✨ Support multiple certificate

.gitignore

@@ -1,3 +1,4 @@
 /letsencrypt
+/certs
 
 .DS_Store

pkg/cmd/server/main.go

@@ -58,17 +58,13 @@ func main() {
 		hypertext.InitServer(),
 		viper.GetStringSlice("hypertext.ports"),
 		viper.GetStringSlice("hypertext.secured_ports"),
-		viper.GetString("hypertext.certificate.pem"),
-		viper.GetString("hypertext.certificate.key"),
 	)
 
 	// Init sideload server
 	hypertext.RunServer(
 		sideload.InitSideload(),
 		viper.GetStringSlice("hypertext.sideload_ports"),
-		viper.GetStringSlice("hypertext.sideload_secured_ports"),
+		[]string{},
-		viper.GetString("hypertext.certificate.sideload_pem"),
-		viper.GetString("hypertext.certificate.sideload_key"),
 	)
 
 	log.Info().Msgf("RoadSign v%s is started...", roadsign.AppVersion)

pkg/hypertext/server.go

@@ -1,7 +1,9 @@
 package hypertext
 
 import (
+	"crypto/tls"
 	jsoniter "github.com/json-iterator/go"
+	"net"
 	"strings"
 	"time"
 
@@ -43,7 +45,33 @@ func InitServer() *fiber.App {
 	return app
 }
 
-func RunServer(app *fiber.App, ports []string, securedPorts []string, pem string, key string) {
+type CertificateConfig struct {
+	Key string `json:"key"`
+	Pem string `json:"pem"`
+}
+
+func RunServer(app *fiber.App, ports []string, securedPorts []string) {
+	var certs []CertificateConfig
+	raw, _ := jsoniter.Marshal(viper.Get("hypertext.certificate"))
+	jsoniter.Unmarshal(raw, &certs)
+
+	tlsCfg := &tls.Config{
+		MinVersion:   tls.VersionTLS12,
+		Certificates: []tls.Certificate{},
+	}
+
+	for _, info := range certs {
+		cert, err := tls.LoadX509KeyPair(info.Pem, info.Key)
+		if err != nil {
+			log.Error().Err(err).
+				Str("pem", info.Pem).
+				Str("key", info.Key).
+				Msg("An error occurred when loading certificate.")
+		} else {
+			tlsCfg.Certificates = append(tlsCfg.Certificates, cert)
+		}
+	}
+
 	for _, port := range ports {
 		port := port
 		go func() {
@@ -58,11 +86,11 @@ func RunServer(app *fiber.App, ports []string, securedPorts []string, pem string
 					return c.Redirect(strings.ReplaceAll(string(c.Request().URI().FullURI()), "http", "https"))
 				})
 				if err := redirector.Listen(port); err != nil {
-					log.Panic().Err(err).Msg("An error occurred when listening hypertext common ports.")
+					log.Panic().Err(err).Msg("An error occurred when listening hypertext non-tls ports.")
 				}
 			} else {
 				if err := app.Listen(port); err != nil {
-					log.Panic().Err(err).Msg("An error occurred when listening hypertext common ports.")
+					log.Panic().Err(err).Msg("An error occurred when listening hypertext non-tls ports.")
 				}
 			}
 		}()
@@ -71,7 +99,11 @@ func RunServer(app *fiber.App, ports []string, securedPorts []string, pem string
 	for _, port := range securedPorts {
 		port := port
 		go func() {
-			if err := app.ListenTLS(port, pem, key); err != nil {
+			listener, err := net.Listen("tcp", port)
+			if err != nil {
+				log.Panic().Err(err).Msg("An error occurred when listening hypertext tls ports.")
+			}
+			if err := app.Listener(tls.NewListener(listener, tlsCfg)); err != nil {
 				log.Panic().Err(err).Msg("An error occurred when listening hypertext tls ports.")
 			}
 		}()

pkg/navi/responder.go

@@ -24,7 +24,6 @@ func makeUnifiedResponse(c *fiber.Ctx, dest *Destination) error {
 		return makeWebsocketResponse(c, dest)
 	} else {
 		// TODO Impl SSE with https://github.com/gofiber/recipes/blob/master/sse/main.go
-
 		// Handle normal http request
 		return makeHypertextResponse(c, dest)
 	}

settings.toml

@@ -5,14 +5,12 @@ print_routes = false
 sideload_ports = [":81"]
 sideload_secured_ports = []
 ports = [":8000"]
-secured_ports = []
+secured_ports = [":8443"]
+force_https = false
 
-[hypertext.certificate]
+[[hypertext.certificate]]
-redirect = false
+key = "./certs/privkey.pem"
-sideload_key = "./cert.key"
+pem = "./certs/fullchain.pem"
-sideload_pem = "./cert.pem"
-key = "./cert.key"
-pem = "./cert.pem"
 
 [hypertext.limitation]
 max_body_size = 549_755_813_888 # 512 GiB