Add Monolith HTTPS listener TLS config options

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2026-01-16 18:43:10 -06:00 · 2022-10-15 16:55:06 +02:00 · 2022-10-15 16:55:06 +02:00 · 77c7aaaf13
parent 3bfd5f18ae
commit 77c7aaaf13
3 changed files with 24 additions and 3 deletions
--- a/cmd/dendrite-monolith-server/main.go
+++ b/cmd/dendrite-monolith-server/main.go
@ -46,6 +46,9 @@ func main() {
 	cfg := setup.ParseFlags(true)
 	httpAddr := cfg.Global.Monolith.HTTPBindAddr
 	httpsAddr := cfg.Global.Monolith.HTTPBindAddr
+	certPath := string(cfg.Global.Monolith.TlsCertificatePath)
+	keyPath := string(cfg.Global.Monolith.TlsPrivateKeyPath)
+
 	if *httpBindAddr != "" {
 		httpAddr = config.HTTPAddress("http://" + *httpBindAddr)
 	}
@ -53,6 +56,14 @@ func main() {
 		httpsAddr = config.HTTPAddress("https://" + *httpsBindAddr)
 	}
 	httpAPIAddr := httpAddr
+
+	if *certFile != "" {
+		certPath = *certFile
+	}
+	if *keyFile != "" {
+		keyPath = *keyFile
+	}
+
 	options := []basepkg.BaseDendriteOptions{}
 	if *enableHTTPAPIs {
 		logrus.Warnf("DANGER! The -api option is enabled, exposing internal APIs on %q!", *apiBindAddr)
@ -168,12 +179,12 @@ func main() {
 		)
 	}()
 	// Handle HTTPS if certificate and key are provided
-	if *certFile != "" && *keyFile != "" {
+	if certPath != "" && keyPath != "" {
 		go func() {
 			base.SetupAndServeHTTP(
 				basepkg.NoListener, // internal API
 				httpsAddr,          // external API
-				certFile, keyFile,  // TLS settings
+				&certPath, &keyPath,// TLS settings
 			)
 		}()
 	}
--- a/dendrite-sample.monolith.yaml
+++ b/dendrite-sample.monolith.yaml
@ -11,10 +11,17 @@ version: 2
 global:
  # Monolith specific configuration
  monolith:
-    # HTTP and HTTPS bind address
+    # HTTP listener bind address
    http_bind_address: http://:8008
+
+    # HTTPS listener bind address.
+    # Only used when a valid cert and key are provided.
    https_bind_address: https://:8448

+    # Path to PEM formated X509 certificate and private key
+    tls_cert_path: ""
+    tls_key_path: ""
+
  # The domain name of this homeserver.
  server_name: localhost

--- a/setup/config/config_monolith.go
+++ b/setup/config/config_monolith.go
@ -3,6 +3,9 @@ package config
 type Monolith struct {
 	HTTPBindAddr  HTTPAddress `yaml:"http_bind_address"`
 	HTTPSBindAddr HTTPAddress `yaml:"https_bind_address"`
+
+	TlsCertificatePath Path `yaml:"tls_cert_path"`
+	TlsPrivateKeyPath  Path `yaml:"tls_key_path"`
 }

 func (c *Monolith) Defaults(opts DefaultOpts) {