TLS HTTP setup

cmd/dendrite-appservice-server/main.go

@@ -33,5 +33,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.AppServiceAPI.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }

cmd/dendrite-client-api-server/main.go

@@ -46,5 +46,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.ClientAPI.InternalAPI.Listen,
 		base.Cfg.ClientAPI.ExternalAPI.Listen,
+		nil, nil,
 	)
 }

cmd/dendrite-current-state-server/main.go

@@ -31,5 +31,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.CurrentStateServer.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }

cmd/dendrite-edu-server/main.go

@@ -36,5 +36,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.EDUServer.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }

cmd/dendrite-federation-api-server/main.go

@@ -40,5 +40,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.FederationAPI.InternalAPI.Listen,
 		base.Cfg.FederationAPI.ExternalAPI.Listen,
+		nil, nil,
 	)
 }

cmd/dendrite-federation-sender-server/main.go

@@ -38,5 +38,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.FederationSender.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }

cmd/dendrite-key-server/main.go

@@ -32,5 +32,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.KeyServer.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }

cmd/dendrite-media-api-server/main.go

@@ -33,5 +33,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.MediaAPI.InternalAPI.Listen,
 		base.Cfg.MediaAPI.ExternalAPI.Listen,
+		nil, nil,
 	)
 }

cmd/dendrite-monolith-server/main.go

@@ -16,7 +16,6 @@ package main
 
 import (
 	"flag"
-	"fmt"
 	"os"
 
 	"github.com/matrix-org/dendrite/appservice"
@@ -148,42 +147,24 @@ func main() {
 	}
 	monolith.AddAllPublicRoutes(base.PublicAPIMux)
 
-	fmt.Printf("Public: %+v\n", base.PublicAPIMux)
-	fmt.Printf("Internal: %+v\n", base.InternalAPIMux)
-
-	/*
-		httputil.SetupHTTPAPI(
-			base.BaseMux,
-			base.PublicAPIMux,
-			base.InternalAPIMux,
-			&cfg.Global,
-			base.UseHTTPAPIs,
-		)
-	*/
-
 	// Expose the matrix APIs directly rather than putting them under a /api path.
 	go func() {
 		base.SetupAndServeHTTP(
 			config.HTTPAddress(httpAddr), // internal API
 			config.HTTPAddress(httpAddr), // external API
+			nil, nil,                     // TLS settings
 		)
 	}()
 	// Handle HTTPS if certificate and key are provided
-	_ = httpsAddr
+	if *certFile != "" && *keyFile != "" {
-	/*
+		go func() {
-		if *certFile != "" && *keyFile != "" {
+			base.SetupAndServeHTTP(
-			go func() {
+				config.HTTPAddress(httpsAddr), // internal API
-				serv := http.Server{
+				config.HTTPAddress(httpsAddr), // external API
-					Addr:         config.HTTPAddress(httpsAddr).,
+				certFile, keyFile,             // TLS settings
-					WriteTimeout: setup.HTTPServerTimeout,
+			)
-					Handler:      base.BaseMux,
+		}()
-				}
+	}
-
-				logrus.Info("Listening on ", serv.Addr)
-				logrus.Fatal(serv.ListenAndServeTLS(*certFile, *keyFile))
-			}()
-		}
-	*/
 
 	// We want to block forever to let the HTTP and HTTPS handler serve the APIs
 	select {}

cmd/dendrite-room-server/main.go

@@ -36,5 +36,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.RoomServer.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }

cmd/dendrite-server-key-api-server/main.go

@@ -32,5 +32,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.ServerKeyAPI.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }

cmd/dendrite-sync-api-server/main.go

@@ -36,5 +36,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.SyncAPI.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }

cmd/dendrite-user-api-server/main.go

@@ -34,5 +34,6 @@ func main() {
 	base.SetupAndServeHTTP(
 		base.Cfg.UserAPI.InternalAPI.Listen,
 		setup.NoExternalListener,
+		nil, nil,
 	)
 }

internal/setup/base.go

@@ -264,7 +264,10 @@ func (b *BaseDendrite) CreateFederationClient() *gomatrixserverlib.FederationCli
 
 // SetupAndServeHTTP sets up the HTTP server to serve endpoints registered on
 // ApiMux under /api/ and adds a prometheus handler under /metrics.
-func (b *BaseDendrite) SetupAndServeHTTP(internalHTTPAddr, externalHTTPAddr config.HTTPAddress) {
+func (b *BaseDendrite) SetupAndServeHTTP(
+	internalHTTPAddr, externalHTTPAddr config.HTTPAddress,
+	certFile, keyFile *string,
+) {
 	block := make(chan struct{})
 
 	internalAddr, _ := internalHTTPAddr.Address()
@@ -294,21 +297,33 @@ func (b *BaseDendrite) SetupAndServeHTTP(internalHTTPAddr, externalHTTPAddr conf
 
 	go func() {
 		defer close(block)
-		logrus.Infof("Starting %s listener on %s", b.componentName, internalServ.Addr)
+		logrus.Infof("Starting %s listener on %s", b.componentName, externalServ.Addr)
-		if err := internalServ.ListenAndServe(); err != nil {
+		if certFile != nil && keyFile != nil {
-			logrus.WithError(err).Fatal("failed to serve HTTP")
+			if err := externalServ.ListenAndServeTLS(*certFile, *keyFile); err != nil {
-		}
+				logrus.WithError(err).Fatal("failed to serve HTTPS")
-		logrus.Infof("Stopped %s listener on %s", b.componentName, internalServ.Addr)
+			}
-	}()
+		} else {
-
-	if externalAddr != "" && internalAddr != externalAddr {
-		go func() {
-			defer close(block)
-			logrus.Infof("Starting %s listener on %s", b.componentName, externalServ.Addr)
 			if err := externalServ.ListenAndServe(); err != nil {
 				logrus.WithError(err).Fatal("failed to serve HTTP")
 			}
-			logrus.Infof("Stopped %s listener on %s", b.componentName, externalServ.Addr)
+		}
+		logrus.Infof("Stopped %s listener on %s", b.componentName, externalServ.Addr)
+	}()
+
+	if internalAddr != "" && internalAddr != externalAddr {
+		go func() {
+			defer close(block)
+			logrus.Infof("Starting %s listener on %s", b.componentName, internalServ.Addr)
+			if certFile != nil && keyFile != nil {
+				if err := internalServ.ListenAndServeTLS(*certFile, *keyFile); err != nil {
+					logrus.WithError(err).Fatal("failed to serve HTTPS")
+				}
+			} else {
+				if err := internalServ.ListenAndServe(); err != nil {
+					logrus.WithError(err).Fatal("failed to serve HTTP")
+				}
+			}
+			logrus.Infof("Stopped %s listener on %s", b.componentName, internalServ.Addr)
 		}()
 	}