Added pre-generated TLS certificate

This commit is contained in:
Pijus Kamandulis 2024-02-27 21:58:57 +02:00
parent 5ff923ce2c
commit 3aeae98404
6 changed files with 125 additions and 14 deletions

View File

@ -24,8 +24,6 @@ Once downloaded, you can launch Cosmium using the following command:
```sh ```sh
./cosmium-linux-amd64 \ ./cosmium-linux-amd64 \
-Cert "cert.crt" \
-CertKey "cert.key" \
-Persist "./save.json" \ -Persist "./save.json" \
-InitialData "./save.json" -InitialData "./save.json"
``` ```
@ -43,7 +41,9 @@ Once running, the explorer can be reached by navigating following URL: `https://
### SSL Certificate ### SSL Certificate
By default, Cosmium runs on HTTP. However, if you provide an SSL certificate, it will use HTTPS. Most applications will require HTTPS, so you can specify paths to the SSL certificate and key (PEM format) using the `-Cert` and `-CertKey` arguments, respectively. By default, Cosmium uses a pre-generated SSL certificate. You can provide your own certificates by specifying paths to the SSL certificate and key (PEM format) using the `-Cert` and `-CertKey` arguments, respectively.
To disable SSL and run Cosmium on HTTP instead, you can use the `-DisableTls` flag. However most applications will require HTTPS.
### Other Available Arguments ### Other Available Arguments

View File

@ -20,6 +20,7 @@ func ParseFlags() {
initialDataPath := flag.String("InitialData", "", "Path to JSON containing initial state") initialDataPath := flag.String("InitialData", "", "Path to JSON containing initial state")
accountKey := flag.String("AccountKey", DefaultAccountKey, "Account key for authentication") accountKey := flag.String("AccountKey", DefaultAccountKey, "Account key for authentication")
disableAuthentication := flag.Bool("DisableAuth", false, "Disable authentication") disableAuthentication := flag.Bool("DisableAuth", false, "Disable authentication")
disableTls := flag.Bool("DisableTls", false, "Disable TLS, serve over HTTP")
persistDataPath := flag.String("Persist", "", "Saves data to given path on application exit") persistDataPath := flag.String("Persist", "", "Saves data to given path on application exit")
flag.Parse() flag.Parse()
@ -32,6 +33,7 @@ func ParseFlags() {
Config.InitialDataFilePath = *initialDataPath Config.InitialDataFilePath = *initialDataPath
Config.PersistDataFilePath = *persistDataPath Config.PersistDataFilePath = *persistDataPath
Config.DisableAuth = *disableAuthentication Config.DisableAuth = *disableAuthentication
Config.DisableTls = *disableTls
Config.DatabaseAccount = Config.Host Config.DatabaseAccount = Config.Host
Config.DatabaseDomain = Config.Host Config.DatabaseDomain = Config.Host

78
api/config/constants.go Normal file
View File

@ -0,0 +1,78 @@
package config
import (
"crypto/tls"
"fmt"
)
const certificate = `
-----BEGIN CERTIFICATE-----
MIIEaDCCAlCgAwIBAgIUAY7ito1IQfbIi52C0evhqHWgEvQwDQYJKoZIhvcNAQEL
BQAwMzELMAkGA1UEBhMCTFQxEjAQBgNVBAgMCUxpdGh1YW5pYTEQMA4GA1UECgwH
Q29zbWl1bTAeFw0yNDAyMjcxOTE4NThaFw0zNDAyMjYxOTE4NThaMD8xCzAJBgNV
BAYTAkxUMRIwEAYDVQQIDAlMaXRodWFuaWExEDAOBgNVBAoMB0Nvc21pdW0xCjAI
BgNVBAMMASowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZxGz5clcf
fvE6wS9Q2xPsUjeKdwotRCfKRu9kT7o1cZOSRBp7DgdeLvZ7BzqU1tk5wiLLiZwB
gI6amQAd6z6EwUcUH0mHtFiWU0y/FROz0QUojbbYp0PMUhWjlPAxAGaiwgF/82z7
/lmgMjf5v32XsMfa4U+FaaNYs7gu7aCQBQTAHmOIPnEAeFk9xQ2VzntRUWwzDYOV
SimtPZk2O2X18V8KTgTLMQF1KErIyznIwEPB/BLi+ihLkh/8BaaxoIeOPIhRLNFr
ecZrc/8+S4dUSUQDfmV3JFYFFheG0XIPEwXIaXiDAphpkCGhMIC2pDL8r14sntvn
juHFZxmSP4V5AgMBAAGjaDBmMB8GA1UdIwQYMBaAFEbQ/7hV4FWrptdOk540R2lF
SB1BMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgTwMAwGA1UdEQQFMAOCASowHQYDVR0O
BBYEFGv5XvoFFzrG54GQ+WMFm6UO36BJMA0GCSqGSIb3DQEBCwUAA4ICAQBZh/vZ
PBamebTEpiQz6cgf8+GcTi++ebYUGQ3YJj82pqVBdipOhYQOZJ0fOlT1qRGNglut
+m5zn0iuXsNucP/32xdf1aJBnsU/aGrlf5ohJpGNxYfNPsewxeqQI23Yj22ec1gy
WL2pFDYNyTZMM7Wgys7m3i9lb6TYOF2lNO3WbNuuuETsDAPa0rD0R8QsQOfYOSNJ
YuWE4qZu+ySvTWsMZwlcqs7QL3Sd91UjItIS/AgqbnLvgt4z5ckGCIvickUfAZuQ
6x592hTz4OZ+WIYDejtb5MMXRaKEXgfF6o1idrD7YgVutm+2+mYpN1v9aLbCs7QW
9RkJoTXFQRNGq6j/cO0ZrCKFkttduziMWRz5X9QWADME1NsL53DfDkaxp9Nh+CCu
0S9OF9nVLJVigdXe4O1cQ0Qh633O6k+F/xWYcmMyVt3V2bs7FPfygGUx60tfIbpi
cBK3BsuzUrId3ozvYPsmfxYlzmyspyS6G+f7zLFOakm3fuqDJpnFNXmRY2Ljd3Cp
punuMT6zSctHAxpgJm1g9R6PcaGr+b/n6zkbxyK9+SFzwN3Lb18WFj5OcslNM/g5
ERE5Ws+Vae6MleSmsxSytgH4qn0ormPWuouBLaW0Rv2ZHdkt3myq8kTqtqdw3LRR
ogcLQ3cL6I5FKGjm2TOF72DQHvOol8ck0uMz/w==
-----END CERTIFICATE-----
`
const certificateKey = `
-----BEGIN PRIVATE KEY-----
MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQCZxGz5clcffvE6
wS9Q2xPsUjeKdwotRCfKRu9kT7o1cZOSRBp7DgdeLvZ7BzqU1tk5wiLLiZwBgI6a
mQAd6z6EwUcUH0mHtFiWU0y/FROz0QUojbbYp0PMUhWjlPAxAGaiwgF/82z7/lmg
Mjf5v32XsMfa4U+FaaNYs7gu7aCQBQTAHmOIPnEAeFk9xQ2VzntRUWwzDYOVSimt
PZk2O2X18V8KTgTLMQF1KErIyznIwEPB/BLi+ihLkh/8BaaxoIeOPIhRLNFrecZr
c/8+S4dUSUQDfmV3JFYFFheG0XIPEwXIaXiDAphpkCGhMIC2pDL8r14sntvnjuHF
ZxmSP4V5AgMBAAECgf89wcgjpZnzoWoiM3Z6QDJnkiUdXQumHQracBnRFXnMy8p9
wCd4ecnu9ptd8OArXgVMiaILWZeGXlqtW872m6Lej6DrJkpOt3NG9CvscdaHdthW
9dzv8d7IEtuRN4/WWOm7Tke7eD7763ta9i9/niR2q7DazPVw8vYhkyoNe864qVrq
Vw6+MMetz3TDHZ68p17yJJ9FJ0z0vHj3KJFrxnJonMe+/LcQX490y4zZw+zeyCkh
y/bsgvFGhnUhJ+mOz+qv0KL7HyUR69p9/+mjQH+AQH+j24xgd1IL0Dror9Cy1kxY
uKmi8pN1y288GmjkWosGMb0p3Pse1OkOyYFIbxECgYEA2ED3PSPoHWLHfKhg2BFw
yMPtern06rjKuwMNlD+mKS66Z+OsQi2EBsqomGnr1HGvYgQik0jwMcx0+Sup9/Zp
az8ebH6S4Tdxmnlwn34lhTIAF1KJS19AYvbhOydV+M+hq7Y7QxTqYsJAgEYwsozQ
0XeAzRBIiRxdcMFHP40zZIkCgYEAtgdiwo5d5iyvXEqx/5+NdM4b/ImrbaFIAb0v
MqiPpOA/+7EKlx72gJKVKh2iv4jvEUfduNEUXt77Yqo66HhfiTBVYxYwThK8E0Mq
TSKKdJsdPSThLS3qjeARpzQpWLiBZH90GxbfFL3ogIOa/UcgwRrqPc5a/yq8adSs
KGrfvXECgYEAmSMAMbqgn1aY32y5D6jiDjm4jMTsa98qKN5TmlysRNODSxhNnptu
uASA+VVgnBNZV/aHqXboKMuZNe22shI7uqd62ueTCYtiljpTB46j8TtkFx/qe4Zb
KPmcq3ACkGwwF1G3i5xfEkputKd/yqCvKvYOLqjORNHiVXt5Acby0skCgYBYkZ9s
KvllVbi9n1qclnWtr9vONO5EmYT/051zeLDr+HEpditA/L/UL36Ez4awy2AHeIBZ
vOG8h6Kpj0q6cleJ2Qqy+8jlNBhvBu8+OOBFfHPtnFQ0N3M5NR1hze+QS7YpwBou
VCKXZRAL9/0h38oAK6huCkocfh7PH7vkrpvPAQKBgCFDDtk7aBJsNcOW+aq4IEvf
nZ5hhhdelNLeN29RrJ71GwJrCG3NbhopWlCDqZ/Dd6QoEUpebqvlMGvQJBuz/QKb
ilcZlmaCS9pqIXAFK9GQ89V/xa8OibOuJUiBgShnfSQqAwQrfX1vYjtKErnjoRFs
9+zaWugLCC47Hw6QlMDa
-----END PRIVATE KEY-----
`
func GetDefaultTlsConfig() *tls.Config {
cert, err := tls.X509KeyPair([]byte(certificate), []byte(certificateKey))
if err != nil {
fmt.Println("Failed to parse certificate and key:", err)
return &tls.Config{}
}
return &tls.Config{
Certificates: []tls.Certificate{cert},
}
}

View File

@ -14,4 +14,5 @@ type ServerConfig struct {
InitialDataFilePath string InitialDataFilePath string
PersistDataFilePath string PersistDataFilePath string
DisableAuth bool DisableAuth bool
DisableTls bool
} }

View File

@ -1,7 +1,11 @@
package api package api
import ( import (
"fmt"
"net/http"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"github.com/pikami/cosmium/api/config"
"github.com/pikami/cosmium/api/handlers" "github.com/pikami/cosmium/api/handlers"
"github.com/pikami/cosmium/api/handlers/middleware" "github.com/pikami/cosmium/api/handlers/middleware"
) )
@ -43,3 +47,39 @@ func CreateRouter() *gin.Engine {
return router return router
} }
func StartAPI() {
router := CreateRouter()
listenAddress := fmt.Sprintf(":%d", config.Config.Port)
if config.Config.TLS_CertificatePath != "" && config.Config.TLS_CertificateKey != "" {
err := router.RunTLS(
listenAddress,
config.Config.TLS_CertificatePath,
config.Config.TLS_CertificateKey)
if err != nil {
fmt.Println("Failed to start HTTPS server:", err)
}
return
}
if config.Config.DisableTls {
router.Run(listenAddress)
}
tlsConfig := config.GetDefaultTlsConfig()
server := &http.Server{
Addr: listenAddress,
Handler: router.Handler(),
TLSConfig: tlsConfig,
}
fmt.Printf("Listening and serving HTTPS on %s\n", server.Addr)
err := server.ListenAndServeTLS("", "")
if err != nil {
fmt.Println("Failed to start HTTPS server:", err)
}
router.Run()
}

12
main.go
View File

@ -1,7 +1,6 @@
package main package main
import ( import (
"fmt"
"os" "os"
"os/signal" "os/signal"
"syscall" "syscall"
@ -18,16 +17,7 @@ func main() {
repositories.LoadStateFS(config.Config.InitialDataFilePath) repositories.LoadStateFS(config.Config.InitialDataFilePath)
} }
router := api.CreateRouter() go api.StartAPI()
if config.Config.TLS_CertificatePath == "" ||
config.Config.TLS_CertificateKey == "" {
go router.Run(fmt.Sprintf(":%d", config.Config.Port))
} else {
go router.RunTLS(
fmt.Sprintf(":%d", config.Config.Port),
config.Config.TLS_CertificatePath,
config.Config.TLS_CertificateKey)
}
waitForExit() waitForExit()
} }