// listenAndBaseURL finds the configured, default, or inferred listen address
// and base URL from the command-line flags and provided config.
func listenAndBaseURL(config *serverconfig.Config) (listen, baseURL string) {
baseURL = config.OptionalString("baseURL", "")
listen = *listenFlag
listenConfig := config.OptionalString("listen", "")
// command-line takes priority over config
if listen == "" {
listen = listenConfig
if listen == "" {
exitf("\"listen\" needs to be specified either in the config or on the command line")
}
}
return
}
func setupTLS(ws *webserver.Server, config *serverconfig.Config, listen string) {
cert, key := config.OptionalString("TLSCertFile", ""), config.OptionalString("TLSKeyFile", "")
if !config.OptionalBool("https", true) {
return
}
if (cert != "") != (key != "") {
exitf("TLSCertFile and TLSKeyFile must both be either present or absent")
}
if cert == defCert && key == defKey {
_, err1 := os.Stat(cert)
_, err2 := os.Stat(key)
if err1 != nil || err2 != nil {
if os.IsNotExist(err1) || os.IsNotExist(err2) {
if err := genSelfTLS(listen); err != nil {
exitf("Could not generate self-signed TLS cert: %q", err)
}
} else {
exitf("Could not stat cert or key: %q, %q", err1, err2)
}
}
}
if cert == "" && key == "" {
err := genSelfTLS(listen)
if err != nil {
exitf("Could not generate self signed creds: %q", err)
}
cert = defCert
key = defKey
}
ws.SetTLS(cert, key)
}
func setupTLS(ws *webserver.Server, config *serverconfig.Config, listen string) {
cert, key := config.OptionalString("TLSCertFile", ""), config.OptionalString("TLSKeyFile", "")
if !config.OptionalBool("https", true) {
return
}
if (cert != "") != (key != "") {
exitf("TLSCertFile and TLSKeyFile must both be either present or absent")
}
defCert := osutil.DefaultTLSCert()
defKey := osutil.DefaultTLSKey()
if cert == defCert && key == defKey {
_, err1 := os.Stat(cert)
_, err2 := os.Stat(key)
if err1 != nil || err2 != nil {
if os.IsNotExist(err1) || os.IsNotExist(err2) {
if err := genSelfTLS(listen); err != nil {
exitf("Could not generate self-signed TLS cert: %q", err)
}
} else {
exitf("Could not stat cert or key: %q, %q", err1, err2)
}
}
}
if cert == "" && key == "" {
err := genSelfTLS(listen)
if err != nil {
exitf("Could not generate self signed creds: %q", err)
}
cert = defCert
key = defKey
}
data, err := ioutil.ReadFile(cert)
if err != nil {
exitf("Failed to read pem certificate: %s", err)
}
block, _ := pem.Decode(data)
if block == nil {
exitf("Failed to decode pem certificate")
}
certif, err := x509.ParseCertificate(block.Bytes)
if err != nil {
exitf("Failed to parse certificate: %v", err)
}
sig := misc.SHA256Prefix(certif.Raw)
log.Printf("TLS enabled, with SHA-256 certificate fingerprint: %v", sig)
ws.SetTLS(cert, key)
}