// ServerSecurePort obtains a listener that accepts secure connections.
// If the provided port is zero, the listening is disabled.
func ServeSecurePort(securePort int, certFile, keyFile, caCertFile string) {
if securePort == 0 {
log.Info("Not listening on secure port")
return
}
config := tls.Config{}
// load the server cert / key
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
log.Fatalf("SecureServe.LoadX509KeyPair(%v, %v) failed: %v", certFile, keyFile, err)
}
config.Certificates = []tls.Certificate{cert}
// load the ca if necessary
// FIXME(alainjobart) this doesn't quite work yet, have
// to investigate
if caCertFile != "" {
config.ClientCAs = x509.NewCertPool()
pemCerts, err := ioutil.ReadFile(caCertFile)
if err != nil {
log.Fatalf("SecureServe: cannot read ca file %v: %v", caCertFile, err)
}
if !config.ClientCAs.AppendCertsFromPEM(pemCerts) {
log.Fatalf("SecureServe: AppendCertsFromPEM failed: %v", err)
}
config.ClientAuth = tls.RequireAndVerifyClientCert
}
l, err := tls.Listen("tcp", fmt.Sprintf(":%d", securePort), &config)
if err != nil {
log.Fatalf("Error listening on secure port %v: %v", securePort, err)
}
log.Infof("Listening on secure port %v", securePort)
throttled := NewThrottledListener(l, *secureThrottle, *secureMaxBuffer)
cl := proc.Published(throttled, "SecureConnections", "SecureAccepts")
// rpc.HandleHTTP registers the default GOB handler at /_goRPC_
// and the debug RPC service at /debug/rpc (it displays a list
// of registered services and their methods).
if ServiceMap["gob-vts"] {
log.Infof("Registering GOB handler and /debug/rpc URL for vts port")
secureRpcServer.HandleHTTP(rpcwrap.GetRpcPath("gob", false), rpcplus.DefaultDebugPath)
}
if ServiceMap["gob-auth-vts"] {
log.Infof("Registering GOB handler and /debug/rpcs URL for SASL vts port")
authenticatedSecureRpcServer.HandleHTTP(rpcwrap.GetRpcPath("gob", true), rpcplus.DefaultDebugPath+"s")
}
handler := http.NewServeMux()
bsonrpc.ServeCustomRPC(handler, secureRpcServer, false)
bsonrpc.ServeCustomRPC(handler, authenticatedSecureRpcServer, true)
httpServer := http.Server{
Handler: handler,
}
go httpServer.Serve(cl)
}
// ServeSocketFile listen to the named socket and serves RPCs on it.
func ServeSocketFile(name string) {
if name == "" {
log.Infof("Not listening on socket file")
return
}
// try to delete if file exists
if _, err := os.Stat(name); err == nil {
err = os.Remove(name)
if err != nil {
log.Fatalf("Cannot remove socket file %v: %v", name, err)
}
}
l, err := net.Listen("unix", name)
if err != nil {
log.Fatalf("Error listening on socket file %v: %v", name, err)
}
log.Infof("Listening on socket file %v", name)
// HandleHTTP registers the default GOB handler at /_goRPC_
// and the debug RPC service at /debug/rpc (it displays a list
// of registered services and their methods).
if ServiceMap["gob-unix"] {
log.Infof("Registering GOB handler and /debug/rpc URL for unix socket")
socketFileRpcServer.HandleHTTP(rpcwrap.GetRpcPath("gob", false), rpcplus.DefaultDebugPath)
}
if ServiceMap["gob-auth-unix"] {
log.Infof("Registering GOB handler and /debug/rpcs URL for SASL unix socket")
authenticatedSocketFileRpcServer.HandleHTTP(rpcwrap.GetRpcPath("gob", true), rpcplus.DefaultDebugPath+"s")
}
handler := http.NewServeMux()
bsonrpc.ServeCustomRPC(handler, socketFileRpcServer, false)
bsonrpc.ServeCustomRPC(handler, authenticatedSocketFileRpcServer, true)
httpServer := http.Server{
Handler: handler,
}
go httpServer.Serve(l)
}