Release 1.4.0: Added HTTPS support

CHANGELOG.yml

@@ -1,5 +1,9 @@
 # Semantic changelog: https://github.com/c4s4/changelog
 
+- version: 1.4.0
+  date:    2015-07-30
+  summary: Added HTTPS support
+
 - version: 1.3.1
   date:    2015-07-29
   summary: Improved documentation

README.md

@@ -9,7 +9,8 @@ CheeseShop is a Python package repository. This is a local version of the well-k
 To tell PIP where is your private CheeseShop, you must edit you *~/.pip/pip.conf* file:
 
     [global]
-    index-url = http://my.shop.host:8000/simple
+    index-url = http://my.shop.host/simple
+    trusted-host = my.shop.host
 
 Where *my.shop.host* is the hostname of the machine running CheeseShop. PIP will call your CheeseShop to get packages. If CheeseShop doesn't host this package it will redirect PIP to standard Pypi.
 
@@ -27,14 +28,16 @@ To tell *setup.py* where to upload your package, you must edit file *~/.pypirc*:
     [cheeseshop]
     username: spam
     password: foo
-    repository: http://my.shop.host:8000/simple/
+    repository: http://my.shop.host/simple/
 
-*setup.py* will call your CheeseShop if you tell it to use *cheeseshop* connection with following command line:
+*setup.py* will call your CheeseShop if you name it on command line:
 
     $ python setup.py sdist upload -r cheeseshop
 
 Where `-r cheeseshop` is the option that indicates the connection you want to use. There must be a corresponding entry in your *~/.pypirc* configuration file. Don't forget to add *cheeseshop* in the *index-server* list at the beginning of the file.
 
+CheeseShop is able to run on HTTP and/or HTTPS and performs basic authentication if necessary.
+
 Installation
 ------------
 
@@ -67,14 +70,20 @@ You may also pass the path to the configuration file on the command line:
 
 This configuration file should look like this:
 
-    # The port CheeseShop is listening
-    port: 8000
-    # The URL path
-    path: simple
     # The root directory for packages
-    root: repo
+    root:  /home/cheeseshop
+    # Path to the server certificate
+    cert:  /etc/ssl/certs/cheeseshop-cert.pem
+    # Path to the server key
+    key:   /etc/ssl/private/cheeseshop-key.pem
+    # The HTTP port CheeseShop is listening
+    http:  80
+    # The HTTPS port CheeseShop is listening 
+    https: 443
+    # The URL path
+    path:  simple
     # Redirection when not found
-    shop: http://pypi.python.org/simple
+    shop:  http://pypi.python.org/simple
     # List of users and their MD5 hashed password
     # To get MD5 sum for password foo, type 'echo -n foo | md5sum'
     # To disable auth when uploading packages, set auth to ~
@@ -91,6 +100,22 @@ To compute MD5 sum for a given password, in order to fill the authentication fil
 
 There is a sample configuration file in *etc* directory of the archive.
 
+Of course, you must create an empty directory for the repository. Ensure that the user running CheeseShop has a right to write in this directory.
+
+To disable HTTP or HTTPS, you must set port to *0*. If HTTPS is disabled, you don't have to set certificate and key paths. To disable basic authentication, you must set auth to `~` (which means none in YAML).
+
+To generate a key, you can use openssl as follows:
+
+    $ openssl genrsa -out cheeseshop-key.pem 2048
+
+To generate au self signed certificate, you can type:
+
+    $ openssl req -new -x509 -key cheeseshop-key.pem -out cheeseshop-cert.pem -days 3650
+
+This command will ask you many fields, but the only that is necessary is the *FQDN* which is the hostname of the machine that is running CheeseShop.
+
+You should copy the certificate in directory */etc/ssl/certs* and the key in */etc/ssl/private*.
+
 Service
 -------
 
@@ -125,7 +150,7 @@ To build CheeseShop, you must install [Goyaml](http://github.com/go-yaml/yaml) a
     $ go get github.com/mitchellh/gox
     $ gox -build-toolchain
 
-Then you can use the make file to build the binary version for your platform:
+Then you can use the makefile to build the binary version for your platform:
 
     $ make build
 

cheeseshop.go

@@ -24,11 +24,14 @@ const (
 var DEFAULT_CONFIG = []string{"~/.cheeseshop.yml", "/etc/cheeseshop.yml"}
 
 type Config struct {
-	Port int
-	Path string
-	Root string
-	Shop string
-	Auth map[string]string
+	Http  int
+	Https int
+	Path  string
+	Root  string
+	Shop  string
+	Cert  string
+	Key   string
+	Auth  map[string]string
 }
 
 var config Config
@@ -206,17 +209,34 @@ func checkConfig() {
 	if !strings.HasSuffix(config.Path, "/") {
 		config.Path = config.Path + "/"
 	}
-	if config.Port > 65535 || config.Port < 0 {
-		log.Fatalf("Bad port number %d", config.Port)
+	if config.Http > 65535 || config.Http < 0 {
+		log.Fatalf("Bad HTTP port number %d", config.Http)
+	}
+	if config.Https > 65535 || config.Https < 0 {
+		log.Fatalf("Bad HTTPS port number %d", config.Https)
+	}
+	if config.Http == 0 && config.Https == 0 {
+		log.Fatal("At least one of HTTP or HTTPS must be enabled")
 	}
 }
 
 func main() {
 	loadConfig()
 	checkConfig()
+	log.Printf("Starting CheeseShop (ports: %d & %d, path: %s, root: %s, shop: %s)",
+		config.Http, config.Https, config.Path, config.Root, config.Shop)
 	http.HandleFunc(config.Path, handler)
-	log.Printf("Starting CheeseShop (port: %d, path: %s, root: %s, shop: %s)",
-		config.Port, config.Path, config.Root, config.Shop)
-	log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", config.Port), nil))
-	log.Print("Stopping CheeseShop")
+	if config.Http != 0 {
+		go func() {
+			log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", config.Http), nil))
+		}()
+	}
+	if config.Https != 0 {
+		go func() {
+			log.Fatal(http.ListenAndServeTLS(fmt.Sprintf(":%d", config.Https),
+				normalizeFile(config.Cert), normalizeFile(config.Key), nil))
+		}()
+	}
+	wait := make(chan bool, 1)
+	<-wait
 }

etc/cheeseshop.yml

@@ -1,11 +1,17 @@
-# The port CheeseShop is listening
-port: 8000
-# The URL path
-path: simple
 # The root directory for packages
-root: repo
+root:  /home/cheeseshop
+# Path to the server certificate
+cert:  /etc/ssl/certs/cheeseshop-cert.pem
+# Path to the server key
+key:   /etc/ssl/private/cheeseshop-key.pem
+# The HTTP port CheeseShop is listening
+http:  80
+# The HTTPS port CheeseShop is listening
+https: 443
+# The URL path
+path:  simple
 # Redirection when not found
-shop: http://pypi.python.org/simple
+shop:  http://pypi.python.org/simple
 # List of users and their MD5 hashed password
 # To get MD5 sum for password foo, type 'echo -n foo | md5sum'
 # To disable auth when uploading packages, set auth to ~