Skip to content

Commit

Permalink
Separate SSL Configurations for Device and User (#163)
Browse files Browse the repository at this point in the history 
* feat: Separate SSL configurations for device and web UI

* config: Add configuration template
 for web UI SSL

* fix: parse bool

* fix: fix compatibility with old configuration files

* config: update template
  • Loading branch information
@FUjr
FUjr authored Nov 22, 2024
1 parent c1b5be5 commit b7a8f0b
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 3 deletions.
4 changes: 2 additions & 2 deletions api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -621,9 +621,9 @@ func apiStart(br *broker) {
go func() {
var err error

if cfg.SslCert != "" && cfg.SslKey != "" {
if cfg.WebUISslCert != "" && cfg.WebUISslKey != "" {
log.Info().Msgf("Listen user on: %s SSL on", cfg.AddrUser)
err = r.RunTLS(cfg.AddrUser, cfg.SslCert, cfg.SslKey)
err = r.RunTLS(cfg.AddrUser, cfg.WebUISslCert, cfg.WebUISslKey)
} else {
log.Info().Msgf("Listen user on: %s SSL off", cfg.AddrUser)
err = r.Run(cfg.AddrUser)
Expand Down
17 changes: 16 additions & 1 deletion config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,13 @@ type Config struct {
SslCert string
SslKey string
SslCacert string // mTLS for device
WebUISslCert string
WebUISslKey string
Token string
WhiteList map[string]bool
DB string
LocalAuth bool
SeparateSslConfig bool
}

func getConfigOpt(yamlCfg *yaml.File, name string, opt interface{}) {
Expand All @@ -37,6 +40,8 @@ func getConfigOpt(yamlCfg *yaml.File, name string, opt interface{}) {
*opt = val
case *int:
*opt, _ = strconv.Atoi(val)
case *bool:
*opt, _ = strconv.ParseBool(val)
}
}

Expand All @@ -50,6 +55,9 @@ func Parse(c *cli.Context) *Config {
SslCert: c.String("ssl-cert"),
SslKey: c.String("ssl-key"),
SslCacert: c.String("ssl-cacert"),
SeparateSslConfig: c.Bool("separate-ssl-config"),
WebUISslCert: c.String("webui-ssl-cert"),
WebUISslKey: c.String("webui-ssl-key"),
Token: c.String("token"),
DB: c.String("db"),
LocalAuth: c.Bool("local-auth"),
Expand All @@ -76,10 +84,17 @@ func Parse(c *cli.Context) *Config {
getConfigOpt(yamlCfg, "ssl-cert", &cfg.SslCert)
getConfigOpt(yamlCfg, "ssl-key", &cfg.SslKey)
getConfigOpt(yamlCfg, "ssl-cacert", &cfg.SslCacert)
getConfigOpt(yamlCfg, "separate-ssl-config", &cfg.SeparateSslConfig)
if cfg.SeparateSslConfig {
getConfigOpt(yamlCfg, "webui-ssl-cert", &cfg.WebUISslCert)
getConfigOpt(yamlCfg, "webui-ssl-key", &cfg.WebUISslKey)
} else {
cfg.WebUISslCert = cfg.SslCert
cfg.WebUISslKey = cfg.SslKey
}
getConfigOpt(yamlCfg, "token", &cfg.Token)
getConfigOpt(yamlCfg, "db", &cfg.DB)
getConfigOpt(yamlCfg, "local-auth", &cfg.LocalAuth)

val, err := yamlCfg.Get("white-list")
if err == nil {
if val == "*" || val == "\"*\"" {
Expand Down
5 changes: 5 additions & 0 deletions rttys.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,11 @@
#ssl-cert: /etc/rttys/rttys.crt
#ssl-key: /etc/rttys/rttys.key

#if you want to use separate SSL config for webui, set this to True.otherwise, it will use the same SSL config for device and webui
#separate-ssl-config: True
#webui-ssl-cert: /etc/rttys/webui-rttys.crt
#webui-ssl-key: /etc/rttys/webui-rttys.key

#token: a1d4cdb1a3cd6a0e94aa3599afcddcf5

# No login required to connect device.
Expand Down

0 comments on commit b7a8f0b

Please sign in to comment.