Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add helper to support TLS #37

Open
jeffprestes opened this issue Apr 11, 2017 · 2 comments
Open

Add helper to support TLS #37

jeffprestes opened this issue Apr 11, 2017 · 2 comments

Comments

@jeffprestes
Copy link
Member

Add support to obtain from ini file the path for PEM files and if they were set change the app.Run calls to start Macaron with TLS support

http.ListenAndServeTLS(":443",
	"/etc/letsencrypt/live/xxxxxfullchain.pem",
	"/etc/letsencrypt/live/xxxxx/privkey.pem",
	nil)
@jeffprestes
Copy link
Member Author

This is a workaround.
It was a change at macaron.go file. If the App is set to run over 443 port it looks for the fullchain PEM file and for the privatekey PEM file:

// Run the http server. Listening on os.GetEnv("PORT") or 4000 by default.
func (m *Macaron) Run(args ...interface{}) {
	host, port := GetDefaultListenInfo()
	var fullchain, privateKey string
	if len(args) == 1 {
		switch arg := args[0].(type) {
		case string:
			host = arg
		case int:
			port = arg
		}
	} else if len(args) >= 2 {
		if arg, ok := args[0].(string); ok {
			host = arg
		}
		if arg, ok := args[1].(int); ok {
			port = arg
		}
		if arg, ok := args[2].(string); ok {
			fullchain = arg
		}
		if arg, ok := args[3].(string); ok {
			privateKey = arg
		}
	}

	addr := host + ":" + com.ToStr(port)
	logger := m.GetVal(reflect.TypeOf(m.logger)).Interface().(*log.Logger)
	logger.Printf("listening on %s (%s)\n", addr, safeEnv())
	if len(fullchain) > 5 {
		logger.Fatalln(http.ListenAndServeTLS(addr, fullchain, privateKey, m))
		return
	}
	logger.Fatalln(http.ListenAndServe(addr, m))
}

@jeffprestes
Copy link
Member Author

Add certmagic to support this feature.
Below an example of new func main() to be implemented

// application entrypoint
func main() {
	app := macaron.New()
	conf.SetupMiddlewares(app)
	conf.SetupRoutes(app)
	/*
		Generated using http://www.kammerl.de/ascii/AsciiSignature.php - (Font: 'starwars')
		All signatures are made with FIGlet (c) 1991, 1993, 1994 Glenn Chappell and Ian Chai
		All fonts are taken from figlet.org and jave.de.
		Please check for Font Credits the figlet font database!
		Figlet Frontend - Written by Julius Kammerl - 2005
	*/
	log.Println(".___  ___.  _______ .______        ______  __    __  .______       __   __    __       _______.     ___       ___  ")
	log.Println("|   \\/   | |   ____||   _  \\      /      ||  |  |  | |   _  \\     |  | |  |  |  |     /       |    / _ \\     / _ ")
	log.Println("|  \\  /  | |  |__   |  |_)  |    |  ,----'|  |  |  | |  |_)  |    |  | |  |  |  |    |   (----`   | | | |   | (_) |")
	log.Println("|  |\\/|  | |   __|  |      /     |  |     |  |  |  | |      /     |  | |  |  |  |     \\   \\       | | | |    > _ < ")
	log.Println("|  |  |  | |  |____ |  |\\  \\----.|  `----.|  `--'  | |  |\\  \\----.|  | |  `--'  | .----)   |      | |_| |  _| (_) |")
	log.Println("|__|  |__| |_______|| _| `._____| \\______| \\______/  | _| `._____||__|  \\______/  |_______/        \\___/  (__)___/ ")
	
	var portNumber int
	forceLocal, err := config.Cfg.Section("").Key("force_local_http_port").Bool()
	if err != nil {
		log.Fatalf("Mercurius main - Error checking forceLocal - Error: %s\n", err.Error())
	}
	if forceLocal {
		portNumber, err = config.Cfg.Section("").Key("http_port").Int()
		if err != nil {
			log.Fatalf("Mercurius main - Error checking local port number to load app - Error: %s\n", err.Error())
		}
		app.Run(portNumber)
		return
	}
	autoTLSCheck, err := config.Cfg.Section("").Key("auto_tls").Bool()
	if err != nil {
		log.Fatalf("Mercurius main - Error checking autoTls - Error: %s\n", err.Error())
	}
	if autoTLSCheck {
		dnsServerName := config.Cfg.Section("").Key("dns_server_name").String()
		if len(dnsServerName) < 5 {
			log.Fatalf("Mercurius main - Error checking dnsServerName - Error: No DNS server name defined\n")
		}

		log.Println("Loading autotls.Run", dnsServerName, "...")
                  //This would be an alternative if you want to use letsencrypt app to generate and renew your certs
		//http.ListenAndServeTLS(":https", "/etc/letsencrypt/live/example.com/fullchain.pem", "/etc/letsencrypt/live/example.com/privkey.pem", app)
		certmagic.Default.Agreed = true
		certmagic.Default.Email = "[email protected]"
		certmagic.HTTPS([]string{dnsServerName}, app)
		log.Println("Loaded autotls.Run...")
		return
	}

	if portNumber, err = strconv.Atoi(os.Getenv("PORT")); err != nil {
		log.Fatalf("Mercurius main - Error checking env port number to load app - Error: %s\n", err.Error())
	}
	log.Println("Loading portNumber", portNumber, "...")
	app.Run(portNumber)
	log.Println("Loaded portNumber...")
}

app.ini have new fields:

oauth_key = 1234567890123456789012345678901212
db_type = mysql
db_user = root
db_pw = 
db_name = 
db_host = localhost
db_port = 3306
max_conn = 10
idle_conn = 10
cache_adapter = memory
cache_adapter_config = 
http_port = 8080
force_local_http_port = false
auto_tls = true
dns_server_name = example.com
mongo_uri = mongodb://localhost:27001/example
mongo_db = example

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants