feat: add ability to listen with TLS (#419)

Signed-off-by: Mikhail Swift <[email protected]> Co-authored-by: Kairo Araujo <[email protected]>
in-toto · Dec 4, 2024 · a4c6abd · a4c6abd
1 parent dec1134
commit a4c6abd
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/cmd/archivista/main.go b/cmd/archivista/main.go
@@ -86,9 +86,16 @@ func main() {
 		ReadTimeout:  time.Duration(archivistaService.Cfg.ReadTimeout) * time.Second,
 		WriteTimeout: time.Duration(archivistaService.Cfg.WriteTimeout) * time.Second,
 	}
+
 	go func() {
-		if err := srv.Serve(listener); err != nil {
-			logrus.Fatalf("unable to start http server: %+v", err)
+		if archivistaService.Cfg.EnableTLS {
+			if err := srv.ListenAndServeTLS(archivistaService.Cfg.TLSCert, archivistaService.Cfg.TLSKey); err != nil {
+				logrus.Fatalf("unable to start http serveR: %+v", err)
+			}
+		} else {
+			if err := srv.Serve(listener); err != nil {
+				logrus.Fatalf("unable to start http server: %+v", err)
+			}
 		}
 	}()
 

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -31,6 +31,10 @@ type Config struct {
 	LogLevel         string   `default:"INFO" desc:"Log level" split_words:"true"`
 	CORSAllowOrigins []string `default:"" desc:"Comma separated list of origins to allow CORS requests from" split_words:"true"`
 
+	EnableTLS bool   `default:"FALSE" desc:"Enables TLS on the Archivista server" split_words:"true"`
+	TLSCert   string `default:"" desc:"Path to the file containing the TLS Certificate" split_words:"true"`
+	TLSKey    string `default:"" desc:"Path to the file containing the TLS Key" split_words:"true"`
+
 	EnableSPIFFE          bool   `default:"TRUE" desc:"*** Enable SPIFFE support" split_words:"true"`
 	SPIFFEAddress         string `default:"unix:///tmp/spire-agent/public/api.sock" desc:"SPIFFE server address" split_words:"true"`
 	SPIFFETrustedServerId string `default:"" desc:"Trusted SPIFFE server ID; defaults to any" split_words:"true"`