diff options
| author | Berck Nash <berck@cloudflare.com> | 2022-03-14 17:22:52 -0600 |
|---|---|---|
| committer | Berck Nash <berck@cloudflare.com> | 2022-03-16 09:52:17 -0600 |
| commit | 9b14f0c81a9348ccb8a79ffcf9cdbc7033d00fac (patch) | |
| tree | 416bd650c36851ed7603c74bc86308a24f214221 /weed/command/master.go | |
| parent | b5b97a4799e1929bb22d816aca450ea18f7ec08e (diff) | |
| download | seaweedfs-9b14f0c81a9348ccb8a79ffcf9cdbc7033d00fac.tar.xz seaweedfs-9b14f0c81a9348ccb8a79ffcf9cdbc7033d00fac.zip | |
Add mTLS support for both master and volume http server.
Diffstat (limited to 'weed/command/master.go')
| -rw-r--r-- | weed/command/master.go | 43 |
1 files changed, 37 insertions, 6 deletions
diff --git a/weed/command/master.go b/weed/command/master.go index 1d236d532..a9109bdb8 100644 --- a/weed/command/master.go +++ b/weed/command/master.go @@ -1,23 +1,25 @@ package command import ( - "github.com/chrislusf/raft/protobuf" - stats_collect "github.com/chrislusf/seaweedfs/weed/stats" - "github.com/gorilla/mux" - "google.golang.org/grpc/reflection" "net/http" "os" "sort" "strings" "time" + "github.com/chrislusf/raft/protobuf" + stats_collect "github.com/chrislusf/seaweedfs/weed/stats" + "github.com/gorilla/mux" + "github.com/spf13/viper" + "google.golang.org/grpc/reflection" + "github.com/chrislusf/seaweedfs/weed/util/grace" "github.com/chrislusf/seaweedfs/weed/glog" "github.com/chrislusf/seaweedfs/weed/pb" "github.com/chrislusf/seaweedfs/weed/pb/master_pb" "github.com/chrislusf/seaweedfs/weed/security" - "github.com/chrislusf/seaweedfs/weed/server" + weed_server "github.com/chrislusf/seaweedfs/weed/server" "github.com/chrislusf/seaweedfs/weed/storage/backend" "github.com/chrislusf/seaweedfs/weed/util" ) @@ -138,6 +140,7 @@ func startMaster(masterOption MasterOptions, masterWhiteList []string) { if e != nil { glog.Fatalf("Master startup error: %v", e) } + // start raftServer raftServerOption := &weed_server.RaftServerOption{ GrpcDialOption: security.LoadClientTLS(util.GetViper(), "grpc.master"), @@ -183,11 +186,39 @@ func startMaster(masterOption MasterOptions, masterWhiteList []string) { go ms.MasterClient.KeepConnectedToMaster() // start http server + var ( + clientCertFile, + certFile, + keyFile string + ) + useTLS := false + useMTLS := false + + if viper.GetString("https.master.key") != "" { + useTLS = true + certFile = viper.GetString("https.master.cert") + keyFile = viper.GetString("https.master.key") + } + + if viper.GetString("https.master.ca") != "" { + useMTLS = true + clientCertFile = viper.GetString("https.master.ca") + } + httpS := &http.Server{Handler: r} if masterLocalListner != nil { go httpS.Serve(masterLocalListner) } - go httpS.Serve(masterListener) + + if useMTLS { + httpS.TLSConfig = security.LoadClientTLSHTTP(clientCertFile) + } + + if useTLS { + go httpS.ServeTLS(masterListener, certFile, keyFile) + } else { + go httpS.Serve(masterListener) + } select {} } |