Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support https for both client and server #875

Merged
merged 9 commits into from
Dec 21, 2022
Merged

Support https for both client and server #875

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
d2b57be
support https for both client and server
samanhappy Dec 14, 2022
469851c
simplify code
samanhappy Dec 14, 2022
584943a
Update pkg/api/server.go
samanhappy Dec 15, 2022
d707832
apply suggestions
samanhappy Dec 15, 2022
561a59a
standardize validation
samanhappy Dec 16, 2022
684383d
auto upgrade to HTTPS
samanhappy Dec 16, 2022
5f94caa
fix typo
samanhappy Dec 16, 2022
91426a8
refactor https upgrade
samanhappy Dec 19, 2022
7fe89df
optimize HTTPS checking
samanhappy Dec 19, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
21 changes: 17 additions & 4 deletions cmd/client/command/common.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package command

import (
"bytes"
"crypto/tls"
"fmt"
"io"
"net/http"
Expand All @@ -30,8 +31,10 @@ import (
type (
// GlobalFlags is the global flags for the whole client.
GlobalFlags struct {
Server string
OutputFormat string
Server string
SSL bool
InsecureSkipVerify bool
OutputFormat string
}

// APIErr is the standard return of error.
Expand Down Expand Up @@ -115,7 +118,13 @@ const (
)

func makeURL(urlTemplate string, a ...interface{}) string {
return "http:https://" + CommandlineGlobalFlags.Server + fmt.Sprintf(urlTemplate, a...)
var p string
if CommandlineGlobalFlags.SSL {
p = "https://"
} else {
p = "http:https://"
}
return p + CommandlineGlobalFlags.Server + fmt.Sprintf(urlTemplate, a...)
}

func successfulStatusCode(code int) bool {
Expand All @@ -137,7 +146,11 @@ func handleRequest(httpMethod string, url string, yamlBody []byte, cmd *cobra.Co
ExitWithError(err)
}

resp, err := http.DefaultClient.Do(req)
tr := http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: CommandlineGlobalFlags.InsecureSkipVerify},
}
client := &http.Client{Transport: &tr}
resp, err := client.Do(req)
if err != nil {
ExitWithErrorf("%s failed: %v", cmd.Short, err)
}
Expand Down
4 changes: 4 additions & 0 deletions cmd/client/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,10 @@ func main() {

rootCmd.PersistentFlags().StringVar(&command.CommandlineGlobalFlags.Server,
"server", "localhost:2381", "The address of the Easegress endpoint")
rootCmd.PersistentFlags().BoolVar(&command.CommandlineGlobalFlags.SSL,
"ssl", false, "Whether to use secure transport protocal(https)")
rootCmd.PersistentFlags().BoolVar(&command.CommandlineGlobalFlags.InsecureSkipVerify,
"insecure-skip-verify", false, "Whether to verify the server's certificate chain and host name")
rootCmd.PersistentFlags().StringVarP(&command.CommandlineGlobalFlags.OutputFormat,
"output", "o", "yaml", "Output format(json, yaml)")

Expand Down
17 changes: 15 additions & 2 deletions pkg/api/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,8 +83,21 @@ func MustNewServer(opt *option.Options, cls cluster.Cluster, super *supervisor.S
s.registerAPIs()

go func() {
logger.Infof("api server running in %s", opt.APIAddr)
s.server.ListenAndServe()
var err error
if s.opt.SSL {
if s.opt.CertFile == "" || s.opt.KeyFile == "" {
logger.Errorf("cert file and key file must be provided for SSL")
return
}
samanhappy marked this conversation as resolved.
Show resolved Hide resolved
logger.Infof("api server (https) running in %s", opt.APIAddr)
err = s.server.ListenAndServeTLS(s.opt.CertFile, s.opt.KeyFile)
} else {
logger.Infof("api server running in %s", opt.APIAddr)
err = s.server.ListenAndServe()
}
if err != nil {
logger.Errorf("start api server failed: %v", err)
}
}()

return s
Expand Down
6 changes: 6 additions & 0 deletions pkg/option/option.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,9 @@ type Options struct {
Name string `yaml:"name" env:"EG_NAME"`
Labels map[string]string `yaml:"labels" env:"EG_LABELS"`
APIAddr string `yaml:"api-addr"`
SSL bool `yaml:"ssl"`
CertFile string `yaml:"cert-file"`
KeyFile string `yaml:"key-file"`
Debug bool `yaml:"debug"`
DisableAccessLog bool `yaml:"disable-access-log"`
InitialObjectConfigFiles []string `yaml:"initial-object-config-files"`
Expand Down Expand Up @@ -138,6 +141,9 @@ func New() *Options {
opt.flags.BoolVar(&opt.UseStandaloneEtcd, "use-standalone-etcd", false, "Use standalone etcd instead of embedded .")
addClusterVars(opt)
opt.flags.StringVar(&opt.APIAddr, "api-addr", "localhost:2381", "Address([host]:port) to listen on for administration traffic.")
opt.flags.BoolVar(&opt.SSL, "ssl", false, "Flag to use secure transport protocol(https).")
opt.flags.StringVar(&opt.CertFile, "cert-file", "", "Flag to set the certificate file for https.")
opt.flags.StringVar(&opt.KeyFile, "key-file", "", "Flag to set the private key file for https.")
opt.flags.BoolVar(&opt.Debug, "debug", false, "Flag to set lowest log level from INFO downgrade DEBUG.")
opt.flags.StringSliceVar(&opt.InitialObjectConfigFiles, "initial-object-config-files", nil, "List of configuration files for initial objects, these objects will be created at startup if not already exist.")
opt.flags.StringVar(&opt.ObjectsDumpInterval, "objects-dump-interval", "", "The time interval to dump running objects config, for example: 30m")
Expand Down