feat: TLS support for web (#301)

* Added TLS support for web - Added optional configurations `cert_file` and `key_file` to run web server with https Signed-off-by: Dmytro Bondar <git@bonddim.com> * Helm chart update - Refactored Ingress to use one host only (`config.web.external_url` is required) - Added Certificate resource template (secret is mounted to container into `/app/certs/`) - Added support for service with mixed protocols (exposes UI and Wireguard ports on same IP) - Added helm-docs target to makefile - Changed pod labels to use selectorLabels - Removed default probes (app runs without healthy web) - Removed sections from README Signed-off-by: Dmytro Bondar <git@bonddim.com> * Fix chart workflow path filter * Fix chart lint issue * Skip clean-up tested chart * Try k3d cluster --------- Signed-off-by: Dmytro Bondar <git@bonddim.com>
2025-11-03 23:56:18 +00:00 · 2024-09-22 13:25:08 +02:00
parent e3d05a4678
commit 6ffe1a90ae
17 changed files with 289 additions and 274 deletions
--- a/internal/app/api/core/server.go
+++ b/internal/app/api/core/server.go
@@ -68,8 +68,7 @@ func NewServer(cfg *config.Config, endpoints ...ApiEndpointSetupFunc) (*Server,
 		c.Writer.Header().Set("X-Served-By", hostname)
 		c.Next()
 	}).Use(func(c *gin.Context) {
-		var xRequestID string
-		xRequestID = uuid(16)
+		xRequestID := uuid(16)

 		c.Request.Header.Set(RequestIDKey, xRequestID)
 		c.Set(RequestIDKey, xRequestID)
@@ -106,7 +105,13 @@ func (s *Server) Run(ctx context.Context, listenAddress string) {

 	srvContext, cancelFn := context.WithCancel(ctx)
 	go func() {
-		if err := srv.ListenAndServe(); err != nil {
+		var err error
+		if s.cfg.Web.CertFile != "" && s.cfg.Web.KeyFile != "" {
+			err = srv.ListenAndServeTLS(s.cfg.Web.CertFile, s.cfg.Web.KeyFile)
+		} else {
+			err = srv.ListenAndServe()
+		}
+		if err != nil {
 			logrus.Infof("web service on %s exited: %v", listenAddress, err)
 			cancelFn()
 		}
--- a/internal/config/web.go
+++ b/internal/config/web.go
@@ -9,4 +9,6 @@ type WebConfig struct {
 	CsrfSecret        string `yaml:"csrf_secret"`
 	SiteTitle         string `yaml:"site_title"`
 	SiteCompanyName   string `yaml:"site_company_name"`
+	CertFile          string `yaml:"cert_file"`
+	KeyFile           string `yaml:"key_file"`
 }