diff --git a/apps/riak_core/src/riak_core_sup.erl b/apps/riak_core/src/riak_core_sup.erl index 80da5235b..1fdfa4813 100644 --- a/apps/riak_core/src/riak_core_sup.erl +++ b/apps/riak_core/src/riak_core_sup.erl @@ -45,12 +45,15 @@ start_link() -> %% Supervisor callbacks %% =================================================================== -init([]) -> +init([]) -> RiakWeb = {webmachine_mochiweb, - {webmachine_mochiweb, start, [riak_core_web:config()]}, + {webmachine_mochiweb, start, [riak_core_web:http_config()]}, permanent, 5000, worker, dynamic}, - IsWebConfigured = (app_helper:get_env(riak_core, web_ip) /= undefined) - andalso (app_helper:get_env(riak_core, web_port) /= undefined), + IsWebConfigured = riak_core_web:is_http_configured(), + RiakSslWeb = {webmachine_mochiweb_https, + {webmachine_mochiweb, start, [riak_core_web:https_config()]}, + permanent, 5000, worker, dynamic}, + IsSslWebConfigured = riak_core_web:is_https_configured(), Children = lists:flatten( [?CHILD(riak_core_vnode_sup, supervisor), @@ -61,9 +64,8 @@ init([]) -> ?CHILD(riak_core_node_watcher_events, worker), ?CHILD(riak_core_node_watcher, worker), ?CHILD(riak_core_gossip, worker), - ?IF(IsWebConfigured, RiakWeb, []) + ?IF(IsWebConfigured, RiakWeb, []), + ?IF(IsSslWebConfigured, RiakSslWeb, []) ]), {ok, {{one_for_one, 10, 10}, Children}}. - - diff --git a/apps/riak_core/src/riak_core_web.erl b/apps/riak_core/src/riak_core_web.erl index eeabe61c7..41736aaa1 100644 --- a/apps/riak_core/src/riak_core_web.erl +++ b/apps/riak_core/src/riak_core_web.erl @@ -33,7 +33,10 @@ %% -module(riak_core_web). --export([config/0]). +-export([config/0, http_config/0, https_config/0]). +-export([is_web_configured/0, is_http_configured/0, is_https_configured/0]). + +-define (IF (Bool, A, B), if Bool -> A; true -> B end). %% @spec config() -> [{Key :: atom(), Value :: term()}] %% @doc Returns the standard Webmachine configuration. @@ -42,8 +45,55 @@ %% resource serving out of %% http://{web_ip}:{web_port}/raw/ config() -> - [{ip, app_helper:get_env(riak_core, web_ip)}, - {port, app_helper:get_env(riak_core, web_port)}, - {log_dir, app_helper:get_env(riak_core, web_logdir, "log")}, - {backlog, 128}, - {dispatch, []}]. + IsHttpConfigured = is_http_configured(), + IsHttpsConfigured = is_https_configured(), + IsCommonConfigured = is_web_configured(), + + HttpConfig = http_config(), + HttpsConfig = https_config(), + CommonConfig = common_config(), + + lists:flatten([ + ?IF(IsHttpConfigured, [HttpConfig], []), + ?IF(IsHttpsConfigured, [HttpsConfig], []), + ?IF(IsCommonConfigured, [CommonConfig], [])]). + +is_web_configured() -> is_http_configured() or is_https_configured(). + +is_http_configured() -> + (app_helper:get_env(riak_core, web_ip) /= undefined) + andalso (app_helper:get_env(riak_core, web_port) /= undefined). + +is_https_configured() -> + (app_helper:get_env(riak_core, web_ssl_ip) /= undefined) + andalso (app_helper:get_env(riak_core, web_ssl_port) /= undefined) + andalso (app_helper:get_env(riak_core, enable_https, false) /= false). + +http_config() -> + IsHttpConfigured = is_http_configured(), + + HttpConfig = + [{http, [{ip, app_helper:get_env(riak_core, web_ip)}, + {port, app_helper:get_env(riak_core, web_port)}]}, + common_config()], + + ?IF(IsHttpConfigured, HttpConfig, []). + +https_config() -> + IsHttpsConfigured = is_https_configured(), + + SslOpts = app_helper:get_env(riak_core, ssl, + [{certfile, "etc/cert.pem"}, {keyfile, "etc/key.pem"}]), + HttpsConfig = + [{https, [{ip, app_helper:get_env(riak_core, web_ssl_ip)}, + {port, app_helper:get_env(riak_core, web_ssl_port)}, + {ssl, true}, + {ssl_opts, SslOpts}]}, + common_config()], + + ?IF(IsHttpsConfigured, HttpsConfig, []). + +common_config() -> + {common, [{log_dir, app_helper:get_env(riak_core, web_logdir, "log")}, + {backlog, 128}, + {dispatch, []}]}. diff --git a/rebar.config b/rebar.config index b6fffd78b..8b8666fd4 100644 --- a/rebar.config +++ b/rebar.config @@ -14,8 +14,8 @@ "erlang_js-0.4"}}, {mochiweb, "1.7.1", {hg, "http://bitbucket.org/basho/mochiweb", "mochiweb-1.7.1"}}, - {webmachine, "1.7.1", {hg, "http://bitbucket.org/basho/webmachine", - "webmachine-1.7.1"}}, + {webmachine, "1.7.1", {git, "git://github.com/b/webmachine.git", + "https"}}, {riakc, "0.2.0", {hg, "http://bitbucket.org/basho/riak-erlang-client", "65"}}, {bitcask, "1.0.3", {hg, "http://bitbucket.org/basho/bitcask", diff --git a/rel/files/app.config b/rel/files/app.config index 11581b5bb..6c5860d59 100644 --- a/rel/files/app.config +++ b/rel/files/app.config @@ -14,6 +14,32 @@ %% bind to. {web_port, {{web_port}} }, + %% enable_https is a boolean to enable/disable SSL on the HTTP + %% interface. + {enable_https, false}, + + %% riak_web_ip is the IP address that the Riak HTTP interface will + %% bind to. If this is undefined, the HTTP interface will not run. + {web_ssl_ip, "{{web_ssl_ip}}" }, + + %% riak_web_port is the TCP port that the Riak HTTP interface will + %% bind to. + {web_ssl_port, {{web_ssl_port}} }, + + {ssl, [ + %% certfile is the path to the server certificate file. + {certfile, "{{certfile}}"}, + %% keyfile is the path to the server key file. + {keyfile, "{{keyfile}}"}, + + %% reuse_sessions specifies if ssl sessions should be reused + %% when possible. + {reuse_sessions, true} + + %{cacertfile, "etc/ca.pem"}, + %% for additional options, see erlang ssl documentation. + ]}, + %% riak_handoff_port is the TCP port that Riak uses for %% intra-cluster data handoff. {handoff_port, {{handoff_port}} } diff --git a/rel/vars.config b/rel/vars.config index 26645b844..a4af2d582 100644 --- a/rel/vars.config +++ b/rel/vars.config @@ -14,6 +14,12 @@ {sasl_error_log, "log/sasl-error.log"}. {sasl_log_dir, "log/sasl"}. +{enable_https, true}. +{web_ssl_ip, "127.0.0.1"}. +{web_ssl_port, 8443}. +{certfile, "etc/cert.pem"}. +{keyfile, "etc/key.pem"}. + %% %% etc/vm.args %%