Add HTTPS support for the web endpoint with manually configured

certificate/key files.
This commit is contained in:
Ward Vandewege 2021-04-23 16:54:35 -04:00
parent c5a3d0b01c
commit 252c68c50a
3 changed files with 23 additions and 2 deletions

17
app.go
View file

@ -3,6 +3,7 @@ package headscale
import (
"fmt"
"os"
"strings"
"sync"
"github.com/gin-gonic/gin"
@ -22,6 +23,9 @@ type Config struct {
DBname string
DBuser string
DBpass string
TLSCertPath string
TLSKeyPath string
}
// Headscale represents the base app of the service
@ -68,6 +72,17 @@ func (h *Headscale) Serve() error {
r.GET("/register", h.RegisterWebAPI)
r.POST("/machine/:id/map", h.PollNetMapHandler)
r.POST("/machine/:id", h.RegistrationHandler)
err := r.Run(h.cfg.Addr)
var err error
if h.cfg.TLSCertPath == "" {
if !strings.HasPrefix(h.cfg.ServerURL, "http://") {
fmt.Println("WARNING: listening without TLS but ServerURL does not start with http://")
}
err = r.Run(h.cfg.Addr)
} else {
if !strings.HasPrefix(h.cfg.ServerURL, "https://") {
fmt.Println("WARNING: listening with TLS but ServerURL does not start with https://")
}
err = r.RunTLS(h.cfg.Addr, h.cfg.TLSCertPath, h.cfg.TLSKeyPath)
}
return err
}

View file

@ -311,7 +311,11 @@ func getHeadscaleApp() (*headscale.Headscale, error) {
DBname: viper.GetString("db_name"),
DBuser: viper.GetString("db_user"),
DBpass: viper.GetString("db_pass"),
TLSCertPath: absPath(viper.GetString("tls_cert_path")),
TLSKeyPath: absPath(viper.GetString("tls_key_path")),
}
h, err := headscale.NewHeadscale(cfg)
if err != nil {
return nil, err

View file

@ -7,5 +7,7 @@
"db_port": 5432,
"db_name": "headscale",
"db_user": "foo",
"db_pass": "bar"
"db_pass": "bar",
"tls_cert_path": "",
"tls_key_path": ""
}