Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added TLS/SSL support #888

Merged
merged 5 commits into from
May 27, 2024
Merged

Added TLS/SSL support #888

merged 5 commits into from
May 27, 2024

Conversation

jonasgeiler
Copy link
Contributor

@jonasgeiler jonasgeiler commented May 26, 2024
edited
Loading

Closes #243

Description

This PR adds support for passing TLS/SSL certificates/keys to the API server, which makes it possible to use encrypted HTTPS connections for communicating with Gotenberg.
I basically added two new flags, --api-tls-cert-file and --api-tls-key-file, which can be set to the location of the TLS/SSL files. Then, when starting the API server, it will use the StartTLS method instead of the StartH2CServer method to start a server with HTTPS support and everything should be the same from there on out.

TODO

  • Implement
  • Add tests
  • Run a Gotenberg instance manually and check everything is working

Open for review!

jonasgeiler
jonasgeiler commented May 26, 2024
View reviewed changes
.gitignore Show resolved Hide resolved
gulien
gulien requested changes May 27, 2024
View reviewed changes
Copy link
Collaborator

@gulien gulien left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few comments otherwise 👍 thanks a lot!

.gitignore Show resolved Hide resolved
pkg/modules/api/api.go Outdated Show resolved Hide resolved
pkg/modules/api/api.go Outdated Show resolved Hide resolved
pkg/modules/api/api_test.go Outdated Show resolved Hide resolved
pkg/modules/api/api_test.go Outdated Show resolved Hide resolved
pkg/modules/api/api_test.go Outdated Show resolved Hide resolved
test/testdata/api/README.md Show resolved Hide resolved
@gulien gulien added the enhancement New feature or request label May 27, 2024
@codecov-commenter
Copy link

codecov-commenter commented May 27, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.91%. Comparing base (e50de42) to head (e5e8434).

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #888      +/-   ##
==========================================
+ Coverage   91.89%   91.91%   +0.02%     
==========================================
  Files          46       46              
  Lines        4009     4021      +12     
==========================================
+ Hits         3684     3696      +12     
  Misses        230      230              
  Partials       95       95

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

jonasgeiler and others added 3 commits May 27, 2024 11:11
@jonasgeiler @gulien
refactor(api): updated tls validation error message
d14168c 
Co-authored-by: Julien Neuhart <neuhart.julien@gmail.com>
@jonasgeiler @gulien
refactor(api): re-use error when starting the API server
f86a0e7 
Co-authored-by: Julien Neuhart <neuhart.julien@gmail.com>
@jonasgeiler
chore: removed TODO.txt from .gitignore file
e03a2a9
@jonasgeiler jonasgeiler force-pushed the feat/tls-support branch 2 times, most recently from 2be23fa to 7dc83e6 Compare May 27, 2024 09:35
@jonasgeiler jonasgeiler requested a review from gulien May 27, 2024 09:37
@jonasgeiler
Copy link
Contributor Author

@gulien should I try to get better test coverage by making a scenario where it throws an error in api.Start?

@jonasgeiler
Copy link
Contributor Author

jonasgeiler commented May 27, 2024
edited
Loading

@gulien should I try to get better test coverage by making a scenario where it throws an error in api.Start?

Okay I'm not sure how to do that 😅 Tried passing in invalid TLS files but the error is thrown with Fatal and not returned from api.Start, so I can't catch it in any way I think...
Any suggestions? Otherwise I'll just leave it away.

@jonasgeiler @gulien
refactor(api): improved tests and test messages
e5e8434 
Co-authored-by: Julien Neuhart <neuhart.julien@gmail.com>
@gulien
Copy link
Collaborator

gulien commented May 27, 2024

@jonasgeiler My bad; actually, I just want most of the lines you've added to be covered. But on scenarios like this one it's simply not feasible 😄

@gulien gulien merged commit 73d02e8 into gotenberg:main May 27, 2024
3 checks passed
@gulien
Copy link
Collaborator

gulien commented May 27, 2024
edited
Loading

Thanks a lot for your time @jonasgeiler!

The release gotenberg/gotenberg:edge should be available in ~1 hour. Even if marked as "edge", it's pretty stable so don't wait for the "official" 8.6.0 variant that will come later this week.

@jonasgeiler jonasgeiler deleted the feat/tls-support branch May 27, 2024 12:25
@jonasgeiler
Copy link
Contributor Author

@gulien Awesome! Thanks! 🎉

@jonasgeiler jonasgeiler mentioned this pull request May 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gulien gulien gulien approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

StartTLS
3 participants
@jonasgeiler @codecov-commenter @gulien