Skip to content

Commit

Permalink
Add TLS support
Browse files Browse the repository at this point in the history
  • Loading branch information
@palkan
palkan committed Nov 8, 2017
1 parent 1297d3f commit 1809947
Show file tree
Hide file tree
Showing 6 changed files with 95 additions and 5 deletions.
12 changes: 11 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,16 @@
# Change log

## master
## 0.5.1 (2017-11-08)

- Add TLS support. ([@palkan][])

To secure your `anycable-go` server provide the paths to SSL certificate and private key:

```shell
anycable-go -addr=0.0.0.0:443 -ssl_cert=path/to/ssl.cert -ssl_key=path/to/ssl.key

=> Running AnyCable websocket server (secured) v0.5.1 on 0.0.0.0:443 at /cable
```

- Handle RPC errors gracefully. ([@palkan][])

Expand Down
6 changes: 6 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ test:
test-cable:
go build -o tmp/anycable-go-test .
anyt -c "tmp/anycable-go-test -headers=cookie,x-api-token" --target-url="ws://localhost:8080/cable"
anyt -c "tmp/anycable-go-test -headers=cookie,x-api-token -ssl_key=etc/ssl/server.key -ssl_cert=etc/ssl/server.crt -addr=localhost:8443" --target-url="wss://localhost:8443/cable"

test-ci: prepare test test-cable

Expand All @@ -66,6 +67,11 @@ prepare:
go get github.com/tools/godep
godep restore

gen-ssl:
mkdir -p tmp/ssl
openssl genrsa -out tmp/ssl/server.key 2048
openssl req -new -x509 -sha256 -key tmp/ssl/server.key -out tmp/ssl/server.crt -days 3650

vet:
go vet ./...

Expand Down
12 changes: 12 additions & 0 deletions Readme.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,22 @@ Run server:

```shell
anycable-go -rpc=0.0.0.0:50051 -headers=cookie,x-api-token -redis=redis://localhost:6379/5 -redis_channel=anycable -addr=0.0.0.0:8080 -log

=> Running AnyCable websocket server v0.5.0 on 0.0.0.0:8080 at /cable
```

You can also provide configuration parameters through the corresponding environment variables (i.e. `RPC`, `REDIS`, etc).

### TLS

To secure your `anycable-go` server provide the paths to SSL certificate and private key:

```shell
anycable-go -addr=0.0.0.0:443 -ssl_cert=path/to/ssl.cert -ssl_key=path/to/ssl.key

=> Running AnyCable websocket server (secured) v0.5.1 on 0.0.0.0:443 at /cable
```

## Build

```shell
Expand Down
23 changes: 23 additions & 0 deletions etc/ssl/server.crt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIID2jCCAsKgAwIBAgIJAINgcDL+ai6EMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV
BAYTAlJVMQ0wCwYDVQQIEwRUdWxhMQ0wCwYDVQQHEwRUdWxhMRAwDgYDVQQKEwdQ
cnlhbmlrMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTcxMTAxMDYzMDU3WhcNMjcx
MDMwMDYzMDU3WjBRMQswCQYDVQQGEwJSVTENMAsGA1UECBMEVHVsYTENMAsGA1UE
BxMEVHVsYTEQMA4GA1UEChMHUHJ5YW5pazESMBAGA1UEAxMJbG9jYWxob3N0MIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyzxi9XhS68F82SjgjwlZ6Xa
L2yDwQ0clfEZHMJCJ1Pwq855KQnibS31iDjakQ2doR3cWKdYdhhfuWzhwQcBIpp8
S2dagxvOXFQ3qGGNOu12Q5l1ehwEDES6eEnR9KnFYTTr9KqFxZaRNIARRJgpOdK3
hy6a4PBXGICU8Pgn48j6tlcPHfwnoW//69Rj1Yj9Qv/iQ0+LAdbY0SL7jeSk4Uze
BPs62h1W3nqRrq2g7m7nlqq+zo49b6o/ozNh67OLkO5jXxfD6O6RZrRf41X4yice
fHH5ufogzYVkvp2x9+0KTyhbHJ4VlrQr8CICJqXgJYDspS+Jm3hddnWmCgpLMQID
AQABo4G0MIGxMB0GA1UdDgQWBBRqzfdMzPzyFcw0IxGaqlMrUCMYGTCBgQYDVR0j
BHoweIAUas33TMz88hXMNCMRmqpTK1AjGBmhVaRTMFExCzAJBgNVBAYTAlJVMQ0w
CwYDVQQIEwRUdWxhMQ0wCwYDVQQHEwRUdWxhMRAwDgYDVQQKEwdQcnlhbmlrMRIw
EAYDVQQDEwlsb2NhbGhvc3SCCQCDYHAy/mouhDAMBgNVHRMEBTADAQH/MA0GCSqG
SIb3DQEBCwUAA4IBAQCfZXi6tRPI+GEXpEHu8M9epYSQ5jV995E7w8QrQUuXyYbD
+C6hhWjvWKOsvkgFn73+7o5Dlbi052oAGCzZIyo6yY1GjZFpGD6hzWfAH2wPa2mb
CQAVXqTGfSMXv40yBz+otfLXvNQegza+TjE5nC+6PEqoQLR7UvpREOLu557r++Cr
ltpe9/BoWPfI7LaNDHQoRidVZq/gW/fjIxV15Zjvn8woEQDDZ+TQIvicVdXU5PpV
ABEUycP5PYb34d4GuuTV3GA63esXPlD1Tzk2SG03nGWTLGc6pqazhCaxYAXE/91Z
SA7w7+w+fI/LTyjOQyu05z7muNaewG6HgF7WD8SD
-----END CERTIFICATE-----
27 changes: 27 additions & 0 deletions etc/ssl/server.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAwyzxi9XhS68F82SjgjwlZ6XaL2yDwQ0clfEZHMJCJ1Pwq855
KQnibS31iDjakQ2doR3cWKdYdhhfuWzhwQcBIpp8S2dagxvOXFQ3qGGNOu12Q5l1
ehwEDES6eEnR9KnFYTTr9KqFxZaRNIARRJgpOdK3hy6a4PBXGICU8Pgn48j6tlcP
HfwnoW//69Rj1Yj9Qv/iQ0+LAdbY0SL7jeSk4UzeBPs62h1W3nqRrq2g7m7nlqq+
zo49b6o/ozNh67OLkO5jXxfD6O6RZrRf41X4yicefHH5ufogzYVkvp2x9+0KTyhb
HJ4VlrQr8CICJqXgJYDspS+Jm3hddnWmCgpLMQIDAQABAoIBAQCjsO0Av6fN5wPR
p2UvFCy26jW8soEqB0ojQ2sxYIdFHrRqE6gwUBb0RKh50F0XbNj4SOgF/oxFt5mJ
FZWdY7eDAxgd0ZfrAAYqD4QCl5Zwhro6ZdlOSXLnqzjNK/SIA18EcPM4Z0/8cJRl
+McCxa9FzMGaAe9pmokhhq3kD+y8r9q8a4Bu/0sLI51L/ozbJhBX/3rtS4ppRN98
geI9bpHrYC6BCT8XBDw61+Uibd99mfYeupqnOSDLzV98l5vTG1Lc7AUaSjKdNlYo
lhLCr5nVj1ITyHXG8Uyrvwo6yVxZj/qhexGMXSE5v93jIZ/u2vVOlrXwgp3gpRWu
dnBfalq1AoGBAOjLLbxz1HAoWaf4zLLDCcLHZzS0HAGR70Rnh0r2lwcCMfrLdZmV
IvgJOVJ2DQ7v9+47BpepwvyMObz9je7d5DxATfSayvY+JYWNHwk5PJNUiru6l841
JhqtPJ5s2P4sK/G+nlhgXo9CmZv1T8Srz7XzVhc9p1RLETSshAqJS9xvAoGBANah
wzsh8pMGpjKw6tuVLrKkP3pKYmqDHGDe6kXBb5dxw86EMm6qFOrG3zTchABiUwT2
FeRkoq1aU4esNCApMf0V4c9d46kakNenUYTYQ0PRRkxNitrLBDsfqopjK7UJAO9/
SNCSa6lD26HAucrnIiy0LUy0m0nL7MlSQlr+D2JfAoGBAJfuIsdfgUJB02HBCzeP
+wrYQQ8wjSapK9MlDjNqhF7am+vmZbX6k3v16SdcTGF3VARzGXZaIRvaGMSzZrKC
trZr8XS2ocfb/3kOBTdr15EAGBs1SGYYYen/LhTnTSd1hKidk5JyMsSk3sPeclUV
HNbPHVzFrDNjWrNZ9EM8H/qZAoGBANN7OoIGdhz2nUYvWoqYWRX+julxZ72piInO
u6mV6t2fZB8V1ReDkO6wm/hbG9nBCCpIS9PqcPw8lzeEryvNS4sjR4dq7MqP+Y30
OHecG9Mz3n+KnDnvdjDHh+OpycQspfZWRan1zA1RZpTf8HGEAwFnW4dMIgK544uO
+QDter0jAoGAaHF531Vp9qcshXSpj4ZYJwM467dyp4L6Ej3TeslEeuPbeMHyVJPn
JzVhPUAKGd0fpltDVq7IMlHFkqEquzIrz4836AfbhaIXy4I+YoKBa9XbTvpyyQwF
Hyv2gOFL/yjhR/h0jXFocHzXZeaeGc4Figooa1PjBQvg+aWqghvi00Y=
-----END RSA PRIVATE KEY-----
20 changes: 16 additions & 4 deletions server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,8 @@ var (
wspath = flag.String("wspath", "/cable", "WS endpoint path")
disconnectRate = flag.Int("disconnect_rate", 100, "the number of Disconnect calls per second")
headers_list = flag.String("headers", "cookie", "list of headers to proxy to RPC")
sslCert = flag.String("ssl_cert", "", "SSL certificate path")
sslKey = flag.String("ssl_key", "", "SSL private key path")

upgrader = websocket.Upgrader{
CheckOrigin: func(r *http.Request) bool { return true },
Expand Down Expand Up @@ -247,9 +249,19 @@ func main() {

http.HandleFunc(*wspath, serveWs)

log.Infof("Running AnyCable websocket server v%s on %s at %s", version, *addr, *wspath)
err := http.ListenAndServe(*addr, nil)
if err != nil {
log.Fatal("HTTP Server Error: ", err)
if (*sslCert != "") && (*sslKey != "") {
log.Infof("Running AnyCable websocket server (secured) v%s on %s at %s", version, *addr, *wspath)

err := http.ListenAndServeTLS(*addr, *sslCert, *sslKey, nil)
if err != nil {
log.Fatal("HTTPS Server Error: ", err)
}
} else {
log.Infof("Running AnyCable websocket server v%s on %s at %s", version, *addr, *wspath)

err := http.ListenAndServe(*addr, nil)
if err != nil {
log.Fatal("HTTP Server Error: ", err)
}
}
}

0 comments on commit 1809947

Please sign in to comment.