From 77c7aaaf1391c59c05e48a69d01e5ef9bcc56745 Mon Sep 17 00:00:00 2001
From: Timo Rothenpieler <timo@rothenpieler.org>
Date: Sat, 15 Oct 2022 16:55:06 +0200
Subject: [PATCH] Add Monolith HTTPS listener TLS config options

Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
---
 cmd/dendrite-monolith-server/main.go | 15 +++++++++++++--
 dendrite-sample.monolith.yaml        |  9 ++++++++-
 setup/config/config_monolith.go      |  3 +++
 3 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/cmd/dendrite-monolith-server/main.go b/cmd/dendrite-monolith-server/main.go
index 9740c7517..c32a23417 100644
--- a/cmd/dendrite-monolith-server/main.go
+++ b/cmd/dendrite-monolith-server/main.go
@@ -46,6 +46,9 @@ func main() {
 	cfg := setup.ParseFlags(true)
 	httpAddr := cfg.Global.Monolith.HTTPBindAddr
 	httpsAddr := cfg.Global.Monolith.HTTPBindAddr
+	certPath := string(cfg.Global.Monolith.TlsCertificatePath)
+	keyPath := string(cfg.Global.Monolith.TlsPrivateKeyPath)
+
 	if *httpBindAddr != "" {
 		httpAddr = config.HTTPAddress("http://" + *httpBindAddr)
 	}
@@ -53,6 +56,14 @@ func main() {
 		httpsAddr = config.HTTPAddress("https://" + *httpsBindAddr)
 	}
 	httpAPIAddr := httpAddr
+
+	if *certFile != "" {
+		certPath = *certFile
+	}
+	if *keyFile != "" {
+		keyPath = *keyFile
+	}
+
 	options := []basepkg.BaseDendriteOptions{}
 	if *enableHTTPAPIs {
 		logrus.Warnf("DANGER! The -api option is enabled, exposing internal APIs on %q!", *apiBindAddr)
@@ -168,12 +179,12 @@ func main() {
 		)
 	}()
 	// Handle HTTPS if certificate and key are provided
-	if *certFile != "" && *keyFile != "" {
+	if certPath != "" && keyPath != "" {
 		go func() {
 			base.SetupAndServeHTTP(
 				basepkg.NoListener, // internal API
 				httpsAddr,          // external API
-				certFile, keyFile,  // TLS settings
+				&certPath, &keyPath,// TLS settings
 			)
 		}()
 	}
diff --git a/dendrite-sample.monolith.yaml b/dendrite-sample.monolith.yaml
index d4bf4fe08..8ebde1319 100644
--- a/dendrite-sample.monolith.yaml
+++ b/dendrite-sample.monolith.yaml
@@ -11,10 +11,17 @@ version: 2
 global:
   # Monolith specific configuration
   monolith:
-    # HTTP and HTTPS bind address
+    # HTTP listener bind address
     http_bind_address: http://:8008
+
+    # HTTPS listener bind address.
+    # Only used when a valid cert and key are provided.
     https_bind_address: https://:8448
 
+    # Path to PEM formated X509 certificate and private key
+    tls_cert_path: ""
+    tls_key_path: ""
+
   # The domain name of this homeserver.
   server_name: localhost
 
diff --git a/setup/config/config_monolith.go b/setup/config/config_monolith.go
index e39c39b16..b1d86d420 100644
--- a/setup/config/config_monolith.go
+++ b/setup/config/config_monolith.go
@@ -3,6 +3,9 @@ package config
 type Monolith struct {
 	HTTPBindAddr  HTTPAddress `yaml:"http_bind_address"`
 	HTTPSBindAddr HTTPAddress `yaml:"https_bind_address"`
+
+	TlsCertificatePath Path `yaml:"tls_cert_path"`
+	TlsPrivateKeyPath  Path `yaml:"tls_key_path"`
 }
 
 func (c *Monolith) Defaults(opts DefaultOpts) {