alexandreh2ag · alexandreh2ag · Jan 19, 2025 · Jan 19, 2025
diff --git a/apps/server/http/fixtures/cert.crt b/apps/server/http/fixtures/cert.crt
@@ -0,0 +1,3 @@
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAe6gAwIBAgIGAZR/lf8TMA0GCSqGSIb3DQEBCwUAMEQxFDASBgNVBAMMC0xldHMtR28tVExTMQswCQYDVQQGEwJVUzEfMB0GCSqGSIb3DQEJARYQdGVzdEBleGFtcGxlLmNvbTAeFw0yNTAxMTkxNzIyMDRaFw0zNTAxMTcxNzIyMDRaMEQxFDASBgNVBAMMC0xldHMtR28tVExTMQswCQYDVQQGEwJVUzEfMB0GCSqGSIb3DQEJARYQdGVzdEBleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzAQVVSpmWBKKL6bZ5+1W4RiVkTAkRBRKl19EE7lcHKag/usgu7GoS19bl8WwkgLXG2IiWa1/ktuDtlDXHeNhh16ztZK1ltY0i02YIBATAPvAqov0+uSO5SWp7Xll+20dtDYLp1gr7H2lBJPD0P3qseEuTrl6Gjl0wwOSJtVWcJS7+1QkC9vx5gfhbtmJzwnhtIZzzKXslb387J18C3OFqwu5sc2LPToPc2i391lSK76iTsDUNCHAo2uscBGfdnsmLfs3UaZlgz3TgHkfAxo2k/k1TNtRZ1I4Ikn5uPLgWbVqK3MMMlZmoq9Bq8okSDvhPv69thAaPmKCGcohuq3YsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAeAqPNMux7fiDyIh+ZALUIASbh6CJAKb96okYU98wA8QWEjRTNjICtWpjiRbvFUkcz8d2N1GhyEWeTWsfVgBguO4g6yrofJoFsNuJy/Ym+oTIJVbzf9HkQSilQDAFG3Rr4vyt1LUwFiNsDigrPHp4IDMgZkwiWfA4SUKDR4kmKn9pzSSxhP6okYkOYoQ8aonxlS0J0vuaKER4ug5lsVRrW/Y8dj8h3AQp5tFxoqf+cmcP9Px7ykTTK6MfWMCUTaOcFqr7jRFA449BK5Q1gWXIfDZ9y1eQztlgs5vuhK5YFaWMgDy1REoYIJTODQNmMBQEQIKJSO1DeO+9pyf3sLN2mw==
+-----END CERTIFICATE-----
diff --git a/apps/server/http/fixtures/priv.key b/apps/server/http/fixtures/priv.key
@@ -0,0 +1,3 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCcwEFVUqZlgSii+m2eftVuEYlZEwJEQUSpdfRBO5XBymoP7rILuxqEtfW5fFsJIC1xtiIlmtf5Lbg7ZQ1x3jYYdes7WStZbWNItNmCAQEwD7wKqL9PrkjuUlqe15ZfttHbQ2C6dYK+x9pQSTw9D96rHhLk65eho5dMMDkibVVnCUu/tUJAvb8eYH4W7Zic8J4bSGc8yl7JW9/OydfAtzhasLubHNiz06D3Not/dZUiu+ok7A1DQhwKNrrHARn3Z7Ji37N1GmZYM904B5HwMaNpP5NUzbUWdSOCJJ+bjy4Fm1aitzDDJWZqKvQavKJEg74T7+vbYQGj5ighnKIbqt2LAgMBAAECggEAAka5pcGlmfHzHNH4xCVaXkoetC6JYpb1P/+ImwCzzyGF3Cv4TCEc8V8FFC4t0kDN3onDDpTxKVsUT4R+c/z1zL6I1A7nVfNqzpQvWAR0t6ja1bRkOgXkmDvI7ID79YrdmrE5SkV8YkUO5gor0XhibU2D/7mhTsV/famlNfTf5lDSuT5Z+dNsR5kIAF/GT18f3VZigDHGc+/Bbv2/ADy72TVQkrltdhNUXWC7EfQdycavNg9OsGPUKMEjpx6sj9VaDREJC/7vxbrLfN9PGoeV81vjJBMQdxjcdn+0mEPFvLPCzrfIKZjKD3a2wt7r2cPpbio3lKvtLCGABw8YHNWGdQKBgQDLz6gpLNFq0O/CBCh+5yyO4HlY6j3z+fHV0iBjXZkP+VztpgHLYIT9zOnqEqWa1fAwzE8WS8u+kmP/gcXITpCD5ZVV95G2iq/WAp8MZxW1HkD2h2EIYFscPbUOKEBesXsi0GbM2vBkUK5squL8lYQaMRg/ZICwpsSqXq7TeBaexwKBgQDE468pHak2155o5kIUGkCKFrlB3fJhJnU10fOQa7B3bPwQcRxmoUpgX1iItXiLQxDN/ixFTEVXa5WdUNFr8CWR9TX/thSgBaLnXmdRUFPi9NN+OnIY/borl5AeMfp689qci8KcFBDXGa6ASSx9twZP930C0F44R6YrYU5GhXEXHQKBgCodIJxRfHxb7A7lGREP568mRyzOSjrtvMD4CGU/4+7fEgqxMNG7gf+HphYOAFY8OsN6lCUBSHp6eVtEj3/SbB41BGSdIWjcw3SvWfoQGvYv6DCIzM4USv9M6Oqh+psWhWEuOu+9lcrEuSYPMZQLuR5IYsBGnijibOTfZ7Serd3lAoGAAvAq4wAwUEMzd/lHrykdIXJpXVREk7KROTZi3hrdTUrxEAXAGL/7bii+F3wtylY73/cVDguvVTijyO810NiKlv0Dy0caU7EB11YPUKVUOyTQKygQH9NZfeELI4g3ZrJQ5tknFFEwVyVo9z0gTtf2XichVHNrlIdtMWSIWIERSPkCgYA+Q+eWKynQLpzRMd+So+IjnJ+Dyq6fZPmBqzgbOsshhRMfFDNoYrGWuFp63DRRgIjBvnuoD98RRX/uE+NnT7xmaAiKLsETCJABsXqWa7yksOD8btaq7s0/UIvVLiQMMKgBRzfxXfYFyV7j7k9vvv1Eys2+oOM3cRbl+s4uJfSQeA==
+-----END RSA PRIVATE KEY-----
diff --git a/apps/server/http/server.go b/apps/server/http/server.go
@@ -41,8 +41,15 @@ func CreateServerHTTP(ctx *context.ServerContext, httpProvider *acmeHttp.Challen
 	authorizedGroup.POST(http.GetApiPrefix(http.ServerApiGetCertificates), controller.GetCertificatesFromRequests)
 
 	go func() {
-		err := e.Start(ctx.Config.HTTP.Listen)
-		ctx.Logger.Error(err.Error())
+		var err error
+		if ctx.Config.HTTP.TLS.Enable {
+			err = e.StartTLS(ctx.Config.HTTP.Listen, ctx.Config.HTTP.TLS.CertPath, ctx.Config.HTTP.TLS.KeyPath)
+		} else {
+			err = e.Start(ctx.Config.HTTP.Listen)
+		}
+		if err != nil {
+			panic(fmt.Errorf("fail to start http server with %v", err))
+		}
 	}()
 
 	return e, nil

diff --git a/apps/server/http/server_test.go b/apps/server/http/server_test.go
@@ -3,6 +3,9 @@ package http
 import (
 	"github.com/alexandreh2ag/lets-go-tls/apps/server/acme/http"
 	appCtx "github.com/alexandreh2ag/lets-go-tls/apps/server/context"
+	appProm "github.com/alexandreh2ag/lets-go-tls/prometheus"
+	"github.com/alexandreh2ag/lets-go-tls/types"
+	"github.com/prometheus/client_golang/prometheus"
 	"github.com/stretchr/testify/assert"
 	"testing"
 	"time"
@@ -12,9 +15,27 @@ func TestCreateServerHTTP(t *testing.T) {
 	ctx := appCtx.TestContext(nil)
 	ctx.Config.HTTP.Listen = "127.0.0.1:0"
 	ctx.Config.HTTP.MetricsEnable = true
+	ctx.MetricsRegister = appProm.NewRegistry(types.NameServerMetrics, prometheus.NewRegistry())
 	httpProvider := http.NewChallenge(ctx.Logger, ctx.Cache)
 	got, err := CreateServerHTTP(ctx, httpProvider)
 	time.Sleep(200 * time.Millisecond)
 	assert.NoError(t, err)
 	assert.NotNil(t, got)
 }
+
+func TestCreateServerHTTPWithTLS_Fail(t *testing.T) {
+	ctx := appCtx.TestContext(nil)
+	ctx.Config.HTTP.Listen = "127.0.0.1:0"
+	ctx.Config.HTTP.MetricsEnable = true
+	ctx.MetricsRegister = appProm.NewRegistry(types.NameServerMetrics, prometheus.NewRegistry())
+	ctx.Config.HTTP.TLS.Enable = true
+	ctx.Config.HTTP.TLS.CertPath = "./fixtures/cert.crt"
+	ctx.Config.HTTP.TLS.KeyPath = "./fixtures/priv.key"
+	httpProvider := http.NewChallenge(ctx.Logger, ctx.Cache)
+
+	got, err := CreateServerHTTP(ctx, httpProvider)
+	time.Sleep(200 * time.Millisecond)
+	assert.NoError(t, err)
+	assert.NotNil(t, got)
+
+}
diff --git a/config/http.go b/config/http.go
@@ -1,6 +1,13 @@
 package config
 
 type HTTPConfig struct {
-	Listen        string `mapstructure:"listen" validate:"required"`
-	MetricsEnable bool   `mapstructure:"metrics_enable"`
+	Listen        string    `mapstructure:"listen" validate:"required"`
+	MetricsEnable bool      `mapstructure:"metrics_enable"`
+	TLS           TLSConfig `mapstructure:"tls"`
+}
+
+type TLSConfig struct {
+	Enable   bool   `mapstructure:"enable"`
+	CertPath string `mapstructure:"cert_path" validate:"required_if=Enable true"`
+	KeyPath  string `mapstructure:"key_path" validate:"required_if=Enable true"`
 }
diff --git a/docs/agent_config.md b/docs/agent_config.md
@@ -7,6 +7,10 @@ interval: 5m0s # duration each process to fetch certificates. default: 5m
 http:
     listen: 0.0.0.0:8080 # server listen address. default: 0.0.0.0:8080
     metrics_enable: false # enable metrics on path `/metrics`. default: false
+    tls:
+        enable: false
+        cert_path: "/ssl/certificate.crt" # mandatory only when enable is true
+        key_path: "/ssl/private.key" # mandatory only when enable is true
 manager:
     address: 127.0.0.1:8080 # server address
     token: tokenJwt # JWT token used to authenticate on server

diff --git a/docs/server_config.md b/docs/server_config.md
@@ -9,6 +9,10 @@ unused_retention: 336h0m0s # time to keep in store unused certificate. default:
 http:
     listen: 0.0.0.0:8080 # server listen address. default: 0.0.0.0:8080
     metrics_enable: false # enable metrics on path `/metrics`. default: false
+    tls:
+        enable: false
+        cert_path: "/ssl/certificate.crt" # mandatory only when enable is true
+        key_path: "/ssl/private.key" # mandatory only when enable is true
 jwt:
     key: superSecret # secret to sign JWT token
     method: HS256 # method used to sign JWT token. default: HS256

diff --git a/examples/agent.cfg.yml b/examples/agent.cfg.yml
@@ -1,6 +1,10 @@
 http:
   listen: 0.0.0.0:8080
   metrics_enable: false
+  tls:
+    cert_path: ""
+    enable: false
+    key_path: ""
 interval: 5m0s
 manager:
   address: 127.0.0.1:8080

diff --git a/examples/server.cfg.yml b/examples/server.cfg.yml
@@ -46,6 +46,10 @@ cache:
 http:
   listen: 0.0.0.0:8080
   metrics_enable: false
+  tls:
+    cert_path: ""
+    enable: false
+    key_path: ""
 interval: 5m0s
 jwt:
   key: superSecret