mirror of
https://github.com/ergochat/ergo.git
synced 2024-11-25 13:29:27 +01:00
restructure SSL/TLS a bit, name config items better
This commit is contained in:
parent
cfcecd0101
commit
2fb6acb92a
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,3 +1,4 @@
|
|||||||
/ircd.*
|
/ircd.*
|
||||||
/ssl.*
|
/ssl.*
|
||||||
|
/tls.*
|
||||||
_test
|
_test
|
||||||
|
@ -13,17 +13,17 @@ type PassConfig struct {
|
|||||||
Password string
|
Password string
|
||||||
}
|
}
|
||||||
|
|
||||||
// SSLListenConfig defines configuration options for listening on SSL
|
// TLSListenConfig defines configuration options for listening on TLS
|
||||||
type SSLListenConfig struct {
|
type TLSListenConfig struct {
|
||||||
Cert string
|
Cert string
|
||||||
Key string
|
Key string
|
||||||
}
|
}
|
||||||
|
|
||||||
// Certificate returns the SSL certificate assicated with this SSLListenConfig
|
// Certificate returns the TLS certificate assicated with this TLSListenConfig
|
||||||
func (conf *SSLListenConfig) Config() (*tls.Config, error) {
|
func (conf *TLSListenConfig) Config() (*tls.Config, error) {
|
||||||
cert, err := tls.LoadX509KeyPair(conf.Cert, conf.Key)
|
cert, err := tls.LoadX509KeyPair(conf.Cert, conf.Key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.New("ssl cert+key: invalid pair")
|
return nil, errors.New("tls cert+key: invalid pair")
|
||||||
}
|
}
|
||||||
|
|
||||||
return &tls.Config{
|
return &tls.Config{
|
||||||
@ -49,14 +49,13 @@ type Config struct {
|
|||||||
Name string
|
Name string
|
||||||
Database string
|
Database string
|
||||||
Listen []string
|
Listen []string
|
||||||
Wslisten string
|
Wslisten string `yaml:"ws-listen"`
|
||||||
|
TLSListeners map[string]*TLSListenConfig `yaml:"tls-listeners"`
|
||||||
Log string
|
Log string
|
||||||
MOTD string
|
MOTD string
|
||||||
ProxyAllowedFrom []string `yaml:"proxy-allowed-from"`
|
ProxyAllowedFrom []string `yaml:"proxy-allowed-from"`
|
||||||
}
|
}
|
||||||
|
|
||||||
SSLListener map[string]*SSLListenConfig
|
|
||||||
|
|
||||||
Operator map[string]*PassConfig
|
Operator map[string]*PassConfig
|
||||||
|
|
||||||
Theater map[string]*PassConfig
|
Theater map[string]*PassConfig
|
||||||
@ -82,16 +81,16 @@ func (conf *Config) Theaters() map[Name][]byte {
|
|||||||
return theaters
|
return theaters
|
||||||
}
|
}
|
||||||
|
|
||||||
func (conf *Config) SSLListeners() map[Name]*tls.Config {
|
func (conf *Config) TLSListeners() map[Name]*tls.Config {
|
||||||
sslListeners := make(map[Name]*tls.Config)
|
tlsListeners := make(map[Name]*tls.Config)
|
||||||
for s, sslListenersConf := range conf.SSLListener {
|
for s, tlsListenersConf := range conf.Server.TLSListeners {
|
||||||
config, err := sslListenersConf.Config()
|
config, err := tlsListenersConf.Config()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
sslListeners[NewName(s)] = config
|
tlsListeners[NewName(s)] = config
|
||||||
}
|
}
|
||||||
return sslListeners
|
return tlsListeners
|
||||||
}
|
}
|
||||||
|
|
||||||
func LoadConfig(filename string) (config *Config, err error) {
|
func LoadConfig(filename string) (config *Config, err error) {
|
||||||
|
@ -99,7 +99,7 @@ func NewServer(config *Config) *Server {
|
|||||||
server.loadChannels()
|
server.loadChannels()
|
||||||
|
|
||||||
for _, addr := range config.Server.Listen {
|
for _, addr := range config.Server.Listen {
|
||||||
server.listen(addr, config.SSLListeners())
|
server.listen(addr, config.TLSListeners())
|
||||||
}
|
}
|
||||||
|
|
||||||
if config.Server.Wslisten != "" {
|
if config.Server.Wslisten != "" {
|
||||||
@ -240,18 +240,20 @@ func (server *Server) Run() {
|
|||||||
// listen goroutine
|
// listen goroutine
|
||||||
//
|
//
|
||||||
|
|
||||||
func (s *Server) listen(addr string, ssl map[Name]*tls.Config) {
|
func (s *Server) listen(addr string, tlsMap map[Name]*tls.Config) {
|
||||||
config, listenSSL := ssl[NewName(addr)]
|
config, listenTLS := tlsMap[NewName(addr)]
|
||||||
|
|
||||||
listener, err := net.Listen("tcp", addr)
|
listener, err := net.Listen("tcp", addr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(s, "listen error: ", err)
|
log.Fatal(s, "listen error: ", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if listenSSL {
|
tlsString := "plaintext"
|
||||||
|
if listenTLS {
|
||||||
listener = tls.NewListener(listener, config)
|
listener = tls.NewListener(listener, config)
|
||||||
|
tlsString = "TLS"
|
||||||
}
|
}
|
||||||
Log.info.Printf("%s listening on %s. ssl: %t", s, addr, listenSSL)
|
Log.info.Printf("%s listening on %s using %s.", s, addr, tlsString)
|
||||||
|
|
||||||
go func() {
|
go func() {
|
||||||
for {
|
for {
|
||||||
|
16
oragono.yaml
16
oragono.yaml
@ -21,7 +21,14 @@ server:
|
|||||||
- ":6697" # ssl port
|
- ":6697" # ssl port
|
||||||
|
|
||||||
# websocket listening port
|
# websocket listening port
|
||||||
wslisten: ":8080"
|
ws-listen: ":8080"
|
||||||
|
|
||||||
|
# tls listeners
|
||||||
|
tls-listeners:
|
||||||
|
# listener on ":6697"
|
||||||
|
":6697":
|
||||||
|
key: tls.key
|
||||||
|
cert: tls.crt
|
||||||
|
|
||||||
# password to login to the server
|
# password to login to the server
|
||||||
# generated using "oragono genpasswd"
|
# generated using "oragono genpasswd"
|
||||||
@ -39,13 +46,6 @@ server:
|
|||||||
- "localhost"
|
- "localhost"
|
||||||
- "127.0.0.1"
|
- "127.0.0.1"
|
||||||
|
|
||||||
# ssl listeners
|
|
||||||
ssllistener:
|
|
||||||
# listener on ":6697"
|
|
||||||
":6697":
|
|
||||||
key: ssl.key
|
|
||||||
cert: ssl.crt
|
|
||||||
|
|
||||||
# ircd operators
|
# ircd operators
|
||||||
operator:
|
operator:
|
||||||
# operator named 'dan'
|
# operator named 'dan'
|
||||||
|
Loading…
Reference in New Issue
Block a user