TLS HTTP setup

2025-12-22 06:13:10 -06:00 · 2020-08-13 10:03:58 +01:00 · 2020-08-13 10:03:58 +01:00 · 8382a9dcc2
parent 55df0bd374
commit 8382a9dcc2
14 changed files with 50 additions and 42 deletions
--- a/cmd/dendrite-appservice-server/main.go
+++ b/cmd/dendrite-appservice-server/main.go
@ -33,5 +33,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.AppServiceAPI.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }
--- a/cmd/dendrite-client-api-server/main.go
+++ b/cmd/dendrite-client-api-server/main.go
@ -46,5 +46,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.ClientAPI.InternalAPI.Listen,
 		base.Cfg.ClientAPI.ExternalAPI.Listen,
+		nil, nil,
 	)
 }
--- a/cmd/dendrite-current-state-server/main.go
+++ b/cmd/dendrite-current-state-server/main.go
@ -31,5 +31,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.CurrentStateServer.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }
--- a/cmd/dendrite-edu-server/main.go
+++ b/cmd/dendrite-edu-server/main.go
@ -36,5 +36,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.EDUServer.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }
--- a/cmd/dendrite-federation-api-server/main.go
+++ b/cmd/dendrite-federation-api-server/main.go
@ -40,5 +40,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.FederationAPI.InternalAPI.Listen,
 		base.Cfg.FederationAPI.ExternalAPI.Listen,
+		nil, nil,
 	)
 }
--- a/cmd/dendrite-federation-sender-server/main.go
+++ b/cmd/dendrite-federation-sender-server/main.go
@ -38,5 +38,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.FederationSender.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }
--- a/cmd/dendrite-key-server/main.go
+++ b/cmd/dendrite-key-server/main.go
@ -32,5 +32,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.KeyServer.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }
--- a/cmd/dendrite-media-api-server/main.go
+++ b/cmd/dendrite-media-api-server/main.go
@ -33,5 +33,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.MediaAPI.InternalAPI.Listen,
 		base.Cfg.MediaAPI.ExternalAPI.Listen,
+		nil, nil,
 	)
 }
--- a/cmd/dendrite-monolith-server/main.go
+++ b/cmd/dendrite-monolith-server/main.go
@ -16,7 +16,6 @@ package main

 import (
 	"flag"
-	"fmt"
 	"os"

 	"github.com/matrix-org/dendrite/appservice"
@ -148,42 +147,24 @@ func main() {
 	}
 	monolith.AddAllPublicRoutes(base.PublicAPIMux)

-	fmt.Printf("Public: %+v\n", base.PublicAPIMux)
-	fmt.Printf("Internal: %+v\n", base.InternalAPIMux)
-
-	/*
-		httputil.SetupHTTPAPI(
-			base.BaseMux,
-			base.PublicAPIMux,
-			base.InternalAPIMux,
-			&cfg.Global,
-			base.UseHTTPAPIs,
-		)
-	*/
-
 	// Expose the matrix APIs directly rather than putting them under a /api path.
 	go func() {
 		base.SetupAndServeHTTP(
 			config.HTTPAddress(httpAddr), // internal API
 			config.HTTPAddress(httpAddr), // external API
+			nil, nil,                     // TLS settings
 		)
 	}()
 	// Handle HTTPS if certificate and key are provided
-	_ = httpsAddr
-	/*
-		if *certFile != "" && *keyFile != "" {
-			go func() {
-				serv := http.Server{
-					Addr:         config.HTTPAddress(httpsAddr).,
-					WriteTimeout: setup.HTTPServerTimeout,
-					Handler:      base.BaseMux,
-				}
-
-				logrus.Info("Listening on ", serv.Addr)
-				logrus.Fatal(serv.ListenAndServeTLS(*certFile, *keyFile))
-			}()
-		}
-	*/
+	if *certFile != "" && *keyFile != "" {
+		go func() {
+			base.SetupAndServeHTTP(
+				config.HTTPAddress(httpsAddr), // internal API
+				config.HTTPAddress(httpsAddr), // external API
+				certFile, keyFile,             // TLS settings
+			)
+		}()
+	}

 	// We want to block forever to let the HTTP and HTTPS handler serve the APIs
 	select {}
--- a/cmd/dendrite-room-server/main.go
+++ b/cmd/dendrite-room-server/main.go
@ -36,5 +36,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.RoomServer.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }
--- a/cmd/dendrite-server-key-api-server/main.go
+++ b/cmd/dendrite-server-key-api-server/main.go
@ -32,5 +32,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.ServerKeyAPI.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }
--- a/cmd/dendrite-sync-api-server/main.go
+++ b/cmd/dendrite-sync-api-server/main.go
@ -36,5 +36,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.SyncAPI.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }
--- a/cmd/dendrite-user-api-server/main.go
+++ b/cmd/dendrite-user-api-server/main.go
@ -34,5 +34,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.UserAPI.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }
--- a/internal/setup/base.go
+++ b/internal/setup/base.go
@ -264,7 +264,10 @@ func (b *BaseDendrite) CreateFederationClient() *gomatrixserverlib.FederationCli

 // SetupAndServeHTTP sets up the HTTP server to serve endpoints registered on
 // ApiMux under /api/ and adds a prometheus handler under /metrics.
-func (b *BaseDendrite) SetupAndServeHTTP(internalHTTPAddr, externalHTTPAddr config.HTTPAddress) {
+func (b *BaseDendrite) SetupAndServeHTTP(
+	internalHTTPAddr, externalHTTPAddr config.HTTPAddress,
+	certFile, keyFile *string,
+) {
 	block := make(chan struct{})

 	internalAddr, _ := internalHTTPAddr.Address()
@ -294,21 +297,33 @@ func (b *BaseDendrite) SetupAndServeHTTP(internalHTTPAddr, externalHTTPAddr conf

 	go func() {
 		defer close(block)
-		logrus.Infof("Starting %s listener on %s", b.componentName, internalServ.Addr)
-		if err := internalServ.ListenAndServe(); err != nil {
-			logrus.WithError(err).Fatal("failed to serve HTTP")
-		}
-		logrus.Infof("Stopped %s listener on %s", b.componentName, internalServ.Addr)
-	}()
-
-	if externalAddr != "" && internalAddr != externalAddr {
-		go func() {
-			defer close(block)
-			logrus.Infof("Starting %s listener on %s", b.componentName, externalServ.Addr)
+		logrus.Infof("Starting %s listener on %s", b.componentName, externalServ.Addr)
+		if certFile != nil && keyFile != nil {
+			if err := externalServ.ListenAndServeTLS(*certFile, *keyFile); err != nil {
+				logrus.WithError(err).Fatal("failed to serve HTTPS")
+			}
+		} else {
 			if err := externalServ.ListenAndServe(); err != nil {
 				logrus.WithError(err).Fatal("failed to serve HTTP")
 			}
-			logrus.Infof("Stopped %s listener on %s", b.componentName, externalServ.Addr)
+		}
+		logrus.Infof("Stopped %s listener on %s", b.componentName, externalServ.Addr)
+	}()
+
+	if internalAddr != "" && internalAddr != externalAddr {
+		go func() {
+			defer close(block)
+			logrus.Infof("Starting %s listener on %s", b.componentName, internalServ.Addr)
+			if certFile != nil && keyFile != nil {
+				if err := internalServ.ListenAndServeTLS(*certFile, *keyFile); err != nil {
+					logrus.WithError(err).Fatal("failed to serve HTTPS")
+				}
+			} else {
+				if err := internalServ.ListenAndServe(); err != nil {
+					logrus.WithError(err).Fatal("failed to serve HTTP")
+				}
+			}
+			logrus.Infof("Stopped %s listener on %s", b.componentName, internalServ.Addr)
 		}()
 	}