diff --git a/CHANGELOG.md b/CHANGELOG.md index 63348994..083d248b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,16 @@ # Change log -## master +## 0.5.1 (2017-11-08) + +- Add TLS support. ([@palkan][]) + +To secure your `anycable-go` server provide the paths to SSL certificate and private key: + +```shell +anycable-go -addr=0.0.0.0:443 -ssl_cert=path/to/ssl.cert -ssl_key=path/to/ssl.key + +=> Running AnyCable websocket server (secured) v0.5.1 on 0.0.0.0:443 at /cable +``` - Handle RPC errors gracefully. ([@palkan][]) diff --git a/Makefile b/Makefile index 79fc4875..779372da 100644 --- a/Makefile +++ b/Makefile @@ -58,6 +58,7 @@ test: test-cable: go build -o tmp/anycable-go-test . anyt -c "tmp/anycable-go-test -headers=cookie,x-api-token" --target-url="ws://localhost:8080/cable" + anyt -c "tmp/anycable-go-test -headers=cookie,x-api-token -ssl_key=etc/ssl/server.key -ssl_cert=etc/ssl/server.crt -addr=localhost:8443" --target-url="wss://localhost:8443/cable" test-ci: prepare test test-cable @@ -66,6 +67,11 @@ prepare: go get github.com/tools/godep godep restore +gen-ssl: + mkdir -p tmp/ssl + openssl genrsa -out tmp/ssl/server.key 2048 + openssl req -new -x509 -sha256 -key tmp/ssl/server.key -out tmp/ssl/server.crt -days 3650 + vet: go vet ./... diff --git a/Readme.md b/Readme.md index b7be2187..08a52506 100644 --- a/Readme.md +++ b/Readme.md @@ -26,10 +26,22 @@ Run server: ```shell anycable-go -rpc=0.0.0.0:50051 -headers=cookie,x-api-token -redis=redis://localhost:6379/5 -redis_channel=anycable -addr=0.0.0.0:8080 -log + +=> Running AnyCable websocket server v0.5.0 on 0.0.0.0:8080 at /cable ``` You can also provide configuration parameters through the corresponding environment variables (i.e. `RPC`, `REDIS`, etc). +### TLS + +To secure your `anycable-go` server provide the paths to SSL certificate and private key: + +```shell +anycable-go -addr=0.0.0.0:443 -ssl_cert=path/to/ssl.cert -ssl_key=path/to/ssl.key + +=> Running AnyCable websocket server (secured) v0.5.1 on 0.0.0.0:443 at /cable +``` + ## Build ```shell diff --git a/etc/ssl/server.crt b/etc/ssl/server.crt new file mode 100644 index 00000000..b8d4f71c --- /dev/null +++ b/etc/ssl/server.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2jCCAsKgAwIBAgIJAINgcDL+ai6EMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNV +BAYTAlJVMQ0wCwYDVQQIEwRUdWxhMQ0wCwYDVQQHEwRUdWxhMRAwDgYDVQQKEwdQ +cnlhbmlrMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTcxMTAxMDYzMDU3WhcNMjcx +MDMwMDYzMDU3WjBRMQswCQYDVQQGEwJSVTENMAsGA1UECBMEVHVsYTENMAsGA1UE +BxMEVHVsYTEQMA4GA1UEChMHUHJ5YW5pazESMBAGA1UEAxMJbG9jYWxob3N0MIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyzxi9XhS68F82SjgjwlZ6Xa +L2yDwQ0clfEZHMJCJ1Pwq855KQnibS31iDjakQ2doR3cWKdYdhhfuWzhwQcBIpp8 +S2dagxvOXFQ3qGGNOu12Q5l1ehwEDES6eEnR9KnFYTTr9KqFxZaRNIARRJgpOdK3 +hy6a4PBXGICU8Pgn48j6tlcPHfwnoW//69Rj1Yj9Qv/iQ0+LAdbY0SL7jeSk4Uze +BPs62h1W3nqRrq2g7m7nlqq+zo49b6o/ozNh67OLkO5jXxfD6O6RZrRf41X4yice +fHH5ufogzYVkvp2x9+0KTyhbHJ4VlrQr8CICJqXgJYDspS+Jm3hddnWmCgpLMQID +AQABo4G0MIGxMB0GA1UdDgQWBBRqzfdMzPzyFcw0IxGaqlMrUCMYGTCBgQYDVR0j +BHoweIAUas33TMz88hXMNCMRmqpTK1AjGBmhVaRTMFExCzAJBgNVBAYTAlJVMQ0w +CwYDVQQIEwRUdWxhMQ0wCwYDVQQHEwRUdWxhMRAwDgYDVQQKEwdQcnlhbmlrMRIw +EAYDVQQDEwlsb2NhbGhvc3SCCQCDYHAy/mouhDAMBgNVHRMEBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQCfZXi6tRPI+GEXpEHu8M9epYSQ5jV995E7w8QrQUuXyYbD ++C6hhWjvWKOsvkgFn73+7o5Dlbi052oAGCzZIyo6yY1GjZFpGD6hzWfAH2wPa2mb +CQAVXqTGfSMXv40yBz+otfLXvNQegza+TjE5nC+6PEqoQLR7UvpREOLu557r++Cr +ltpe9/BoWPfI7LaNDHQoRidVZq/gW/fjIxV15Zjvn8woEQDDZ+TQIvicVdXU5PpV +ABEUycP5PYb34d4GuuTV3GA63esXPlD1Tzk2SG03nGWTLGc6pqazhCaxYAXE/91Z +SA7w7+w+fI/LTyjOQyu05z7muNaewG6HgF7WD8SD +-----END CERTIFICATE----- diff --git a/etc/ssl/server.key b/etc/ssl/server.key new file mode 100644 index 00000000..d9ed12f6 --- /dev/null +++ b/etc/ssl/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAwyzxi9XhS68F82SjgjwlZ6XaL2yDwQ0clfEZHMJCJ1Pwq855 +KQnibS31iDjakQ2doR3cWKdYdhhfuWzhwQcBIpp8S2dagxvOXFQ3qGGNOu12Q5l1 +ehwEDES6eEnR9KnFYTTr9KqFxZaRNIARRJgpOdK3hy6a4PBXGICU8Pgn48j6tlcP +HfwnoW//69Rj1Yj9Qv/iQ0+LAdbY0SL7jeSk4UzeBPs62h1W3nqRrq2g7m7nlqq+ +zo49b6o/ozNh67OLkO5jXxfD6O6RZrRf41X4yicefHH5ufogzYVkvp2x9+0KTyhb +HJ4VlrQr8CICJqXgJYDspS+Jm3hddnWmCgpLMQIDAQABAoIBAQCjsO0Av6fN5wPR +p2UvFCy26jW8soEqB0ojQ2sxYIdFHrRqE6gwUBb0RKh50F0XbNj4SOgF/oxFt5mJ +FZWdY7eDAxgd0ZfrAAYqD4QCl5Zwhro6ZdlOSXLnqzjNK/SIA18EcPM4Z0/8cJRl ++McCxa9FzMGaAe9pmokhhq3kD+y8r9q8a4Bu/0sLI51L/ozbJhBX/3rtS4ppRN98 +geI9bpHrYC6BCT8XBDw61+Uibd99mfYeupqnOSDLzV98l5vTG1Lc7AUaSjKdNlYo +lhLCr5nVj1ITyHXG8Uyrvwo6yVxZj/qhexGMXSE5v93jIZ/u2vVOlrXwgp3gpRWu +dnBfalq1AoGBAOjLLbxz1HAoWaf4zLLDCcLHZzS0HAGR70Rnh0r2lwcCMfrLdZmV +IvgJOVJ2DQ7v9+47BpepwvyMObz9je7d5DxATfSayvY+JYWNHwk5PJNUiru6l841 +JhqtPJ5s2P4sK/G+nlhgXo9CmZv1T8Srz7XzVhc9p1RLETSshAqJS9xvAoGBANah +wzsh8pMGpjKw6tuVLrKkP3pKYmqDHGDe6kXBb5dxw86EMm6qFOrG3zTchABiUwT2 +FeRkoq1aU4esNCApMf0V4c9d46kakNenUYTYQ0PRRkxNitrLBDsfqopjK7UJAO9/ +SNCSa6lD26HAucrnIiy0LUy0m0nL7MlSQlr+D2JfAoGBAJfuIsdfgUJB02HBCzeP ++wrYQQ8wjSapK9MlDjNqhF7am+vmZbX6k3v16SdcTGF3VARzGXZaIRvaGMSzZrKC +trZr8XS2ocfb/3kOBTdr15EAGBs1SGYYYen/LhTnTSd1hKidk5JyMsSk3sPeclUV +HNbPHVzFrDNjWrNZ9EM8H/qZAoGBANN7OoIGdhz2nUYvWoqYWRX+julxZ72piInO +u6mV6t2fZB8V1ReDkO6wm/hbG9nBCCpIS9PqcPw8lzeEryvNS4sjR4dq7MqP+Y30 +OHecG9Mz3n+KnDnvdjDHh+OpycQspfZWRan1zA1RZpTf8HGEAwFnW4dMIgK544uO ++QDter0jAoGAaHF531Vp9qcshXSpj4ZYJwM467dyp4L6Ej3TeslEeuPbeMHyVJPn +JzVhPUAKGd0fpltDVq7IMlHFkqEquzIrz4836AfbhaIXy4I+YoKBa9XbTvpyyQwF +Hyv2gOFL/yjhR/h0jXFocHzXZeaeGc4Figooa1PjBQvg+aWqghvi00Y= +-----END RSA PRIVATE KEY----- diff --git a/server.go b/server.go index 78b1c6a0..f2e3c96e 100644 --- a/server.go +++ b/server.go @@ -64,6 +64,8 @@ var ( wspath = flag.String("wspath", "/cable", "WS endpoint path") disconnectRate = flag.Int("disconnect_rate", 100, "the number of Disconnect calls per second") headers_list = flag.String("headers", "cookie", "list of headers to proxy to RPC") + sslCert = flag.String("ssl_cert", "", "SSL certificate path") + sslKey = flag.String("ssl_key", "", "SSL private key path") upgrader = websocket.Upgrader{ CheckOrigin: func(r *http.Request) bool { return true }, @@ -247,9 +249,19 @@ func main() { http.HandleFunc(*wspath, serveWs) - log.Infof("Running AnyCable websocket server v%s on %s at %s", version, *addr, *wspath) - err := http.ListenAndServe(*addr, nil) - if err != nil { - log.Fatal("HTTP Server Error: ", err) + if (*sslCert != "") && (*sslKey != "") { + log.Infof("Running AnyCable websocket server (secured) v%s on %s at %s", version, *addr, *wspath) + + err := http.ListenAndServeTLS(*addr, *sslCert, *sslKey, nil) + if err != nil { + log.Fatal("HTTPS Server Error: ", err) + } + } else { + log.Infof("Running AnyCable websocket server v%s on %s at %s", version, *addr, *wspath) + + err := http.ListenAndServe(*addr, nil) + if err != nil { + log.Fatal("HTTP Server Error: ", err) + } } }