func ServeOnce(c *server.Config, cf string, hd *httpdown.HTTP) (*server.AuthServer, httpdown.Server) {
glog.Infof("Config from %s (%d users, %d ACL entries)", cf, len(c.Users), len(c.ACL))
as, err := server.NewAuthServer(c)
if err != nil {
glog.Exitf("Failed to create auth server: %s", err)
}
hs := &http.Server{
Addr: c.Server.ListenAddress,
Handler: as,
TLSConfig: &tls.Config{
NextProtos: []string{"http/1.1"},
Certificates: make([]tls.Certificate, 1),
},
}
glog.Infof("Cert file: %s", c.Server.CertFile)
glog.Infof("Key file : %s", c.Server.KeyFile)
hs.TLSConfig.Certificates[0], err = tls.LoadX509KeyPair(c.Server.CertFile, c.Server.KeyFile)
if err != nil {
glog.Exitf("Failed to load certificate and key: %s", err)
}
s, err := hd.ListenAndServe(hs)
if err != nil {
glog.Exitf("Failed to set up listener: %s", err)
}
glog.Infof("Serving")
return as, s
}
func ServeOnce(c *config.Config, cf string, hd *httpdown.HTTP) (*server.AuthServer, httpdown.Server) {
glog.Infof("Config from %s (%d users, %d ACL static entries)", cf, len(c.Users), len(c.ACL))
as, ms, err := server.NewAuthServer(c)
if err != nil {
glog.Exitf("Failed to create auth server: %s", err)
}
var tlsConfig *tls.Config
if c.Server.CertFile != "" || c.Server.KeyFile != "" {
// Check for partial configuration.
if c.Server.CertFile == "" || c.Server.KeyFile == "" {
glog.Exitf("Failed to load certificate and key: both were not provided")
}
tlsConfig = &tls.Config{
MinVersion: tls.VersionTLS10,
PreferServerCipherSuites: true,
CipherSuites: []uint16{
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_128_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
},
NextProtos: []string{"http/1.1"},
Certificates: make([]tls.Certificate, 1),
}
glog.Infof("Cert file: %s", c.Server.CertFile)
glog.Infof("Key file : %s", c.Server.KeyFile)
tlsConfig.Certificates[0], err = tls.LoadX509KeyPair(c.Server.CertFile, c.Server.KeyFile)
if err != nil {
glog.Exitf("Failed to load certificate and key: %s", err)
}
} else {
glog.Warning("Running without TLS")
}
hs := &http.Server{
Addr: c.Server.ListenAddress,
Handler: as,
TLSConfig: tlsConfig,
}
s, err := hd.ListenAndServe(hs)
if err != nil {
glog.Exitf("Failed to set up listener: %s", err)
}
ms.RunManagerServer()
glog.Infof("Serving")
return as, s
}
func ServeOnce(c *server.Config, cf string, hd *httpdown.HTTP) (*server.AuthServer, httpdown.Server) {
glog.Infof("Config from %s (%d users, %d ACL entries)", cf, len(c.Users), len(c.ACL))
as, err := server.NewAuthServer(c)
if err != nil {
glog.Exitf("Failed to create auth server: %s", err)
}
var tlsConfig *tls.Config
if c.Server.CertFile != "" || c.Server.KeyFile != "" {
// Check for partial configuration.
if c.Server.CertFile == "" || c.Server.KeyFile == "" {
glog.Exitf("Failed to load certificate and key: both were not provided")
}
tlsConfig = &tls.Config{
NextProtos: []string{"http/1.1"},
Certificates: make([]tls.Certificate, 1),
}
glog.Infof("Cert file: %s", c.Server.CertFile)
glog.Infof("Key file : %s", c.Server.KeyFile)
tlsConfig.Certificates[0], err = tls.LoadX509KeyPair(c.Server.CertFile, c.Server.KeyFile)
if err != nil {
glog.Exitf("Failed to load certificate and key: %s", err)
}
} else {
glog.Warning("Running without TLS")
}
hs := &http.Server{
Addr: c.Server.ListenAddress,
Handler: as,
TLSConfig: tlsConfig,
}
s, err := hd.ListenAndServe(hs)
if err != nil {
glog.Exitf("Failed to set up listener: %s", err)
}
glog.Infof("Serving")
return as, s
}