From 6fa6dde63703cbef19efac233a187b4deb83288b Mon Sep 17 00:00:00 2001 From: 030 <030@users.noreply.github.com> Date: Tue, 25 Apr 2017 11:51:22 +0200 Subject: [PATCH] feat(backend): native SSL support --- api/cli/cli.go | 3 +++ api/cli/defaults.go | 3 +++ api/cli/defaults_windows.go | 3 +++ api/cmd/portainer/main.go | 3 +++ api/http/server.go | 6 ++++++ api/portainer.go | 3 +++ 6 files changed, 21 insertions(+) diff --git a/api/cli/cli.go b/api/cli/cli.go index afb1814b4..72a4560f8 100644 --- a/api/cli/cli.go +++ b/api/cli/cli.go @@ -43,6 +43,9 @@ func (*Service) ParseFlags(version string) (*portainer.CLIFlags, error) { TLSCacert: kingpin.Flag("tlscacert", "Path to the CA").Default(defaultTLSCACertPath).String(), TLSCert: kingpin.Flag("tlscert", "Path to the TLS certificate file").Default(defaultTLSCertPath).String(), TLSKey: kingpin.Flag("tlskey", "Path to the TLS key").Default(defaultTLSKeyPath).String(), + SSL: kingpin.Flag("ssl", "Secure Portainer instance using SSL").Default(defaultSSL).Bool(), + SSLCert: kingpin.Flag("sslcert", "Path to the SSL certificate used to secure the Portainer instance").Default(defaultSSLCertPath).String(), + SSLKey: kingpin.Flag("sslkey", "Path to the SSL key used to secure the Portainer instance").Default(defaultSSLKeyPath).String(), AdminPassword: kingpin.Flag("admin-password", "Hashed admin password").String(), } diff --git a/api/cli/defaults.go b/api/cli/defaults.go index 160b74808..5de413911 100644 --- a/api/cli/defaults.go +++ b/api/cli/defaults.go @@ -13,5 +13,8 @@ const ( defaultTLSCACertPath = "/certs/ca.pem" defaultTLSCertPath = "/certs/cert.pem" defaultTLSKeyPath = "/certs/key.pem" + defaultSSL = "false" + defaultSSLCertPath = "/certs/portainer.crt" + defaultSSLKeyPath = "/certs/portainer.key" defaultSyncInterval = "60s" ) diff --git a/api/cli/defaults_windows.go b/api/cli/defaults_windows.go index cbd0555a8..da5f0ce45 100644 --- a/api/cli/defaults_windows.go +++ b/api/cli/defaults_windows.go @@ -11,5 +11,8 @@ const ( defaultTLSCACertPath = "C:\\certs\\ca.pem" defaultTLSCertPath = "C:\\certs\\cert.pem" defaultTLSKeyPath = "C:\\certs\\key.pem" + defaultSSL = "false" + defaultSSLCertPath = "C:\\certs\\portainer.crt" + defaultSSLKeyPath = "C:\\certs\\portainer.key" defaultSyncInterval = "60s" ) diff --git a/api/cmd/portainer/main.go b/api/cmd/portainer/main.go index 775f76718..0743fc140 100644 --- a/api/cmd/portainer/main.go +++ b/api/cmd/portainer/main.go @@ -166,6 +166,9 @@ func main() { CryptoService: cryptoService, JWTService: jwtService, FileService: fileService, + SSL: *flags.SSL, + SSLCert: *flags.SSLCert, + SSLKey: *flags.SSLKey, } log.Printf("Starting Portainer on %s", *flags.Addr) diff --git a/api/http/server.go b/api/http/server.go index 916e2370f..18e37a99a 100644 --- a/api/http/server.go +++ b/api/http/server.go @@ -21,6 +21,9 @@ type Server struct { Settings *portainer.Settings TemplatesURL string Handler *Handler + SSL bool + SSLCert string + SSLKey string } // Start starts the HTTP server @@ -70,5 +73,8 @@ func (server *Server) Start() error { UploadHandler: uploadHandler, } + if server.SSL { + return http.ListenAndServeTLS(server.BindAddress, server.SSLCert, server.SSLKey, server.Handler) + } return http.ListenAndServe(server.BindAddress, server.Handler) } diff --git a/api/portainer.go b/api/portainer.go index 9d7fb3096..6b742246f 100644 --- a/api/portainer.go +++ b/api/portainer.go @@ -26,6 +26,9 @@ type ( TLSCacert *string TLSCert *string TLSKey *string + SSL *bool + SSLCert *string + SSLKey *string AdminPassword *string }