string) { +type CertificateConfig struct { + Key string `json:"key"` + Pem string `json:"pem"` +} + +func RunServer(app *fiber.App, ports []string, securedPorts []string) { + var certs []CertificateConfig + raw, _ := jsoniter.Marshal(viper.Get("hypertext.certificate")) + jsoniter.Unmarshal(raw, &certs) + + tlsCfg := &tls.Config{ + MinVersion: tls.VersionTLS12, + Certificates: []tls.Certificate{}, + } + + for _, info := range certs { + cert, err := tls.LoadX509KeyPair(info.Pem, info.Key) + if err != nil { + log.Error().Err(err). + Str("pem", info.Pem). + Str("key", info.Key). + Msg("An error occurred when loading certificate.") + } else { + tlsCfg.Certificates = append(tlsCfg.Certificates, cert) + } + } + for _, port := range ports { port := port go func() { @@ -58,11 +86,11 @@ func RunServer(app *fiber.App, ports []string, securedPorts []string, pem string return c.Redirect(strings.ReplaceAll(string(c.Request().URI().FullURI()), "http", "https")) }) if err := redirector.Listen(port); err != nil { - log.Panic().Err(err).Msg("An error occurred when listening hypertext common ports.") + log.Panic().Err(err).Msg("An error occurred when listening hypertext non-tls ports.") } } else { if err := app.Listen(port); err != nil { - log.Panic().Err(err).Msg("An error occurred when listening hypertext common ports.") + log.Panic().Err(err).Msg("An error occurred when listening hypertext non-tls ports.") } } }() @@ -71,7 +99,11 @@ func RunServer(app *fiber.App, ports []string, securedPorts []string, pem string for _, port := range securedPorts { port := port go func() { - if err := app.ListenTLS(port, pem, key); err != nil { + listener, err := net.Listen("tcp", port) + if err != nil { + log.Panic().Err(err).Msg("An error occurred when listening hypertext tls ports.") + } + if err := app.Listener(tls.NewListener(listener, tlsCfg)); err != nil { log.Panic().Err(err).Msg("An error occurred when listening hypertext tls ports.") } }() diff --git a/pkg/navi/responder.go b/pkg/navi/responder.go index a4870f0..22f9d70 100644 --- a/pkg/navi/responder.go +++ b/pkg/navi/responder.go @@ -24,7 +24,6 @@ func makeUnifiedResponse(c *fiber.Ctx, dest *Destination) error { return makeWebsocketResponse(c, dest) } else { // TODO Impl SSE with https://github.com/gofiber/recipes/blob/master/sse/main.go - // Handle normal http request return makeHypertextResponse(c, dest) } diff --git a/settings.toml b/settings.toml index f1f5fda..658b0df 100644 --- a/settings.toml +++ b/settings.toml @@ -5,14 +5,12 @@ print_routes = false sideload_ports = [":81"] sideload_secured_ports = [] ports = [":8000"] -secured_ports = [] +secured_ports = [":8443"] +force_https = false -[hypertext.certificate] -redirect = false -sideload_key = "./cert.key" -sideload_pem = "./cert.pem" -key = "./cert.key" -pem = "./cert.pem" +[[hypertext.certificate]] +key = "./certs/privkey.pem" +pem = "./certs/fullchain.pem" [hypertext.limitation] max_body_size = 549_755_813_888 # 512 GiB