From 8382a9dcc2b88cff1913edc9dd09814518da96f7 Mon Sep 17 00:00:00 2001
From: Neil Alexander <neilalexander@users.noreply.github.com>
Date: Thu, 13 Aug 2020 10:03:58 +0100
Subject: [PATCH] TLS HTTP setup

---
 cmd/dendrite-appservice-server/main.go        |  1 +
 cmd/dendrite-client-api-server/main.go        |  1 +
 cmd/dendrite-current-state-server/main.go     |  1 +
 cmd/dendrite-edu-server/main.go               |  1 +
 cmd/dendrite-federation-api-server/main.go    |  1 +
 cmd/dendrite-federation-sender-server/main.go |  1 +
 cmd/dendrite-key-server/main.go               |  1 +
 cmd/dendrite-media-api-server/main.go         |  1 +
 cmd/dendrite-monolith-server/main.go          | 39 +++++-------------
 cmd/dendrite-room-server/main.go              |  1 +
 cmd/dendrite-server-key-api-server/main.go    |  1 +
 cmd/dendrite-sync-api-server/main.go          |  1 +
 cmd/dendrite-user-api-server/main.go          |  1 +
 internal/setup/base.go                        | 41 +++++++++++++------
 14 files changed, 50 insertions(+), 42 deletions(-)

diff --git a/cmd/dendrite-appservice-server/main.go b/cmd/dendrite-appservice-server/main.go
index b094ea6ac..72b243e28 100644
--- a/cmd/dendrite-appservice-server/main.go
+++ b/cmd/dendrite-appservice-server/main.go
@@ -33,5 +33,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.AppServiceAPI.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }
diff --git a/cmd/dendrite-client-api-server/main.go b/cmd/dendrite-client-api-server/main.go
index ca9f4456f..6efe86a7c 100644
--- a/cmd/dendrite-client-api-server/main.go
+++ b/cmd/dendrite-client-api-server/main.go
@@ -46,5 +46,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.ClientAPI.InternalAPI.Listen,
 		base.Cfg.ClientAPI.ExternalAPI.Listen,
+		nil, nil,
 	)
 }
diff --git a/cmd/dendrite-current-state-server/main.go b/cmd/dendrite-current-state-server/main.go
index 662728a30..594bfcf9d 100644
--- a/cmd/dendrite-current-state-server/main.go
+++ b/cmd/dendrite-current-state-server/main.go
@@ -31,5 +31,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.CurrentStateServer.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }
diff --git a/cmd/dendrite-edu-server/main.go b/cmd/dendrite-edu-server/main.go
index 55703a11d..e0956619e 100644
--- a/cmd/dendrite-edu-server/main.go
+++ b/cmd/dendrite-edu-server/main.go
@@ -36,5 +36,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.EDUServer.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }
diff --git a/cmd/dendrite-federation-api-server/main.go b/cmd/dendrite-federation-api-server/main.go
index 5d59a7080..1753d43c8 100644
--- a/cmd/dendrite-federation-api-server/main.go
+++ b/cmd/dendrite-federation-api-server/main.go
@@ -40,5 +40,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.FederationAPI.InternalAPI.Listen,
 		base.Cfg.FederationAPI.ExternalAPI.Listen,
+		nil, nil,
 	)
 }
diff --git a/cmd/dendrite-federation-sender-server/main.go b/cmd/dendrite-federation-sender-server/main.go
index e2f120ee4..369060196 100644
--- a/cmd/dendrite-federation-sender-server/main.go
+++ b/cmd/dendrite-federation-sender-server/main.go
@@ -38,5 +38,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.FederationSender.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }
diff --git a/cmd/dendrite-key-server/main.go b/cmd/dendrite-key-server/main.go
index 4cb9e7438..2110b216d 100644
--- a/cmd/dendrite-key-server/main.go
+++ b/cmd/dendrite-key-server/main.go
@@ -32,5 +32,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.KeyServer.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }
diff --git a/cmd/dendrite-media-api-server/main.go b/cmd/dendrite-media-api-server/main.go
index 44a3e7257..7a2d44c0b 100644
--- a/cmd/dendrite-media-api-server/main.go
+++ b/cmd/dendrite-media-api-server/main.go
@@ -33,5 +33,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.MediaAPI.InternalAPI.Listen,
 		base.Cfg.MediaAPI.ExternalAPI.Listen,
+		nil, nil,
 	)
 }
diff --git a/cmd/dendrite-monolith-server/main.go b/cmd/dendrite-monolith-server/main.go
index c5cf9c24f..cca50c10a 100644
--- a/cmd/dendrite-monolith-server/main.go
+++ b/cmd/dendrite-monolith-server/main.go
@@ -16,7 +16,6 @@ package main
 
 import (
 	"flag"
-	"fmt"
 	"os"
 
 	"github.com/matrix-org/dendrite/appservice"
@@ -148,42 +147,24 @@ func main() {
 	}
 	monolith.AddAllPublicRoutes(base.PublicAPIMux)
 
-	fmt.Printf("Public: %+v\n", base.PublicAPIMux)
-	fmt.Printf("Internal: %+v\n", base.InternalAPIMux)
-
-	/*
-		httputil.SetupHTTPAPI(
-			base.BaseMux,
-			base.PublicAPIMux,
-			base.InternalAPIMux,
-			&cfg.Global,
-			base.UseHTTPAPIs,
-		)
-	*/
-
 	// Expose the matrix APIs directly rather than putting them under a /api path.
 	go func() {
 		base.SetupAndServeHTTP(
 			config.HTTPAddress(httpAddr), // internal API
 			config.HTTPAddress(httpAddr), // external API
+			nil, nil,                     // TLS settings
 		)
 	}()
 	// Handle HTTPS if certificate and key are provided
-	_ = httpsAddr
-	/*
-		if *certFile != "" && *keyFile != "" {
-			go func() {
-				serv := http.Server{
-					Addr:         config.HTTPAddress(httpsAddr).,
-					WriteTimeout: setup.HTTPServerTimeout,
-					Handler:      base.BaseMux,
-				}
-
-				logrus.Info("Listening on ", serv.Addr)
-				logrus.Fatal(serv.ListenAndServeTLS(*certFile, *keyFile))
-			}()
-		}
-	*/
+	if *certFile != "" && *keyFile != "" {
+		go func() {
+			base.SetupAndServeHTTP(
+				config.HTTPAddress(httpsAddr), // internal API
+				config.HTTPAddress(httpsAddr), // external API
+				certFile, keyFile,             // TLS settings
+			)
+		}()
+	}
 
 	// We want to block forever to let the HTTP and HTTPS handler serve the APIs
 	select {}
diff --git a/cmd/dendrite-room-server/main.go b/cmd/dendrite-room-server/main.go
index d866e8691..0d587e6ee 100644
--- a/cmd/dendrite-room-server/main.go
+++ b/cmd/dendrite-room-server/main.go
@@ -36,5 +36,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.RoomServer.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }
diff --git a/cmd/dendrite-server-key-api-server/main.go b/cmd/dendrite-server-key-api-server/main.go
index ac55cacb7..1ad4ede26 100644
--- a/cmd/dendrite-server-key-api-server/main.go
+++ b/cmd/dendrite-server-key-api-server/main.go
@@ -32,5 +32,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.ServerKeyAPI.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }
diff --git a/cmd/dendrite-sync-api-server/main.go b/cmd/dendrite-sync-api-server/main.go
index 3136d334c..4b041e0a7 100644
--- a/cmd/dendrite-sync-api-server/main.go
+++ b/cmd/dendrite-sync-api-server/main.go
@@ -36,5 +36,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.SyncAPI.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }
diff --git a/cmd/dendrite-user-api-server/main.go b/cmd/dendrite-user-api-server/main.go
index 2002afbb9..c21525e60 100644
--- a/cmd/dendrite-user-api-server/main.go
+++ b/cmd/dendrite-user-api-server/main.go
@@ -34,5 +34,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.UserAPI.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }
diff --git a/internal/setup/base.go b/internal/setup/base.go
index 046ce4fcf..f54f15190 100644
--- a/internal/setup/base.go
+++ b/internal/setup/base.go
@@ -264,7 +264,10 @@ func (b *BaseDendrite) CreateFederationClient() *gomatrixserverlib.FederationCli
 
 // SetupAndServeHTTP sets up the HTTP server to serve endpoints registered on
 // ApiMux under /api/ and adds a prometheus handler under /metrics.
-func (b *BaseDendrite) SetupAndServeHTTP(internalHTTPAddr, externalHTTPAddr config.HTTPAddress) {
+func (b *BaseDendrite) SetupAndServeHTTP(
+	internalHTTPAddr, externalHTTPAddr config.HTTPAddress,
+	certFile, keyFile *string,
+) {
 	block := make(chan struct{})
 
 	internalAddr, _ := internalHTTPAddr.Address()
@@ -294,21 +297,33 @@ func (b *BaseDendrite) SetupAndServeHTTP(internalHTTPAddr, externalHTTPAddr conf
 
 	go func() {
 		defer close(block)
-		logrus.Infof("Starting %s listener on %s", b.componentName, internalServ.Addr)
-		if err := internalServ.ListenAndServe(); err != nil {
-			logrus.WithError(err).Fatal("failed to serve HTTP")
-		}
-		logrus.Infof("Stopped %s listener on %s", b.componentName, internalServ.Addr)
-	}()
-
-	if externalAddr != "" && internalAddr != externalAddr {
-		go func() {
-			defer close(block)
-			logrus.Infof("Starting %s listener on %s", b.componentName, externalServ.Addr)
+		logrus.Infof("Starting %s listener on %s", b.componentName, externalServ.Addr)
+		if certFile != nil && keyFile != nil {
+			if err := externalServ.ListenAndServeTLS(*certFile, *keyFile); err != nil {
+				logrus.WithError(err).Fatal("failed to serve HTTPS")
+			}
+		} else {
 			if err := externalServ.ListenAndServe(); err != nil {
 				logrus.WithError(err).Fatal("failed to serve HTTP")
 			}
-			logrus.Infof("Stopped %s listener on %s", b.componentName, externalServ.Addr)
+		}
+		logrus.Infof("Stopped %s listener on %s", b.componentName, externalServ.Addr)
+	}()
+
+	if internalAddr != "" && internalAddr != externalAddr {
+		go func() {
+			defer close(block)
+			logrus.Infof("Starting %s listener on %s", b.componentName, internalServ.Addr)
+			if certFile != nil && keyFile != nil {
+				if err := internalServ.ListenAndServeTLS(*certFile, *keyFile); err != nil {
+					logrus.WithError(err).Fatal("failed to serve HTTPS")
+				}
+			} else {
+				if err := internalServ.ListenAndServe(); err != nil {
+					logrus.WithError(err).Fatal("failed to serve HTTP")
+				}
+			}
+			logrus.Infof("Stopped %s listener on %s", b.componentName, internalServ.Addr)
 		}()
 	}