Added TLS support for web

- Added optional configurations `cert_file` and `key_file` to run web server with https Signed-off-by: Dmytro Bondar <git@bonddim.com>
2025-06-26 18:16:21 +00:00 · 2024-09-18 11:13:48 +02:00 · 2024-09-18 11:13:48 +02:00 · b30fb72a91
commit b30fb72a91
parent a46dabc1d3
3 changed files with 12 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -143,7 +143,8 @@ The following configuration options are available:
 | csrf_secret                     | web        | extremely_secret                           | The CSRF secret.                                                                                                                        |
 | site_title                      | web        | WireGuard Portal                           | The title that is shown in the web frontend.                                                                                            |
 | site_company_name               | web        | WireGuard Portal                           | The company name that is shown at the bottom of the web frontend.                                                                       |
-
+| cert_file                       | web        |                                            | (Optional) Path to the TLS certificate file                                                                                             |
+| key_file                        | web        |                                            | (Optional) Path to the TLS certificate key file                                                                                         |

 ## Upgrading from V1

--- a/internal/app/api/core/server.go
+++ b/internal/app/api/core/server.go
@ -68,8 +68,7 @@ func NewServer(cfg *config.Config, endpoints ...ApiEndpointSetupFunc) (*Server,
 		c.Writer.Header().Set("X-Served-By", hostname)
 		c.Next()
 	}).Use(func(c *gin.Context) {
-		var xRequestID string
-		xRequestID = uuid(16)
+		xRequestID := uuid(16)

 		c.Request.Header.Set(RequestIDKey, xRequestID)
 		c.Set(RequestIDKey, xRequestID)
@ -106,7 +105,13 @@ func (s *Server) Run(ctx context.Context, listenAddress string) {

 	srvContext, cancelFn := context.WithCancel(ctx)
 	go func() {
-		if err := srv.ListenAndServe(); err != nil {
+		var err error
+		if s.cfg.Web.CertFile != "" && s.cfg.Web.KeyFile != "" {
+			err = srv.ListenAndServeTLS(s.cfg.Web.CertFile, s.cfg.Web.KeyFile)
+		} else {
+			err = srv.ListenAndServe()
+		}
+		if err != nil {
 			logrus.Infof("web service on %s exited: %v", listenAddress, err)
 			cancelFn()
 		}
--- a/internal/config/web.go
+++ b/internal/config/web.go
@ -9,4 +9,6 @@ type WebConfig struct {
 	CsrfSecret        string `yaml:"csrf_secret"`
 	SiteTitle         string `yaml:"site_title"`
 	SiteCompanyName   string `yaml:"site_company_name"`
+	CertFile          string `yaml:"cert_file"`
+	KeyFile           string `yaml:"key_file"`
 }