-
-
Notifications
You must be signed in to change notification settings - Fork 410
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(web): Support TLS encryption #322
Conversation
@TwiN Any chance of including this? I tried to make it as consistent as possible with the existing code |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you add some tests?
It isn't straight-forward with the certificates. What way would you prefer:
|
I personally prefer this one. Based on what I can see in the example you linked, the dependency is only used for building anyways: //go:build ignore |
Merge remote-tracking branch 'gatus/master'
Alright. Now the code is almost fully tested with certificates which are generated on the fly. I'm looking forward to see the CI do its job. On my machine two tests in "client" and "core" are failing. But they don't seem to have any connection with my changes. |
Codecov ReportBase: 82.80% // Head: 82.72% // Decreases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## master #322 +/- ##
==========================================
- Coverage 82.80% 82.72% -0.09%
==========================================
Files 54 54
Lines 3902 3924 +22
==========================================
+ Hits 3231 3246 +15
- Misses 521 527 +6
- Partials 150 151 +1
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
config/web/web.go
Outdated
@@ -21,6 +22,21 @@ type Config struct { | |||
|
|||
// Port to listen on (default to 8080 specified by DefaultPort) | |||
Port int `yaml:"port"` | |||
|
|||
// TLS configuration | |||
Tls TlsConfig `yaml:"tls"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be TLS
config/web/web.go
Outdated
tlsConfigError error | ||
} | ||
|
||
type TlsConfig struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be TLSConfig
.
config/web/web.go
Outdated
CertFile string `yaml:"certificate-file,omitempty"` | ||
|
||
// Optional private key file for TLS in PEM format. | ||
KeyFile string `yaml:"private-key-file,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you rename these to CertificateFile
and PrivateKeyFile
respectively?
Tls TlsConfig `yaml:"tls"` | ||
|
||
tlsConfig *tls.Config | ||
tlsConfigError error |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are we persisting the error in the struct?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See below
@TwiN I added tests and updated from master again. |
@chr1st1ank @TwiN Any updates on this? I would rather have TLS directly with gatus than adding NGINX |
@chr1st1ank I noticed there's no support for ClientCert auth, which is very useful for enterprise environments. It basically requires adding a field for a CA, and adding a boolean option to verify that the incoming certs are signed by the same CA as the server. This could probably be added later. |
I can resolve the conflicts to master and make it mergeable again, but only if there is an interest for this PR. @gaby the client certificates I'd really rather take separately |
@chr1st1ank If you can resolve the conflicts, I'll merge it. |
Alright, no problem. I've merged master into my branch again and tested it locally. Looks ready to go unless you find any remaining flaws. |
@chr1st1ank Thank you so much for your contribution (and patience 😂), I appreciate it! |
Summary
Implementing #253 (HTTPS/TLS support).
This is to run the server on HTTPS instead of plain HTTP.
Two considerations are worth mentioning:
How to test it:
Create a certificate pair:
Configure gatus to use the keypair in the config.yaml:
Run gatus.
Checklist
README.md
, if applicable.