Commit fd10c500 authored by Steve Streeting's avatar Steve Streeting Committed by Mo Firouz
Browse files

Support direct use of SSL on the HTTP auth/websocket so load balancer is not required

parent 85425b72

server/config.go

+4 −0
Original line number Diff line number Diff line
@@ -251,6 +251,8 @@ type SocketConfig struct { 
	WriteWaitMs         int    `yaml:"write_wait_ms" json:"write_wait_ms" usage:"Time in milliseconds to wait for an ack from the client when writing data."`

	PongWaitMs          int    `yaml:"pong_wait_ms" json:"pong_wait_ms" usage:"Time in milliseconds to wait for a pong message from the client after sending a ping."`

	PingPeriodMs        int    `yaml:"ping_period_ms" json:"ping_period_ms" usage:"Time in milliseconds to wait between client ping messages. This value must be less than the pong_wait_ms."`

	SSLCertificate      string `yaml:"ssl_certificate" json:"ssl_certificate" usage:"Path to certificate file if you want the server to use SSL directly. Must also supply ssl_private_key"`

	SSLPrivateKey       string `yaml:"ssl_private_key" json:"ssl_private_key" usage:"Path to private key file if you want the server to use SSL directly. Must also supply ssl_certificate"`

}



// NewTransportConfig creates a new TransportConfig struct
@@ -264,6 +266,8 @@ func NewSocketConfig() *SocketConfig { 
		WriteWaitMs:         5000,

		PongWaitMs:          10000,

		PingPeriodMs:        8000,

		SSLCertificate:      "",

		SSLPrivateKey:       "",

	}

}

server/session_auth.go

+21 −2
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ package server 


import (

	"bytes"

	"crypto/tls"

	"database/sql"

	"encoding/json"

	"fmt"
@@ -308,6 +309,17 @@ func (a *authenticationService) configure() { 
	handlerWithCORS := handlers.CORS(CORSHeaders, CORSOrigins)(a.mux)



	a.httpServer = &http.Server{Addr: fmt.Sprintf(":%d", a.config.GetSocket().Port), Handler: handlerWithCORS}



	sockConfig := a.config.GetSocket()

	if len(sockConfig.SSLCertificate) > 0 && len(sockConfig.SSLPrivateKey) > 0 {

		cer, err := tls.LoadX509KeyPair(sockConfig.SSLCertificate, sockConfig.SSLPrivateKey)

		if err != nil {

			a.logger.Error("Loading SSL certs failed", zap.Error(err))

		} else {

			a.logger.Info("SSL mode enabled")

			a.httpServer.TLSConfig = &tls.Config{Certificates: []tls.Certificate{cer}}

		}

	}

}



func (a *authenticationService) StartServer(logger *zap.Logger) {
@@ -319,9 +331,16 @@ func (a *authenticationService) StartServer(logger *zap.Logger) { 


	// Start HTTP and WebSocket client listener.

	go func() {

		if a.httpServer.TLSConfig != nil {

			if err := a.httpServer.ListenAndServeTLS("", ""); err != nil && err != http.ErrServerClosed {

				logger.Fatal("WebSocket client listener failed", zap.Error(err))

			}



		} else {

			if err := a.httpServer.ListenAndServe(); err != nil && err != http.ErrServerClosed {

				logger.Fatal("WebSocket client listener failed", zap.Error(err))

			}

		}

	}()



	logger.Info("Client", zap.Int("port", a.config.GetSocket().Port))