From a197f75d15cfa49f3913822894c43209a8a8c16c Mon Sep 17 00:00:00 2001 From: Mikhail Swift Date: Mon, 11 Nov 2024 11:17:11 -0700 Subject: [PATCH] feat: add ability to listen with TLS Signed-off-by: Mikhail Swift --- cmd/archivista/main.go | 11 +++++++++-- pkg/config/config.go | 4 ++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/cmd/archivista/main.go b/cmd/archivista/main.go index fc84a10c..c41da8b0 100644 --- a/cmd/archivista/main.go +++ b/cmd/archivista/main.go @@ -86,9 +86,16 @@ func main() { ReadTimeout: time.Duration(archivistaService.Cfg.ReadTimeout) * time.Second, WriteTimeout: time.Duration(archivistaService.Cfg.WriteTimeout) * time.Second, } + go func() { - if err := srv.Serve(listener); err != nil { - logrus.Fatalf("unable to start http server: %+v", err) + if archivistaService.Cfg.EnableTLS { + if err := srv.ListenAndServeTLS(archivistaService.Cfg.TLSCert, archivistaService.Cfg.TLSKey); err != nil { + logrus.Fatalf("unable to start http serveR: %+v", err) + } + } else { + if err := srv.Serve(listener); err != nil { + logrus.Fatalf("unable to start http server: %+v", err) + } } }() diff --git a/pkg/config/config.go b/pkg/config/config.go index cfc702a4..d4531aff 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -31,6 +31,10 @@ type Config struct { LogLevel string `default:"INFO" desc:"Log level" split_words:"true"` CORSAllowOrigins []string `default:"" desc:"Comma separated list of origins to allow CORS requests from" split_words:"true"` + EnableTLS bool `default:"FALSE" desc:"Enables TLS on the Archivista server" split_words:"true"` + TLSCert string `default:"" desc:"Path to the file containing the TLS Certificate" split_words:"true"` + TLSKey string `default:"" desc:"Path to the file containing the TLS Key" split_words:"true"` + EnableSPIFFE bool `default:"TRUE" desc:"*** Enable SPIFFE support" split_words:"true"` SPIFFEAddress string `default:"unix:///tmp/spire-agent/public/api.sock" desc:"SPIFFE server address" split_words:"true"` SPIFFETrustedServerId string `default:"" desc:"Trusted SPIFFE server ID; defaults to any" split_words:"true"`