feat: listen with tls when configured (#239)

Signed-off-by: Chris Gianelloni <wolf31o2@blinklabs.io>
blinklabs-io · Sep 3, 2024 · 0d0d310 · 0d0d310
1 parent f7ec648
commit 0d0d310
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 10 deletions.
diff --git a/internal/api/api.go b/internal/api/api.go
@@ -104,10 +104,18 @@ func Start(cfg *config.Config) error {
 	}()
 
 	// Start API listener
-	err := router.Run(fmt.Sprintf("%s:%d",
-		cfg.Api.ListenAddress,
-		cfg.Api.ListenPort))
-	return err
+	if cfg.Tls.CertFilePath != "" && cfg.Tls.KeyFilePath != "" {
+		err := router.RunTLS(fmt.Sprintf("%s:%d", cfg.Api.ListenAddress, cfg.Api.ListenPort),
+			cfg.Tls.CertFilePath,
+			cfg.Tls.KeyFilePath,
+		)
+		return err
+	} else {
+		err := router.Run(fmt.Sprintf("%s:%d",
+			cfg.Api.ListenAddress,
+			cfg.Api.ListenPort))
+		return err
+	}
 }
 
 type responseApiError struct {

diff --git a/internal/config/config.go b/internal/config/config.go
@@ -29,6 +29,7 @@ type Config struct {
 	Metrics MetricsConfig `yaml:"metrics"`
 	Debug   DebugConfig   `yaml:"debug"`
 	Node    NodeConfig    `yaml:"node"`
+	Tls     TlsConfig     `yaml:"tls"`
 	Utxorpc UtxorpcConfig `yaml:"utxorpc"`
 }
 
@@ -67,6 +68,11 @@ type UtxorpcConfig struct {
 	ListenPort    uint   `yaml:"port"    envconfig:"GRPC_LISTEN_PORT"`
 }
 
+type TlsConfig struct {
+	CertFilePath string `yaml:"certFilePath" envconfig:"TLS_CERT_FILE_PATH"`
+	KeyFilePath  string `yaml:"keyFilePath"  envconfig:"TLS_KEY_FILE_PATH"`
+}
+
 // Singleton config instance with default values
 var globalConfig = &Config{
 	Logging: LoggingConfig{

diff --git a/internal/utxorpc/api.go b/internal/utxorpc/api.go
@@ -46,10 +46,19 @@ func Start(cfg *config.Config) error {
 	mux.Handle(submitPath, submitHandler)
 	mux.Handle(syncPath, syncHandler)
 	mux.Handle(watchPath, watchHandler)
-	err := http.ListenAndServe(
-		fmt.Sprintf("%s:%d", cfg.Utxorpc.ListenAddress, cfg.Utxorpc.ListenPort),
-		// Use h2c so we can serve HTTP/2 without TLS
-		h2c.NewHandler(mux, &http2.Server{}),
-	)
-	return err
+	if cfg.Tls.CertFilePath != "" && cfg.Tls.KeyFilePath != "" {
+		err := http.ListenAndServeTLS(fmt.Sprintf("%s:%d", cfg.Utxorpc.ListenAddress, cfg.Utxorpc.ListenPort),
+			cfg.Tls.CertFilePath,
+			cfg.Tls.KeyFilePath,
+			nil,
+		)
+		return err
+	} else {
+		err := http.ListenAndServe(
+			fmt.Sprintf("%s:%d", cfg.Utxorpc.ListenAddress, cfg.Utxorpc.ListenPort),
+			// Use h2c so we can serve HTTP/2 without TLS
+			h2c.NewHandler(mux, &http2.Server{}),
+		)
+		return err
+	}
 }