refactor: make in-process TLS termination configurable

2025-12-06 14:28:20 +01:00 · 2024-08-24 16:59:36 +02:00 · 2024-08-24 16:59:36 +02:00 · fe4dae657c
parent 728d24505d
commit fe4dae657c
4 changed files with 32 additions and 25 deletions
--- a/.env
+++ b/.env
@ -1,5 +1,8 @@
 VERSIA_PORT=8443

+#VERSIA_TLS_KEY=
+#VERSIA_TLS_CERT=
+
 PUBLIC_ADDRESS=https://localhost
 INSTANCE_NAME=lysand-test
 INSTANCE_DESCRIPTION=Versia-Go Instance
--- a/compose.yml
+++ b/compose.yml
@ -25,44 +25,28 @@ services:
    <<: *versia-default
    hostname: lysand-test.i.devminer.xyz
    volumes:
-      - /etc/ssl/certs:/etc/ssl/certs:ro
-      - /etc/ca-certificates/extracted:/etc/ca-certificates/extracted
-      - type: bind
-        source: ./key.pem
-        target: /app/key.pem
-      - type: bind
-        source: ./cert.pem
-        target: /app/cert.pem
      - type: bind
        source: ./1.db
        target: /app/test.db
    environment:
-      VERSIA_PORT: 8443
+      VERSIA_PORT: 8080
      NATS_URI: nats://nats:4222
-      PUBLIC_ADDRESS: https://lysand-test.i.devminer.xyz:8443
+      PUBLIC_ADDRESS: https://lysand-test.i.devminer.xyz:8080
      NATS_STREAM_NAME: versia-go-1
    ports:
-      - "8443:8443"
+      - "8080:8080"

  versia-2:
    <<: *versia-default
    hostname: lysand-test-2.i.devminer.xyz
    volumes:
-      - /etc/ssl/certs:/etc/ssl/certs:ro
-      - /etc/ca-certificates/extracted:/etc/ca-certificates/extracted
-      - type: bind
-        source: ./key2.pem
-        target: /app/key.pem
-      - type: bind
-        source: ./cert2.pem
-        target: /app/cert.pem
      - type: bind
        source: ./2.db
        target: /app/test.db
    environment:
-      VERSIA_PORT: 8444
+      VERSIA_PORT: 8081
      NATS_URI: nats://nats:4222
-      PUBLIC_ADDRESS: https://lysand-test-2.i.devminer.xyz:8444
+      PUBLIC_ADDRESS: https://lysand-test-2.i.devminer.xyz:8081
      NATS_STREAM_NAME: versia-go-2
    ports:
-      - "8444:8444"
+      - "8081:8081"
--- a/config/config.go
+++ b/config/config.go
@ -11,7 +11,9 @@ import (
 )

 type Config struct {
-	Port int
+	Port    int
+	TLSKey  *string
+	TLSCert *string

 	PublicAddress  *url.URL
 	Host           string
@ -48,8 +50,17 @@ func Load() {
 		}
 	}

+	tlsKey := optionalEnvStr("VERSIA_TLS_KEY")
+	tlsCert := optionalEnvStr("VERSIA_TLS_CERT")
+	if (tlsKey != nil && tlsCert == nil) || (tlsKey == nil && tlsCert != nil) {
+		log.Fatal().
+			Msg("Both VERSIA_TLS_KEY and VERSIA_TLS_CERT have to be set if you want to use in-process TLS termination.")
+	}
+
 	C = Config{
-		Port: getEnvInt("VERSIA_PORT", 80),
+		Port:    getEnvInt("VERSIA_PORT", 80),
+		TLSCert: tlsCert,
+		TLSKey:  tlsKey,

 		PublicAddress:  publicAddress,
 		Host:           publicAddress.Host,
--- a/main.go
+++ b/main.go
@ -215,7 +215,16 @@ func main() {
 		defer wg.Done()

 		log.Debug().Msg("Starting server")
-		if err := web.ListenTLS(fmt.Sprintf(":%d", config.C.Port), "cert.pem", "key.pem"); err != nil {
+
+		addr := fmt.Sprintf(":%d", config.C.Port)
+
+		var err error
+		if config.C.TLSKey != nil {
+			err = web.ListenTLS(addr, *config.C.TLSCert, *config.C.TLSKey)
+		} else {
+			err = web.Listen(addr)
+		}
+		if err != nil {
 			log.Fatal().Err(err).Msg("Failed to start server")
 		}
 	}()