feat(backend): native SSL support

2017-04-25 11:51:22 +02:00 · 2017-04-25 11:51:22 +02:00 · 6fa6dde637
parent e70817f776
commit 6fa6dde637
6 changed files with 21 additions and 0 deletions
--- a/api/cli/cli.go
+++ b/api/cli/cli.go
@ -43,6 +43,9 @@ func (*Service) ParseFlags(version string) (*portainer.CLIFlags, error) {
 		TLSCacert:         kingpin.Flag("tlscacert", "Path to the CA").Default(defaultTLSCACertPath).String(),
 		TLSCert:           kingpin.Flag("tlscert", "Path to the TLS certificate file").Default(defaultTLSCertPath).String(),
 		TLSKey:            kingpin.Flag("tlskey", "Path to the TLS key").Default(defaultTLSKeyPath).String(),
+		SSL:               kingpin.Flag("ssl", "Secure Portainer instance using SSL").Default(defaultSSL).Bool(),
+		SSLCert:           kingpin.Flag("sslcert", "Path to the SSL certificate used to secure the Portainer instance").Default(defaultSSLCertPath).String(),
+		SSLKey:            kingpin.Flag("sslkey", "Path to the SSL key used to secure the Portainer instance").Default(defaultSSLKeyPath).String(),
 		AdminPassword:     kingpin.Flag("admin-password", "Hashed admin password").String(),
 	}

--- a/api/cli/defaults.go
+++ b/api/cli/defaults.go
@ -13,5 +13,8 @@ const (
 	defaultTLSCACertPath   = "/certs/ca.pem"
 	defaultTLSCertPath     = "/certs/cert.pem"
 	defaultTLSKeyPath      = "/certs/key.pem"
+	defaultSSL             = "false"
+	defaultSSLCertPath     = "/certs/portainer.crt"
+	defaultSSLKeyPath      = "/certs/portainer.key"
 	defaultSyncInterval    = "60s"
 )
--- a/api/cli/defaults_windows.go
+++ b/api/cli/defaults_windows.go
@ -11,5 +11,8 @@ const (
 	defaultTLSCACertPath   = "C:\\certs\\ca.pem"
 	defaultTLSCertPath     = "C:\\certs\\cert.pem"
 	defaultTLSKeyPath      = "C:\\certs\\key.pem"
+	defaultSSL             = "false"
+	defaultSSLCertPath     = "C:\\certs\\portainer.crt"
+	defaultSSLKeyPath      = "C:\\certs\\portainer.key"
 	defaultSyncInterval    = "60s"
 )
--- a/api/cmd/portainer/main.go
+++ b/api/cmd/portainer/main.go
@ -166,6 +166,9 @@ func main() {
 		CryptoService:          cryptoService,
 		JWTService:             jwtService,
 		FileService:            fileService,
+		SSL:                    *flags.SSL,
+		SSLCert:                *flags.SSLCert,
+		SSLKey:                 *flags.SSLKey,
 	}

 	log.Printf("Starting Portainer on %s", *flags.Addr)
--- a/api/http/server.go
+++ b/api/http/server.go
@ -21,6 +21,9 @@ type Server struct {
 	Settings               *portainer.Settings
 	TemplatesURL           string
 	Handler                *Handler
+	SSL                    bool
+	SSLCert                string
+	SSLKey                 string
 }

 // Start starts the HTTP server
@ -70,5 +73,8 @@ func (server *Server) Start() error {
 		UploadHandler:    uploadHandler,
 	}

+	if server.SSL {
+		return http.ListenAndServeTLS(server.BindAddress, server.SSLCert, server.SSLKey, server.Handler)
+	}
 	return http.ListenAndServe(server.BindAddress, server.Handler)
 }
--- a/api/portainer.go
+++ b/api/portainer.go
@ -26,6 +26,9 @@ type (
 		TLSCacert         *string
 		TLSCert           *string
 		TLSKey            *string
+		SSL               *bool
+		SSLCert           *string
+		SSLKey            *string
 		AdminPassword     *string
 	}