Add mTLS support for both master and volume http server.
This commit is contained in:
Berck Nash
@@ -1,23 +1,25 @@
|
||||
package command
|
||||
|
||||
import (
|
||||
"github.com/chrislusf/raft/protobuf"
|
||||
stats_collect "github.com/chrislusf/seaweedfs/weed/stats"
|
||||
"github.com/gorilla/mux"
|
||||
"google.golang.org/grpc/reflection"
|
||||
"net/http"
|
||||
"os"
|
||||
"sort"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/chrislusf/raft/protobuf"
|
||||
stats_collect "github.com/chrislusf/seaweedfs/weed/stats"
|
||||
"github.com/gorilla/mux"
|
||||
"github.com/spf13/viper"
|
||||
"google.golang.org/grpc/reflection"
|
||||
|
||||
"github.com/chrislusf/seaweedfs/weed/util/grace"
|
||||
|
||||
"github.com/chrislusf/seaweedfs/weed/glog"
|
||||
"github.com/chrislusf/seaweedfs/weed/pb"
|
||||
"github.com/chrislusf/seaweedfs/weed/pb/master_pb"
|
||||
"github.com/chrislusf/seaweedfs/weed/security"
|
||||
"github.com/chrislusf/seaweedfs/weed/server"
|
||||
weed_server "github.com/chrislusf/seaweedfs/weed/server"
|
||||
"github.com/chrislusf/seaweedfs/weed/storage/backend"
|
||||
"github.com/chrislusf/seaweedfs/weed/util"
|
||||
)
|
||||
@@ -138,6 +140,7 @@ func startMaster(masterOption MasterOptions, masterWhiteList []string) {
|
||||
if e != nil {
|
||||
glog.Fatalf("Master startup error: %v", e)
|
||||
}
|
||||
|
||||
// start raftServer
|
||||
raftServerOption := &weed_server.RaftServerOption{
|
||||
GrpcDialOption: security.LoadClientTLS(util.GetViper(), "grpc.master"),
|
||||
@@ -183,11 +186,39 @@ func startMaster(masterOption MasterOptions, masterWhiteList []string) {
|
||||
go ms.MasterClient.KeepConnectedToMaster()
|
||||
|
||||
// start http server
|
||||
var (
|
||||
clientCertFile,
|
||||
certFile,
|
||||
keyFile string
|
||||
)
|
||||
useTLS := false
|
||||
useMTLS := false
|
||||
|
||||
if viper.GetString("https.master.key") != "" {
|
||||
useTLS = true
|
||||
certFile = viper.GetString("https.master.cert")
|
||||
keyFile = viper.GetString("https.master.key")
|
||||
}
|
||||
|
||||
if viper.GetString("https.master.ca") != "" {
|
||||
useMTLS = true
|
||||
clientCertFile = viper.GetString("https.master.ca")
|
||||
}
|
||||
|
||||
httpS := &http.Server{Handler: r}
|
||||
if masterLocalListner != nil {
|
||||
go httpS.Serve(masterLocalListner)
|
||||
}
|
||||
go httpS.Serve(masterListener)
|
||||
|
||||
if useMTLS {
|
||||
httpS.TLSConfig = security.LoadClientTLSHTTP(clientCertFile)
|
||||
}
|
||||
|
||||
if useTLS {
|
||||
go httpS.ServeTLS(masterListener, certFile, keyFile)
|
||||
} else {
|
||||
go httpS.Serve(masterListener)
|
||||
}
|
||||
|
||||
select {}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user