From 9eab656f20176365819e4c86fe3b791efd79bce2 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Mon, 11 Oct 2021 19:36:03 +0200 Subject: [PATCH 1/4] Listen with TLS if configured --- CHANGELOG.md | 2 ++ main.go | 14 +++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index abcd55202..a20a4d1bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added +* Add support for TLS so the registry can directly listen on HTTPS. [#711](https://github.com/elastic/package-registry/issues/711) [#746](https://github.com/elastic/package-registry/issues/746) + ### Deprecated ### Known Issues diff --git a/main.go b/main.go index 110077d9e..cadf35e21 100644 --- a/main.go +++ b/main.go @@ -37,6 +37,9 @@ var ( address string httpProfAddress string + tlsCertFile string + tlsKeyFile string + dryRun bool configPath = "config.yml" @@ -50,6 +53,8 @@ var ( func init() { flag.StringVar(&address, "address", "localhost:8080", "Address of the package-registry service.") + flag.StringVar(&tlsCertFile, "tls-cert", "", "Path of the TLS certificate.") + flag.StringVar(&tlsKeyFile, "tls-key", "", "Path of the TLS key.") flag.StringVar(&httpProfAddress, "httpprof", "", "Enable HTTP profiler listening on the given address.") // This flag is experimental and might be removed in the future or renamed flag.BoolVar(&dryRun, "dry-run", false, "Runs a dry-run of the registry without starting the web service (experimental)") @@ -73,7 +78,7 @@ func main() { server := initServer() go func() { - err := server.ListenAndServe() + err := runServer(server) if err != nil && err != http.ErrServerClosed { log.Fatalf("Error occurred while serving: %s", err) } @@ -129,6 +134,13 @@ func initServer() *http.Server { return &http.Server{Addr: address, Handler: router} } +func runServer(server *http.Server) error { + if tlsCertFile != "" && tlsKeyFile != "" { + return server.ListenAndServeTLS(tlsCertFile, tlsKeyFile) + } + return server.ListenAndServe() +} + func initAPMTracer() *apm.Tracer { apm.DefaultTracer.Close() if _, found := os.LookupEnv("ELASTIC_APM_SERVER_URL"); !found { From 166cea8f63cceee3b1bcad1b6e3e8aab645b5b93 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Wed, 13 Oct 2021 17:59:37 +0200 Subject: [PATCH 2/4] Add docs --- Dockerfile | 2 +- README.md | 13 ++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index fedc79af1..514349df9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -32,7 +32,7 @@ EXPOSE 8080 ENTRYPOINT ["./package-registry"] # Make sure it's accessible from outside the container -CMD ["--address=0.0.0.0:8080"] +ENV EPR_ADDRESS=0.0.0.0:8080 HEALTHCHECK --interval=1s --retries=30 CMD curl --silent --fail localhost:8080/health || exit 1 diff --git a/README.md b/README.md index 9b767d61a..f95ddb405 100644 --- a/README.md +++ b/README.md @@ -112,7 +112,18 @@ docker run -p 8080:8080 {image id from prior step} **Commands ready to cut-and-paste** ``` docker build --rm -t docker.elastic.co/package-registry/package-registry:master . -docker run -i -t -p 8080:8080 $(docker images -q docker.elastic.co/package-registry/package-registry:master) +docker run -it -p 8080:8080 $(docker images -q docker.elastic.co/package-registry/package-registry:master) +``` + +**Listening on HTTPS** +``` +docker run -it -p 8443:8443 \ + -v /etc/ssl/package-registry.key:/etc/ssl/package-registry.key:ro \ + -v /etc/ssl/package-registry.crt:/etc/ssl/package-registry.crt:ro \ + -e EPR_ADDRESS=0.0.0.0:8443 + -e EPR_TLS_KEY=/etc/ssl/package-registry.key \ + -e EPR_TLS_CERT=/etc/ssl/package-registry.crt \ + docker.elastic.co/package-registry/package-registry:master ``` #### Docker images published From a5d43adba8ebf2ec25006d4b7d2c1ca56b8c56e5 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Wed, 13 Oct 2021 18:07:40 +0200 Subject: [PATCH 3/4] Review changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 467d31d61..d1563d6bb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,7 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * Configuration file path can be selected with the `-config` flag. [#745](https://github.com/elastic/package-registry/pull/745) * Configuration flags can be provided using environment variables. [#745](https://github.com/elastic/package-registry/pull/745) -* HTTPS/TLS support. [#711](https://github.com/elastic/package-registry/issues/711) [#746](https://github.com/elastic/package-registry/issues/746) +* Add -tls-cert and -tls-key flags to configure HTTPS. [#711](https://github.com/elastic/package-registry/issues/711) [#746](https://github.com/elastic/package-registry/issues/746) ### Deprecated From eb8d8d3d0b8025b144e14a6bab8896e0c1663f26 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Thu, 14 Oct 2021 12:08:21 +0200 Subject: [PATCH 4/4] Quote code in changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d1563d6bb..b2afdcfb6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,7 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * Configuration file path can be selected with the `-config` flag. [#745](https://github.com/elastic/package-registry/pull/745) * Configuration flags can be provided using environment variables. [#745](https://github.com/elastic/package-registry/pull/745) -* Add -tls-cert and -tls-key flags to configure HTTPS. [#711](https://github.com/elastic/package-registry/issues/711) [#746](https://github.com/elastic/package-registry/issues/746) +* Add `-tls-cert` and `-tls-key` flags to configure HTTPS. [#711](https://github.com/elastic/package-registry/issues/711) [#746](https://github.com/elastic/package-registry/issues/746) ### Deprecated