From 90ff95429fc7328dbefbcd40320b0747c79a4088 Mon Sep 17 00:00:00 2001 From: fujr Date: Thu, 21 Nov 2024 15:05:56 +0800 Subject: [PATCH 1/5] feat: Separate SSL configurations for device and web UI --- api.go | 4 ++-- config/config.go | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/api.go b/api.go index dc8cdf1..3b077e6 100644 --- a/api.go +++ b/api.go @@ -621,9 +621,9 @@ func apiStart(br *broker) { go func() { var err error - if cfg.SslCert != "" && cfg.SslKey != "" { + if cfg.WebUISslCert != "" && cfg.WebUISslKey != "" { log.Info().Msgf("Listen user on: %s SSL on", cfg.AddrUser) - err = r.RunTLS(cfg.AddrUser, cfg.SslCert, cfg.SslKey) + err = r.RunTLS(cfg.AddrUser, cfg.WebUISslCert, cfg.WebUISslKey) } else { log.Info().Msgf("Listen user on: %s SSL off", cfg.AddrUser) err = r.Run(cfg.AddrUser) diff --git a/config/config.go b/config/config.go index 0ab52b7..f9278a1 100644 --- a/config/config.go +++ b/config/config.go @@ -20,6 +20,8 @@ type Config struct { SslCert string SslKey string SslCacert string // mTLS for device + WebUISslCert string + WebUISslKey string Token string WhiteList map[string]bool DB string @@ -50,6 +52,8 @@ func Parse(c *cli.Context) *Config { SslCert: c.String("ssl-cert"), SslKey: c.String("ssl-key"), SslCacert: c.String("ssl-cacert"), + WebUISslCert: c.String("webui-ssl-cert"), + WebUISslKey: c.String("webui-ssl-key"), Token: c.String("token"), DB: c.String("db"), LocalAuth: c.Bool("local-auth"), @@ -76,6 +80,8 @@ func Parse(c *cli.Context) *Config { getConfigOpt(yamlCfg, "ssl-cert", &cfg.SslCert) getConfigOpt(yamlCfg, "ssl-key", &cfg.SslKey) getConfigOpt(yamlCfg, "ssl-cacert", &cfg.SslCacert) + getConfigOpt(yamlCfg, "webui-ssl-cert", &cfg.WebUISslCert) + getConfigOpt(yamlCfg, "webui-ssl-key", &cfg.WebUISslKey) getConfigOpt(yamlCfg, "token", &cfg.Token) getConfigOpt(yamlCfg, "db", &cfg.DB) getConfigOpt(yamlCfg, "local-auth", &cfg.LocalAuth) From e66d5c49fb1265e41c2b2a2affc509c698ddf23d Mon Sep 17 00:00:00 2001 From: fujr Date: Thu, 21 Nov 2024 15:07:58 +0800 Subject: [PATCH 2/5] config: Add configuration template for web UI SSL --- rttys.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rttys.conf b/rttys.conf index a35823d..fd0d21e 100644 --- a/rttys.conf +++ b/rttys.conf @@ -9,6 +9,8 @@ #ssl-cacert: /etc/rttys/rttys.ca #ssl-cert: /etc/rttys/rttys.crt #ssl-key: /etc/rttys/rttys.key +#webui-ssl-cert: /etc/rttys/webui-rttys.crt +#webui-ssl-key: /etc/rttys/webui-rttys.key #token: a1d4cdb1a3cd6a0e94aa3599afcddcf5 From 42475cb94d27d2077ecc60ce54fbdf97ab697ba3 Mon Sep 17 00:00:00 2001 From: fujr Date: Thu, 21 Nov 2024 16:16:08 +0800 Subject: [PATCH 3/5] fix: parse bool --- config/config.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/config.go b/config/config.go index f9278a1..fe06525 100644 --- a/config/config.go +++ b/config/config.go @@ -39,6 +39,8 @@ func getConfigOpt(yamlCfg *yaml.File, name string, opt interface{}) { *opt = val case *int: *opt, _ = strconv.Atoi(val) + case *bool: + *opt, _ = strconv.ParseBool(val) } } From 482dd189978a5a1b8a92c8ac24b57ba788aaefa7 Mon Sep 17 00:00:00 2001 From: fujr Date: Thu, 21 Nov 2024 16:22:31 +0800 Subject: [PATCH 4/5] fix: fix compatibility with old configuration files --- config/config.go | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/config/config.go b/config/config.go index fe06525..9c0c2a0 100644 --- a/config/config.go +++ b/config/config.go @@ -26,6 +26,7 @@ type Config struct { WhiteList map[string]bool DB string LocalAuth bool + SeparateSslConfig bool } func getConfigOpt(yamlCfg *yaml.File, name string, opt interface{}) { @@ -54,6 +55,7 @@ func Parse(c *cli.Context) *Config { SslCert: c.String("ssl-cert"), SslKey: c.String("ssl-key"), SslCacert: c.String("ssl-cacert"), + SeparateSslConfig: c.Bool("separate-ssl-config"), WebUISslCert: c.String("webui-ssl-cert"), WebUISslKey: c.String("webui-ssl-key"), Token: c.String("token"), @@ -82,12 +84,17 @@ func Parse(c *cli.Context) *Config { getConfigOpt(yamlCfg, "ssl-cert", &cfg.SslCert) getConfigOpt(yamlCfg, "ssl-key", &cfg.SslKey) getConfigOpt(yamlCfg, "ssl-cacert", &cfg.SslCacert) - getConfigOpt(yamlCfg, "webui-ssl-cert", &cfg.WebUISslCert) - getConfigOpt(yamlCfg, "webui-ssl-key", &cfg.WebUISslKey) + getConfigOpt(yamlCfg, "separate-ssl-config", &cfg.SeparateSslConfig) + if cfg.SeparateSslConfig { + getConfigOpt(yamlCfg, "webui-ssl-cert", &cfg.WebUISslCert) + getConfigOpt(yamlCfg, "webui-ssl-key", &cfg.WebUISslKey) + } else { + cfg.WebUISslCert = cfg.SslCert + cfg.WebUISslKey = cfg.SslKey + } getConfigOpt(yamlCfg, "token", &cfg.Token) getConfigOpt(yamlCfg, "db", &cfg.DB) getConfigOpt(yamlCfg, "local-auth", &cfg.LocalAuth) - val, err := yamlCfg.Get("white-list") if err == nil { if val == "*" || val == "\"*\"" { From 4d37b6f55662c6f2ffed489a60a6d0a6227a4429 Mon Sep 17 00:00:00 2001 From: fujr Date: Thu, 21 Nov 2024 16:22:50 +0800 Subject: [PATCH 5/5] config: update template --- rttys.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/rttys.conf b/rttys.conf index fd0d21e..a9bab8a 100644 --- a/rttys.conf +++ b/rttys.conf @@ -9,6 +9,9 @@ #ssl-cacert: /etc/rttys/rttys.ca #ssl-cert: /etc/rttys/rttys.crt #ssl-key: /etc/rttys/rttys.key + +#if you want to use separate SSL config for webui, set this to True.otherwise, it will use the same SSL config for device and webui +#separate-ssl-config: True #webui-ssl-cert: /etc/rttys/webui-rttys.crt #webui-ssl-key: /etc/rttys/webui-rttys.key