Enable SSL support for http and socket.io servers
Martin Boehm
parent
bcc8de4763
commit
12876290e4
|
|
@ -58,6 +58,8 @@ var (
|
|||
|
||||
socketIoBinding = flag.String("socketio", "", "socketio server binding [address]:port[/path], if missing no socketio server")
|
||||
|
||||
certFiles = flag.String("certfile", "", "to enable SSL specify path to certificate files without extension, expecting <certfile>.crt and <certfile>.key, default no SSL")
|
||||
|
||||
zeroMQBinding = flag.String("zeromq", "", "binding to zeromq, if missing no zeromq connection")
|
||||
)
|
||||
|
||||
|
|
@ -138,7 +140,7 @@ func main() {
|
|||
|
||||
var httpServer *server.HTTPServer
|
||||
if *httpServerBinding != "" {
|
||||
httpServer, err = server.NewHTTPServer(*httpServerBinding, index, mempool)
|
||||
httpServer, err = server.NewHTTPServer(*httpServerBinding, *certFiles, index, mempool)
|
||||
if err != nil {
|
||||
glog.Fatal("https: ", err)
|
||||
}
|
||||
|
|
@ -156,7 +158,7 @@ func main() {
|
|||
|
||||
var socketIoServer *server.SocketIoServer
|
||||
if *socketIoBinding != "" {
|
||||
socketIoServer, err = server.NewSocketIoServer(*socketIoBinding, index, mempool, chain)
|
||||
socketIoServer, err = server.NewSocketIoServer(*socketIoBinding, *certFiles, index, mempool, chain)
|
||||
if err != nil {
|
||||
glog.Fatal("socketio: ", err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,20 +18,22 @@ import (
|
|||
|
||||
// HTTPServer is handle to HttpServer
|
||||
type HTTPServer struct {
|
||||
https *http.Server
|
||||
db *db.RocksDB
|
||||
mempool *bchain.Mempool
|
||||
https *http.Server
|
||||
certFiles string
|
||||
db *db.RocksDB
|
||||
mempool *bchain.Mempool
|
||||
}
|
||||
|
||||
// NewHTTPServer creates new REST interface to blockbook and returns its handle
|
||||
func NewHTTPServer(httpServerBinding string, db *db.RocksDB, mempool *bchain.Mempool) (*HTTPServer, error) {
|
||||
func NewHTTPServer(httpServerBinding string, certFiles string, db *db.RocksDB, mempool *bchain.Mempool) (*HTTPServer, error) {
|
||||
https := &http.Server{
|
||||
Addr: httpServerBinding,
|
||||
}
|
||||
s := &HTTPServer{
|
||||
https: https,
|
||||
db: db,
|
||||
mempool: mempool,
|
||||
https: https,
|
||||
certFiles: certFiles,
|
||||
db: db,
|
||||
mempool: mempool,
|
||||
}
|
||||
|
||||
r := mux.NewRouter()
|
||||
|
|
@ -54,8 +56,12 @@ func NewHTTPServer(httpServerBinding string, db *db.RocksDB, mempool *bchain.Mem
|
|||
|
||||
// Run starts the server
|
||||
func (s *HTTPServer) Run() error {
|
||||
glog.Infof("http server starting to listen on %s", s.https.Addr)
|
||||
return s.https.ListenAndServe()
|
||||
if s.certFiles == "" {
|
||||
glog.Info("http server starting to listen on http://", s.https.Addr)
|
||||
return s.https.ListenAndServe()
|
||||
}
|
||||
glog.Info("http server starting to listen on https://", s.https.Addr)
|
||||
return s.https.ListenAndServeTLS(fmt.Sprint(s.certFiles, ".crt"), fmt.Sprint(s.certFiles, ".key"))
|
||||
}
|
||||
|
||||
// Close closes the server
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ import (
|
|||
"context"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
|
|
@ -16,16 +17,17 @@ import (
|
|||
|
||||
// SocketIoServer is handle to SocketIoServer
|
||||
type SocketIoServer struct {
|
||||
binding string
|
||||
server *gosocketio.Server
|
||||
https *http.Server
|
||||
db *db.RocksDB
|
||||
mempool *bchain.Mempool
|
||||
chain *bchain.BitcoinRPC
|
||||
binding string
|
||||
certFiles string
|
||||
server *gosocketio.Server
|
||||
https *http.Server
|
||||
db *db.RocksDB
|
||||
mempool *bchain.Mempool
|
||||
chain *bchain.BitcoinRPC
|
||||
}
|
||||
|
||||
// NewSocketIoServer creates new SocketIo interface to blockbook and returns its handle
|
||||
func NewSocketIoServer(binding string, db *db.RocksDB, mempool *bchain.Mempool, chain *bchain.BitcoinRPC) (*SocketIoServer, error) {
|
||||
func NewSocketIoServer(binding string, certFiles string, db *db.RocksDB, mempool *bchain.Mempool, chain *bchain.BitcoinRPC) (*SocketIoServer, error) {
|
||||
server := gosocketio.NewServer(transport.GetDefaultWebsocketTransport())
|
||||
|
||||
server.On(gosocketio.OnConnection, func(c *gosocketio.Channel) {
|
||||
|
|
@ -54,12 +56,13 @@ func NewSocketIoServer(binding string, db *db.RocksDB, mempool *bchain.Mempool,
|
|||
}
|
||||
|
||||
s := &SocketIoServer{
|
||||
binding: binding,
|
||||
https: https,
|
||||
server: server,
|
||||
db: db,
|
||||
mempool: mempool,
|
||||
chain: chain,
|
||||
binding: binding,
|
||||
certFiles: certFiles,
|
||||
https: https,
|
||||
server: server,
|
||||
db: db,
|
||||
mempool: mempool,
|
||||
chain: chain,
|
||||
}
|
||||
|
||||
server.On("message", s.onMessage)
|
||||
|
|
@ -78,8 +81,12 @@ func splitBinding(binding string) (addr string, path string) {
|
|||
|
||||
// Run starts the server
|
||||
func (s *SocketIoServer) Run() error {
|
||||
glog.Info("socketio server starting to listen on ", s.https.Addr)
|
||||
return s.https.ListenAndServe()
|
||||
if s.certFiles == "" {
|
||||
glog.Info("socketio server starting to listen on ws://", s.https.Addr)
|
||||
return s.https.ListenAndServe()
|
||||
}
|
||||
glog.Info("socketio server starting to listen on wss://", s.https.Addr)
|
||||
return s.https.ListenAndServeTLS(fmt.Sprint(s.certFiles, ".crt"), fmt.Sprint(s.certFiles, ".key"))
|
||||
}
|
||||
|
||||
// Close closes the server
|
||||
|
|
|
|||
|
|
@ -94,7 +94,7 @@
|
|||
<input class="btn btn-secondary" type="button" value="Login" onclick="connect(document.getElementById('serverAddress').value)">
|
||||
</div>
|
||||
<div class="col-8">
|
||||
<input type="text" class="form-control" id="serverAddress" value="ws://127.0.0.1:8334">
|
||||
<input type="text" class="form-control" id="serverAddress" value="wss://localhost:8334">
|
||||
</div>
|
||||
<div class="col form-inline">
|
||||
<label id="connectionStatus">not connected</label>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICrDCCAjOgAwIBAgIJAL/nDSohF7h4MAkGByqGSM49BAEwXDELMAkGA1UEBhMC
|
||||
Q1oxEzARBgNVBAgTClNvbWUtU3RhdGUxDjAMBgNVBAcTBVByYWhhMRQwEgYDVQQK
|
||||
EwtTYXRvc2hpTGFiczESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTE4MDIwNzE4NTM1
|
||||
MVoXDTI4MDIwNTE4NTM1MVowXDELMAkGA1UEBhMCQ1oxEzARBgNVBAgTClNvbWUt
|
||||
U3RhdGUxDjAMBgNVBAcTBVByYWhhMRQwEgYDVQQKEwtTYXRvc2hpTGFiczESMBAG
|
||||
A1UEAxMJbG9jYWxob3N0MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAELgxANtLbJkl1
|
||||
HGGD1xTMD74Qh+iCh8wiGzxHgeQoHJm/9tahNpfhL3HY+xenJHL+yBzkXfXiFXY0
|
||||
TGTDCtr8TXkWRipfal5YCx1YqbdE9w1LqfGKhKuHyqq6Lbb08ZTNo4HBMIG+MB0G
|
||||
A1UdDgQWBBT1BiPFYLxpjt9sSbnsiERVVJEuNjCBjgYDVR0jBIGGMIGDgBT1BiPF
|
||||
YLxpjt9sSbnsiERVVJEuNqFgpF4wXDELMAkGA1UEBhMCQ1oxEzARBgNVBAgTClNv
|
||||
bWUtU3RhdGUxDjAMBgNVBAcTBVByYWhhMRQwEgYDVQQKEwtTYXRvc2hpTGFiczES
|
||||
MBAGA1UEAxMJbG9jYWxob3N0ggkAv+cNKiEXuHgwDAYDVR0TBAUwAwEB/zAJBgcq
|
||||
hkjOPQQBA2gAMGUCMDib2wFH65i/z7rn9siM/NCyfvZ7h1A3VTfzHNwZgFxelIS5
|
||||
T6XOOGIK6Z28PRMgsgIxAPFW9ZpWk/OA9rGxX//WGKIGQsUUmMqsCYUcnN/OJ7+e
|
||||
v5T3DRlYynQo6ho1qUjJEg==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
-----BEGIN EC PARAMETERS-----
|
||||
BgUrgQQAIg==
|
||||
-----END EC PARAMETERS-----
|
||||
-----BEGIN EC PRIVATE KEY-----
|
||||
MIGkAgEBBDB8MjtZTlPsQbZZGEpTBoW9aOZd+OwFbss6/yOEyKs6gRGrEr98l3CI
|
||||
ELOByDQJP+6gBwYFK4EEACKhZANiAAQuDEA20tsmSXUcYYPXFMwPvhCH6IKHzCIb
|
||||
PEeB5Cgcmb/21qE2l+Evcdj7F6ckcv7IHORd9eIVdjRMZMMK2vxNeRZGKl9qXlgL
|
||||
HVipt0T3DUup8YqEq4fKqrottvTxlM0=
|
||||
-----END EC PRIVATE KEY-----
|
||||
Loading…
Reference in New Issue