Support https for both client and server

cmd/client/command/common.go

@@ -19,6 +19,7 @@ package command
 
 import (
  "bytes"
+ "crypto/tls"
  "fmt"
  "io"
  "net/http"
@@ -30,8 +31,10 @@ import (
 type (
  // GlobalFlags is the global flags for the whole client.
  GlobalFlags struct {
- Server string
- OutputFormat string
+ Server string
+ Secure bool
+ InsecureSkipVerify bool
+ OutputFormat string
  }
 
  // APIErr is the standard return of error.
@@ -115,7 +118,13 @@ const (
 )
 
 func makeURL(urlTemplate string, a ...interface{}) string {
- return "http:https://" + CommandlineGlobalFlags.Server + fmt.Sprintf(urlTemplate, a...)
+ var p string
+ if CommandlineGlobalFlags.Secure {
+ p = "https://"
+ } else {
+ p = "http:https://"
+ }
+ return p + CommandlineGlobalFlags.Server + fmt.Sprintf(urlTemplate, a...)
 }
 
 func successfulStatusCode(code int) bool {
@@ -137,7 +146,11 @@ func handleRequest(httpMethod string, url string, yamlBody []byte, cmd *cobra.Co
  ExitWithError(err)
  }
 
- resp, err := http.DefaultClient.Do(req)
+ tr := http.Transport{
+ TLSClientConfig: &tls.Config{InsecureSkipVerify: CommandlineGlobalFlags.InsecureSkipVerify},
+ }
+ client := &http.Client{Transport: &tr}
+ resp, err := client.Do(req)
  if err != nil {
  ExitWithErrorf("%s failed: %v", cmd.Short, err)
  }

cmd/client/main.go

@@ -118,6 +118,10 @@ func main() {
 
  rootCmd.PersistentFlags().StringVar(&command.CommandlineGlobalFlags.Server,
  "server", "localhost:2381", "The address of the Easegress endpoint")
+ rootCmd.PersistentFlags().BoolVar(&command.CommandlineGlobalFlags.Secure,
+ "secure", false, "Whether to use secure transport protocal(https)")
+ rootCmd.PersistentFlags().BoolVar(&command.CommandlineGlobalFlags.InsecureSkipVerify,
+ "insecure-skip-verify", false, "Whether to verify the server's certificate chain and host name")
  rootCmd.PersistentFlags().StringVarP(&command.CommandlineGlobalFlags.OutputFormat,
  "output", "o", "yaml", "Output format(json, yaml)")
 

pkg/api/server.go

@@ -84,7 +84,16 @@ func MustNewServer(opt *option.Options, cls cluster.Cluster, super *supervisor.S
 
  go func() {
  logger.Infof("api server running in %s", opt.APIAddr)
- s.server.ListenAndServe()
+ var err error
+ if s.opt.Secure {
+ logger.Infof("api server running in secure model(https)")
+ err = s.server.ListenAndServeTLS(s.opt.CertFile, s.opt.KeyFile)
+ } else {
+ err = s.server.ListenAndServe()
+ }
+ if err != nil {
+ logger.Errorf("start api server failed: %v", err)
+ }
  }()
 
  return s

pkg/option/option.go

@@ -69,6 +69,9 @@ type Options struct {
  Name string `yaml:"name" env:"EG_NAME"`
  Labels map[string]string `yaml:"labels" env:"EG_LABELS"`
  APIAddr string `yaml:"api-addr"`
+ Secure bool `yaml:"secure"`
+ CertFile string `yaml:"cert-file"`
+ KeyFile string `yaml:"key-file"`
  Debug bool `yaml:"debug"`
  DisableAccessLog bool `yaml:"disable-access-log"`
  InitialObjectConfigFiles []string `yaml:"initial-object-config-files"`
@@ -138,6 +141,9 @@ func New() *Options {
  opt.flags.BoolVar(&opt.UseStandaloneEtcd, "use-standalone-etcd", false, "Use standalone etcd instead of embedded .")
  addClusterVars(opt)
  opt.flags.StringVar(&opt.APIAddr, "api-addr", "localhost:2381", "Address([host]:port) to listen on for administration traffic.")
+ opt.flags.BoolVar(&opt.Secure, "secure", false, "Flag to use secure transport protocol(https).")
+ opt.flags.StringVar(&opt.CertFile, "cert-file", "", "Flag to set the certificate file for https.")
+ opt.flags.StringVar(&opt.KeyFile, "key-file", "", "Flag to set the private key file for https.")
  opt.flags.BoolVar(&opt.Debug, "debug", false, "Flag to set lowest log level from INFO downgrade DEBUG.")
  opt.flags.StringSliceVar(&opt.InitialObjectConfigFiles, "initial-object-config-files", nil, "List of configuration files for initial objects, these objects will be created at startup if not already exist.")
  opt.flags.StringVar(&opt.ObjectsDumpInterval, "objects-dump-interval", "", "The time interval to dump running objects config, for example: 30m")