Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backend: Enable two ports for HTTP and HTTPS #268

Closed
mrsabath opened this issue Jun 16, 2023 · 3 comments · Fixed by #282 or #289
Closed

Backend: Enable two ports for HTTP and HTTPS #268

mrsabath opened this issue Jun 16, 2023 · 3 comments · Fixed by #282 or #289
Assignees
@maia-iyer
Milestone
1.4.x

Comments

@mrsabath
Copy link
Collaborator

mrsabath commented Jun 16, 2023
edited
Loading

We should enable two ports:

  • HTTP e.g. 10080
  • HTTPS e.g. 10443

When Tornjak is running HTTP connection and user connects on HTTPS port, the client should receive an error code such as "SSL/TLS handshake failure" or "unable to establish secure connection."

When Tornjak is running with TLS or mTLS connection enabled, and user connects to HTTP port, they should get a permanent redirect to HTTPS port.

Suggested configuration:

server {
  spire_socket_path = "unix:///tmp/spire-server/private/api.sock"

  http {
    port = 10080 # container port for insecure connection
  }
  https {
    port     = 10443 # container port for secure connection
    cert     = …
    key      = …
    clientCA = … # (optional setting required for mTLS)
  }
}

plugins { ...

When optional values provided, but not set correctly, Tornjak throws an error message and exits.
When connection successfully started, Tornjak console logs a status message.
@mrsabath mrsabath mentioned this issue Jun 16, 2023
Open
@mrsabath mrsabath added this to the 1.4.x milestone Jun 16, 2023
@mrsabath mrsabath mentioned this issue Jun 23, 2023
Merged
@marcofranssen
Copy link
Contributor

Basically we need an implementation like this.

https://marcofranssen.nl/build-a-go-webserver-on-http-2-using-letsencrypt#tldr

@marcofranssen
Copy link
Contributor

Took a stab at it #282

@marcofranssen marcofranssen mentioned this issue Jun 30, 2023
Merged
@mrsabath
Copy link
Collaborator Author

The image crashes, needs fixing

@mrsabath mrsabath reopened this Jul 10, 2023
maia-iyer added a commit that referenced this issue Jul 10, 2023
@maia-iyer @mrsabath
Fix HTTP config errors #268 (#287)
a9affa2 
* Fix HTTP/HTTPs config errors

Signed-off-by: Maia Iyer <maia.raj.iyer@gmail.com>

* Apply suggestions from code review

Signed-off-by: Maia Iyer <maia.raj.iyer@gmail.com>

Co-authored-by: Mariusz Sabath <mrsabath@gmail.com>
Signed-off-by: Maia Iyer <maia.raj.iyer@gmail.com>

* Apply suggestions from code review

Co-authored-by: Mariusz Sabath <mrsabath@gmail.com>
Signed-off-by: Maia Iyer <maia.raj.iyer@gmail.com>

---------

Signed-off-by: Maia Iyer <maia.raj.iyer@gmail.com>
Co-authored-by: Mariusz Sabath <mrsabath@gmail.com>
@maia-iyer maia-iyer mentioned this issue Jul 12, 2023
Merged
mrsabath added a commit that referenced this issue Jul 13, 2023
@mrsabath
Fix HTTPS config and redirect #268 (#289)
33a7c9f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@maia-iyer maia-iyer

Labels
None yet
Projects
None yet
Milestone
1.4.x
3 participants
@marcofranssen @mrsabath @maia-iyer