Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

启用多个证书 #81

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

启用多个证书 #81

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
04c0f8a
Merge pull request #4 from LyricTian/master
chenyu1990 Dec 5, 2019
ea62f96
Merge pull request #5 from LyricTian/master
chenyu1990 Jun 13, 2020
3dedf8f
multiple domain TLS
chenyu1990 Jun 13, 2020
8192df7
multiple domain TLS
chenyu1990 Jun 14, 2020
e70bc09
multiple domain TLS
chenyu1990 Jun 14, 2020
794f0cf
update
chenyu1990 Jul 6, 2020
5a3f07b
update
chenyu1990 Jul 6, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 21 additions & 4 deletions configs/config.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,31 @@ PrintConfig = true
Host = "0.0.0.0"
# http监听端口
Port = 10088
# 证书路径
CertFile = ""
# 证书密钥
KeyFile = ""
# http优雅关闭等待超时时长(单位秒)
ShutdownTimeout = 30
# 允许的最大内容长度(64M)
MaxContentLength = 67108864
# TLS 最低版本 1.0 - 1.3
# IE 浏览器 和 Windows部分程序,默认只支持的1.1协议,请留意
VersionTLS = 1.1

# 证书 a.com
[[HTTP.Certificates]]
# 启用证书
Enable = false
# 证书路径
CertFile = "/srv/cert/letsencript/a.com/fullchain.pem"
# 证书密钥
KeyFile = "/srv/cert/letsencript/a.com/privkey.pem"

# 证书 b.com
[[HTTP.Certificates]]
# 启用证书
Enable = false
# 证书路径
CertFile = "/srv/cert/letsencript/b.com/fullchain.pem"
# 证书密钥
KeyFile = "/srv/cert/letsencript/b.com/privkey.pem"

[Menu]
# 使用启用初始化菜单数据
Expand Down
49 changes: 45 additions & 4 deletions internal/app/app.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,10 +167,51 @@ func InitHTTPServer(ctx context.Context, handler http.Handler) func() {

go func() {
logger.Printf(ctx, "HTTP server is running at %s.", addr)
var err error
if cfg.CertFile != "" && cfg.KeyFile != "" {
srv.TLSConfig = &tls.Config{MinVersion: tls.VersionTLS12}
err = srv.ListenAndServeTLS(cfg.CertFile, cfg.KeyFile)
var (
err error
tlsConfig tls.Config
certificates []tls.Certificate
)

for _, cert := range cfg.Certificates {
enable, ok := cert["Enable"].(bool)
if !ok || !enable {
continue
}

certFile, ok := cert["CertFile"].(string)
if !ok || certFile == "" {
panic("CertFile错误")
}
keyFile, ok := cert["KeyFile"].(string)
if !ok || keyFile == "" {
panic("KeyFile错误")
}
certificate, err := tls.LoadX509KeyPair(
certFile,
keyFile,
)
if err != nil {
panic(err)
}

certificates = append(certificates, certificate)
}

if len(certificates) > 0 {
tlsConfig.Certificates = certificates
if v := config.C.HTTP.VersionTLS; v >= 1.0 && v <= 1.3 {
tlsConfig.MinVersion = uint16(tls.VersionTLS10 + int(v*10-10))
} else {
tlsConfig.MinVersion = tls.VersionTLS12
}
tlsConfig.BuildNameToCertificate()
srv.TLSConfig = &tlsConfig
listener, err := tls.Listen("tcp", addr, &tlsConfig)
if err != nil {
panic(err)
}
err = srv.Serve(listener)
} else {
err = srv.ListenAndServe()
}
Expand Down
4 changes: 2 additions & 2 deletions internal/app/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -173,10 +173,10 @@ type JWTAuth struct {
type HTTP struct {
Host string
Port int
CertFile string
KeyFile string
Certificates []map[string]interface{}
ShutdownTimeout int
MaxContentLength int64
VersionTLS float64
}

// Monitor 监控配置参数
Expand Down