diff --git a/README.md b/README.md index d1c24e8..735d448 100644 --- a/README.md +++ b/README.md @@ -143,7 +143,8 @@ The following configuration options are available: | csrf_secret | web | extremely_secret | The CSRF secret. | | site_title | web | WireGuard Portal | The title that is shown in the web frontend. | | site_company_name | web | WireGuard Portal | The company name that is shown at the bottom of the web frontend. | - +| cert_file | web | | (Optional) Path to the TLS certificate file | +| key_file | web | | (Optional) Path to the TLS certificate key file | ## Upgrading from V1 diff --git a/internal/app/api/core/server.go b/internal/app/api/core/server.go index b9aa3e8..2c1f378 100644 --- a/internal/app/api/core/server.go +++ b/internal/app/api/core/server.go @@ -68,8 +68,7 @@ func NewServer(cfg *config.Config, endpoints ...ApiEndpointSetupFunc) (*Server, c.Writer.Header().Set("X-Served-By", hostname) c.Next() }).Use(func(c *gin.Context) { - var xRequestID string - xRequestID = uuid(16) + xRequestID := uuid(16) c.Request.Header.Set(RequestIDKey, xRequestID) c.Set(RequestIDKey, xRequestID) @@ -106,7 +105,13 @@ func (s *Server) Run(ctx context.Context, listenAddress string) { srvContext, cancelFn := context.WithCancel(ctx) go func() { - if err := srv.ListenAndServe(); err != nil { + var err error + if s.cfg.Web.CertFile != "" && s.cfg.Web.KeyFile != "" { + err = srv.ListenAndServeTLS(s.cfg.Web.CertFile, s.cfg.Web.KeyFile) + } else { + err = srv.ListenAndServe() + } + if err != nil { logrus.Infof("web service on %s exited: %v", listenAddress, err) cancelFn() } diff --git a/internal/config/web.go b/internal/config/web.go index 5a8ed85..9a7508f 100644 --- a/internal/config/web.go +++ b/internal/config/web.go @@ -9,4 +9,6 @@ type WebConfig struct { CsrfSecret string `yaml:"csrf_secret"` SiteTitle string `yaml:"site_title"` SiteCompanyName string `yaml:"site_company_name"` + CertFile string `yaml:"cert_file"` + KeyFile string `yaml:"key_file"` }