OMC/be.ems
1
0
Fork 0
Code Issues Releases 3 Activity

fix: https enhancement

Browse Source
This commit is contained in:
simonzhangsz
2024-01-10 10:11:20 +08:00
parent 0028c40e67
commit 44ddbd7892
4 changed files with 32 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config/etc/default/restconf.yaml
View File

@@ -10,6 +10,8 @@ logger:
# rest agent listen ipv4/v6 and port, support multiple routines
# ip: 0.0.0.0 or ::0, support IPv4/v6
# clientAuthType: 0:NoClientCert (default), 1:RequestClientCert, 2:RequireAnyClientCert,
# 3:VerifyClientCertIfGiven, 4:RequireAndVerifyClientCerts
rest:
- ipv4: 0.0.0.0
ipv6:
@@ -18,6 +20,7 @@ rest:
ipv6:
port: 3443
schema: https
clientAuthType: 0
caFile: /usr/local/omc/etc/certs/omc-ca.crt
certFile: /usr/local/omc/etc/certs/omc-server.crt
keyFile: /usr/local/omc/etc/certs/omc-server.key
@@ -30,6 +33,7 @@ webServer:
schema: http
- addr: :443
schema: https
clientAuthType: 0
caFile: /usr/local/omc/etc/certs/omc-ca.crt
certFile: /usr/local/omc/etc/certs/omc-server.crt
keyFile: /usr/local/omc/etc/certs/omc-server.key

26
restagent/config/config.go
View File

@@ -31,24 +31,26 @@ type YamlConfig struct {
} `yaml:"logger"`
Rest []struct {
IPv4 string `yaml:"ipv4"`
IPv6 string `yaml:"ipv6"`
Port uint16 `yaml:"port"`
Scheme string `yaml:"scheme"`
CaFile string `yaml:"caFile"`
CertFile string `yaml:"certFile"`
KeyFile string `yaml:"keyFile"`
IPv4 string `yaml:"ipv4"`
IPv6 string `yaml:"ipv6"`
Port uint16 `yaml:"port"`
Scheme string `yaml:"scheme"`
ClientAuthType int `yaml:"clientAuthType"`
CaFile string `yaml:"caFile"`
CertFile string `yaml:"certFile"`
KeyFile string `yaml:"keyFile"`
} `yaml:"rest"`
WebServer struct {
Enabled bool `yaml:"enabled"`
RootDir string `yaml:"rootDir"`
Listen []struct {
Addr string `yaml:"addr"`
Scheme string `yaml:"scheme"`
CaFile string `yaml:"caFile"`
CertFile string `yaml:"certFile"`
KeyFile string `yaml:"keyFile"`
Addr string `yaml:"addr"`
Scheme string `yaml:"scheme"`
ClientAuthType int `yaml:"clientAuthType"`
CaFile string `yaml:"caFile"`
CertFile string `yaml:"certFile"`
KeyFile string `yaml:"keyFile"`
} `yaml:"listen"`
} `yaml:"webServer"`

4
restagent/etc/restconf.yaml
View File

@@ -10,6 +10,8 @@ logger:
# rest agent listen ipv4/v6 and port, support multiple routines
# ip: 0.0.0.0 or ::0, support IPv4/v6
# clientAuthType: 0:NoClientCert (default), 1:RequestClientCert, 2:RequireAnyClientCert,
# 3:VerifyClientCertIfGiven, 4:RequireAndVerifyClientCerts
rest:
- ipv4: 0.0.0.0
ipv6:
@@ -18,6 +20,7 @@ rest:
ipv6:
port: 3443
scheme: https
clientAuthType: 0
caFile: ./etc/certs/omc-ca.crt
certFile: ./etc/certs/omc-server.crt
keyFile: ./etc/certs/omc-server.key
@@ -30,6 +33,7 @@ webServer:
schema: http
- addr: :443
scheme: https
clientAuthType: 0
caFile: ./etc/certs/omc-ca.crt
certFile: ./etc/certs/omc-server.crt
keyFile: ./etc/certs/omc-server.key

20
restagent/restagent.go
View File

@@ -74,8 +74,8 @@ func HttpListen(addr string, router http.Handler) {
}
}
func HttpListenTLS(addr, caFile, certFile, keyFile string, router http.Handler) {
HttpListenConfigTLS(addr, caFile, certFile, keyFile, router)
func HttpListenTLS(addr, caFile, certFile, keyFile string, clientAuthType int, router http.Handler) {
HttpListenConfigTLS(addr, caFile, certFile, keyFile, clientAuthType, router)
err := http.ListenAndServeTLS(addr, certFile, keyFile, router)
if err != nil {
fmt.Println("ListenAndServeTLS err:", err)
@@ -83,7 +83,7 @@ func HttpListenTLS(addr, caFile, certFile, keyFile string, router http.Handler)
}
}
func HttpListenConfigTLS(addr, caFile, certFile, keyFile string, router http.Handler) {
func HttpListenConfigTLS(addr, caFile, certFile, keyFile string, clientAuthType int, router http.Handler) {
// 加载根证书
caCert, err := os.ReadFile(caFile)
if err != nil {
@@ -97,7 +97,7 @@ func HttpListenConfigTLS(addr, caFile, certFile, keyFile string, router http.Han
MinVersion: tls.VersionTLS10,
MaxVersion: tls.VersionTLS13,
ClientCAs: caCertPool,
//ClientAuth: tls.RequireAndVerifyClientCert,
ClientAuth: tls.ClientAuthType(clientAuthType),
}
// 创建HTTP服务器
@@ -114,8 +114,8 @@ func HttpListenConfigTLS(addr, caFile, certFile, keyFile string, router http.Han
}
}
func HttpListenWebServerTLS(addr, caFile, certFile, keyFile string) {
HttpListenConfigTLS(addr, caFile, certFile, keyFile, nil)
func HttpListenWebServerTLS(addr, caFile, certFile, keyFile string, clientAuthType int) {
HttpListenConfigTLS(addr, caFile, certFile, keyFile, clientAuthType, nil)
err := http.ListenAndServeTLS(addr, certFile, keyFile, nil)
if err != nil {
fmt.Println("ListenAndServeTLS err:", err)
@@ -194,7 +194,7 @@ func main() {
if rest.IPv4 != "" {
listen := rest.IPv4 + ":" + strconv.Itoa(int(rest.Port))
if strings.ToLower(rest.Scheme) == "https" {
go HttpListenTLS(listen, rest.CaFile, rest.CertFile, rest.KeyFile, app)
go HttpListenTLS(listen, rest.CaFile, rest.CertFile, rest.KeyFile, rest.ClientAuthType, app)
} else {
go HttpListen(listen, app)
}
@@ -203,7 +203,7 @@ func main() {
// 默认启动localhost侦听
listenLocal := "127.0.0.1" + ":" + strconv.Itoa(int(rest.Port))
if strings.ToLower(rest.Scheme) == "https" {
go HttpListenTLS(listenLocal, rest.CaFile, rest.CertFile, rest.KeyFile, app)
go HttpListenTLS(listenLocal, rest.CaFile, rest.CertFile, rest.KeyFile, rest.ClientAuthType, app)
} else {
go HttpListen(listenLocal, app)
}
@@ -212,7 +212,7 @@ func main() {
if rest.IPv6 != "" {
listenv6 := "[" + rest.IPv6 + "]" + ":" + strconv.Itoa(int(rest.Port))
if strings.ToLower(rest.Scheme) == "https" {
go HttpListenTLS(listenv6, rest.CaFile, rest.CertFile, rest.KeyFile, app)
go HttpListenTLS(listenv6, rest.CaFile, rest.CertFile, rest.KeyFile, rest.ClientAuthType, app)
} else {
go HttpListen(listenv6, app)
}
@@ -234,7 +234,7 @@ func main() {
http.Handle("/", fs)
for _, listen := range conf.WebServer.Listen {
if strings.ToLower(listen.Scheme) == "https" {
go HttpListenWebServerTLS(listen.Addr, listen.CaFile, listen.CertFile, listen.KeyFile)
go HttpListenWebServerTLS(listen.Addr, listen.CaFile, listen.CertFile, listen.KeyFile, listen.ClientAuthType)
} else {
go HttpListenWebServer(listen.Addr)
}