diff --git a/README.md b/README.md index c45f731..9db5e85 100644 --- a/README.md +++ b/README.md @@ -468,3 +468,16 @@ grpcurl -plaintext -d '{"name": "jun"}' 127.0.0.1:9091 order.OrderManagement/say "Hello jun" ``` +## https + +https 支持参数如下: + +```shell +--https-enable https enable +--https-port uint32 https port (default 443) +--mtls mtls enable +--cacert string CA cert file +--cert string tls cert file +--key string tls key file +``` + diff --git a/cmd/app/app.go b/cmd/app/app.go index ebb84c9..3d42135 100644 --- a/cmd/app/app.go +++ b/cmd/app/app.go @@ -2,6 +2,8 @@ package app import ( "context" + "crypto/tls" + "crypto/x509" "flag" "fmt" "github.com/gin-gonic/gin" @@ -15,7 +17,10 @@ import ( "httpbin/pkg/options" pb "httpbin/pkg/order" "httpbin/pkg/registry" + "io/ioutil" + "log" "net" + "net/http" ) func NewAppCommand(ctx context.Context) *cobra.Command { @@ -84,6 +89,11 @@ func Run(ctx context.Context, option *options.Option) error { logger.Errorf("grpc serve failed with err: %v", runErr) } }() + go func() { + if runErr := InitHttps(ctx, r, option); runErr != nil { + logger.Errorf("https serve failed with err: %v", runErr) + } + }() r.Run(option.ServerAddress) return nil } @@ -105,3 +115,49 @@ func InitGrpc(ctx context.Context, option *options.Option) error { } return nil } + +func InitHttps(ctx context.Context, engine *gin.Engine, option *options.Option) error { + if option.HttpsEnable { + logger.Infof("start https serve on port: %d", option.HttpsPort) + // 加载 CA 根证书 + caCert, err := ioutil.ReadFile(option.CACertFile) + if err != nil { + logger.Errorf("Failed to read CA certificate: %v", err) + return err + } + + caCertPool := x509.NewCertPool() + if ok := caCertPool.AppendCertsFromPEM(caCert); !ok { + logger.Errorf("Failed to add CA certificate to pool") + return err + } + + // 配置 TLS + var tlsConfig *tls.Config + if option.MTLS { + tlsConfig = &tls.Config{ + ClientCAs: caCertPool, // 设置客户端信任的 CA + ClientAuth: tls.RequireAndVerifyClientCert, // 强制要求客户端证书 + } + } else { + tlsConfig = &tls.Config{ + ClientCAs: caCertPool, // 设置客户端信任的 CA + ClientAuth: tls.NoClientCert, + } + } + + // 创建 HTTPS 服务器 + server := &http.Server{ + Addr: fmt.Sprintf(":%d", option.HttpsPort), + Handler: engine, + TLSConfig: tlsConfig, // 配置 TLS + } + + // 启动 HTTPS 服务器 + if err := server.ListenAndServeTLS(option.TlsCertFile, option.TlsKeyFile); err != nil { + log.Fatalf("Failed to start server: %v", err) + return err + } + } + return nil +} diff --git a/cmd/certs/README.md b/cmd/certs/README.md new file mode 100644 index 0000000..4bf7f41 --- /dev/null +++ b/cmd/certs/README.md @@ -0,0 +1,44 @@ +# Certifaction + +1. 生成 CA(根证书): + +```shell +# 生成 CA 私钥 +openssl genrsa -out ca.key 2048 + +# 生成 CA 根证书 +openssl req -x509 -new -nodes -key ca.key -subj "/CN=MyCA" -days 3650 -out ca.crt +``` + +2. 生成服务端证书 + +```shell +# 生成服务端私钥 +openssl genrsa -out server.key 2048 + +# 生成服务端证书签名请求(CSR) +openssl req -new -key server.key -subj "/CN=server.local" -out server.csr + +# 使用 CA 签署服务端证书 +openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365 -sha256 +``` + +3. 生成客户端证书 + +```shell +# 生成客户端私钥 +openssl genrsa -out client.key 2048 + +# 生成客户端证书签名请求(CSR) +openssl req -new -key client.key -subj "/CN=client.local" -out client.csr + +# 使用 CA 签署客户端证书 +openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 365 -sha256 + +``` + +4. curl + +```shell +curl -v --cert ./certs/client.crt --key ./certs/client.key --cacert ./certs/ca.crt https://localhost +``` diff --git a/cmd/certs/ca.crt b/cmd/certs/ca.crt new file mode 100644 index 0000000..1e9d812 --- /dev/null +++ b/cmd/certs/ca.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/zCCAeegAwIBAgIUfeldSNRi0ecB8tLatOf9U31MnKgwDQYJKoZIhvcNAQEL +BQAwDzENMAsGA1UEAwwETXlDQTAeFw0yNDExMTcxMDAyMDBaFw0zNDExMTUxMDAy +MDBaMA8xDTALBgNVBAMMBE15Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCqr3KxQ6nScyAB1wT459VokOnnYgzhtglY7EjU4t8qev64isaj8shcGDM2 +qWlplMczCxYYZ5y2z/0YFZUkFeNlHznu9RHr7AbaS4xnDTtiE6Sx2/DW4oYvaOrt +23bXrFbxnXXN8Zk5W5vuYN/be371v84kjJaaQ3aCuXl/LhrQA24xK0JxTJE0Lc6X +HU8n7YrMJQYtKQKGc4PQN6yDnYobUu5E/7OdRwRU2rlMTsS3v2wWarQ6UMZ+DRJD +k2PzHE4oPGfHD5VcDsFdS4A7UbX+STtwdVcLy89q3wdty0EnIzsDipLcUhiQaEHC +lMH51dAm7ZbscocUpqAzW0kulq/BAgMBAAGjUzBRMB0GA1UdDgQWBBSHGRa7ibK5 +jKR51JkMZes3FakUpDAfBgNVHSMEGDAWgBSHGRa7ibK5jKR51JkMZes3FakUpDAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBTRjEdwDSIPFtOttjx +9k155OzJabmbBlORlLiNvUGjWF7wcoTskim3A+HLPOi0ZFGmuSecFTI+p98yHQbz +sSM9YZT943H7egOOiTkIE4B0jEVhnhM8lb1xSOUwWXQ9qmFNWWIWYfHU9K+MgoKO +6dcdpIRakSzRrzp4XENSt9jtawHlkS31HVjvY5jSK9s2eab+IupV0BVvDzaKHfvp +r/BRutPxuvvJ01MoVOEkPeJM6ZIJ6UoeLQtOyw6PUKSid9eoBf1t5Wtm4RoKzJV7 +ENUILoH3GCM5do/HcylqT7rbw6fVSfmd8tOUklOMQqHRoquKVMUbAvYOY9z+Vs6m +HIb5 +-----END CERTIFICATE----- diff --git a/cmd/certs/ca.key b/cmd/certs/ca.key new file mode 100644 index 0000000..344caf5 --- /dev/null +++ b/cmd/certs/ca.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCqr3KxQ6nScyAB +1wT459VokOnnYgzhtglY7EjU4t8qev64isaj8shcGDM2qWlplMczCxYYZ5y2z/0Y +FZUkFeNlHznu9RHr7AbaS4xnDTtiE6Sx2/DW4oYvaOrt23bXrFbxnXXN8Zk5W5vu +YN/be371v84kjJaaQ3aCuXl/LhrQA24xK0JxTJE0Lc6XHU8n7YrMJQYtKQKGc4PQ +N6yDnYobUu5E/7OdRwRU2rlMTsS3v2wWarQ6UMZ+DRJDk2PzHE4oPGfHD5VcDsFd +S4A7UbX+STtwdVcLy89q3wdty0EnIzsDipLcUhiQaEHClMH51dAm7ZbscocUpqAz +W0kulq/BAgMBAAECggEAOhG7svxCtAMP4iBdpDL3g3493ccZe9b7QiINO0Q+SY0T +yQQJxbBtIwvmrJOhdda0mLSOXVou0nFbeYyqM18xAG/JvXbqFHo18KGgUFULnXfy +YcJiozDpFwsaVjcCrSiIYeZAtIKcLwvwNn8F2f2feYs6XmvoNu55zMq+P5sXayoY +7GxancxX95TOH1l7IgR+OkBrSS+5dt8zG3dAonVwzoV72SRezEWCFt/t6zVcYmu1 +uhKVDg0cB6YxQVa0NwLMpy1KatirIUJTflyiloEHLRAsqo/qbDcKO1zbJfp6ee4g ++w7PaSXxjGKnp88KkXnp1a0xo1UP2eqH4lD+MjAYiwKBgQDiamotEMx/dHnveBLI +rOmGYmDOec3paZL7GucetbwS4+So9fMFE10Zi7SXgAAnlRtdQ/KH9HufhZP66d9W +n7+NXGRU4tnLY5ndGzbEYEhj5AKvKhqVOvQWift0G1vqh7diC8WRG/IBFbkmneGw +CVObNj11LqbsXEUvQ4IM9dAicwKBgQDA/NuyjBFX36uKEEk6BkB7ffMRYp3xP1w5 +zIVIOSEz70VqNZM2cHeJ7xEZnadvQGN+uvOWYmiTSQaIz7qou5BJV3vzLXkuPBEP +z77aEtpdUysyMuLw18/78xGw+C6iW0hKO165IXRDPk+xenh/fEZNuOSKs0mPuJmi +b5mqxrgz+wKBgQDIO1/mtuKDHRjw5HmIKxLim4INV774Wzt3AlW+3O2UryH7Indm +17cP7nMpQDPizYTDuGF2RopFizZRQh8XVnNqqni4cV429sCNv5FxncynOm/9RPj5 +XIecny5XghKJmLhe5xYzvEkLGJEDS8DZk4Xyz8cOKNHKWdd9cvBCUeldbQKBgQC6 +0k2QC74iVhmGfvuUW0cDBUtP0irZxx9tqIqB/yQgVYnaJmELe1aNRcxFAvR6Y1et +8CcstrlLk47q1EV7YI9uIG2SXLwJwQY3S0ITc9rGK2QOpWpCAnmKCqVervLeIwXZ +Lp4lE7ir+99EDS4nI9QfG1TK3ILiya6Yq/aTduoNDwKBgDCMX8d3YzjW80NskwHf +9lK6L6motAw6zHXQETExv+SmopNlgCUjH1i0I7vVZf2rV3XVLXDfcO5L1hH8c0rd +AraZ/M92WniO8QgGT8TYaDa3viafMXdhCSFHeFASv6LpplCpgFgwOxShvPAz6iG0 +1qYCZIUL+LZhDv6mvbeoYeDm +-----END PRIVATE KEY----- diff --git a/cmd/certs/ca.srl b/cmd/certs/ca.srl new file mode 100644 index 0000000..d94a9ec --- /dev/null +++ b/cmd/certs/ca.srl @@ -0,0 +1 @@ +2669B1DF8515E9A21DF631BCF10830551A136974 diff --git a/cmd/certs/client.crt b/cmd/certs/client.crt new file mode 100644 index 0000000..0ea2f71 --- /dev/null +++ b/cmd/certs/client.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrTCCAZUCFCZpsd+FFemiHfYxvPEIMFUaE2l0MA0GCSqGSIb3DQEBCwUAMA8x +DTALBgNVBAMMBE15Q0EwHhcNMjQxMTE3MTAwMzQ4WhcNMjUxMTE3MTAwMzQ4WjAX +MRUwEwYDVQQDDAxjbGllbnQubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDY8+CYxz1VoYiOt3fBm0Kw2eStLfbxBoubYJne2bke/S6j5q3X92gA +j+9KFFAwLf5lnYOYeVR70Geh/Vym5lGs90+M3cAxFNkITKU0VMzCin0XI7ERFMxx +u46TLMBp5FoDv5SaxPZzO0zofxxvqZuGfZn9QLVtuRf42vR04xWzSgzA0uDu/Dll +S2QyeWzsIUSEhpYQYmMT4MV5iMorthxXvejAIfzs64iTh3FxfOTQnWYl5qAtIAQP +K8+hSnjgfg/g6uyZXS2D9VwQKtQtBgCC0JM/RzmFaVG0QyRNPIMnqTELYF7njro1 +lC+sq1y91pg54Jfqbh6N8qSB+3qJ0jKRAgMBAAEwDQYJKoZIhvcNAQELBQADggEB +ACd59VFEpOztPchfZQqG2W960idGpy7bYgo61jhsp9h+RXoDR/gREBP9JDDaxGNC +zq05rhjrnvu+zuxDCZHNd7PRaR7tiINAu5cRSF3tDLYulU74qB3LucgJnTcuDJiL +l4WMHxPdeKigi0ghcdgtXMKDQlXVovKohgJbkgQkzIVF1DA2Hus4Dr2b+kX850pf +Actb5+daChG4n2E6eYj0p5tJm4+h3q4OI0eKnixCQCHYe99acOz0q6ERQCtenLIL +YyyMwooobK0Dclqqrucxl+xKvJNGf5SfP4v7c7f1oL75OTPKUNUF5Q7RiF0OMlyW +LH3SdTxVXYb3QaNgtPgDXCs= +-----END CERTIFICATE----- diff --git a/cmd/certs/client.csr b/cmd/certs/client.csr new file mode 100644 index 0000000..bd5a806 --- /dev/null +++ b/cmd/certs/client.csr @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICXDCCAUQCAQAwFzEVMBMGA1UEAwwMY2xpZW50LmxvY2FsMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PPgmMc9VaGIjrd3wZtCsNnkrS328QaLm2CZ +3tm5Hv0uo+at1/doAI/vShRQMC3+ZZ2DmHlUe9Bnof1cpuZRrPdPjN3AMRTZCEyl +NFTMwop9FyOxERTMcbuOkyzAaeRaA7+UmsT2cztM6H8cb6mbhn2Z/UC1bbkX+Nr0 +dOMVs0oMwNLg7vw5ZUtkMnls7CFEhIaWEGJjE+DFeYjKK7YcV73owCH87OuIk4dx +cXzk0J1mJeagLSAEDyvPoUp44H4P4OrsmV0tg/VcECrULQYAgtCTP0c5hWlRtEMk +TTyDJ6kxC2Be5466NZQvrKtcvdaYOeCX6m4ejfKkgft6idIykQIDAQABoAAwDQYJ +KoZIhvcNAQELBQADggEBANi6dk+NaHuufNsbTD/SJWZNpyddb54howusIFqBsilv +a5O0bRReyY5a62+18xbQt5NcblHyu1fXPOmCEqTmZeXck2ztXtdp8/Sm0ojQq8jr +oBqQkloVScj2eNDif2NduJfJqocy3AxB7DmmE4oqQMnNn0rSfqK/IS7g4KWFFfwW +tJeGlefQ+LSxYXRHEBFaH3v9X8WbpQqsxae+khMdS0+UIB7WKkinb05ZTGMldVWl +2N3VDprf8tG4aLcLI8ZM6L5uXR9NAgnvkMQejV4dpL05ruQHq+npvEdNwAmFipUa +0GNFT5Yj/1nAb6bqjE+muY90f+GCLG1CV272To+cORs= +-----END CERTIFICATE REQUEST----- diff --git a/cmd/certs/client.key b/cmd/certs/client.key new file mode 100644 index 0000000..902a2ee --- /dev/null +++ b/cmd/certs/client.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDY8+CYxz1VoYiO +t3fBm0Kw2eStLfbxBoubYJne2bke/S6j5q3X92gAj+9KFFAwLf5lnYOYeVR70Geh +/Vym5lGs90+M3cAxFNkITKU0VMzCin0XI7ERFMxxu46TLMBp5FoDv5SaxPZzO0zo +fxxvqZuGfZn9QLVtuRf42vR04xWzSgzA0uDu/DllS2QyeWzsIUSEhpYQYmMT4MV5 +iMorthxXvejAIfzs64iTh3FxfOTQnWYl5qAtIAQPK8+hSnjgfg/g6uyZXS2D9VwQ +KtQtBgCC0JM/RzmFaVG0QyRNPIMnqTELYF7njro1lC+sq1y91pg54Jfqbh6N8qSB ++3qJ0jKRAgMBAAECggEAJvurX8htPPXJk9tjqWY8lYqRjIy10plafJDfFSwKF4dm +2gyZMDVEetViKe18eyvIinnDK6Khi53nATSFcXfxNSM7KBSwdCFK3jLnfH/ASzSX +RZEkP+18zvLkq41fBagChKnoCedaYVpGd4Bfm7DeQUxQXzFBaHXZ2N1/D4G+ZHiV +DHgq+YNAZW7op1UIYAftwkMHyzL1kOQY/3ilyHjhiDQ0guDclp9H57VXDPi4yzTu +tGNWmNsykl6sY7p7XBaMINdmUhdJZ2gm76UhQOkkw3mkU/qR4LK+dkLrN704MHEG +kcllCES6PnA36p8nxV1kArLBATdS1lHriBqSift4AQKBgQD2BiS/y7GWPZq4VS8g +kHsnlAvMudBwvaiZF35tI1F7sFbr74o8plMhm0Y82tHlxSV4C6l6/3ZJGLG5bjrq +JcJQcyIT49Zp3Phxk9R97Ivg+r0EWJKU6wiNJiENWFSijrwJ8jVpkepKObo8CDrm +YXd88Sx6ADYbm7fTRHO8EC9FfwKBgQDhv/VFn4EH1fdSVmJN/K+NadqRYGxdYi7q +N+rx4MUbEKs7ngqLl2F6S8r4tlM4ALw8gjHGpwPqqvi47gq1Mf8MI0XogLV4jN3+ +1oJ9xdD00ou8hKSEAqAXJF0wHcQNhI1ZH8b76DZ4Q0au4ovjet41BW0Ub/Nm0tJt +5FqkoxIv7wKBgDcIgMf2hK8a8LUzOOuL5kCgOVN+bUYK5t/4BWvcbqnAdHEqkD2o +5wepeDi8qh8/znXgBfVhl9AaGgdkxQEDmUftuT3BxYDA0UJ20x2oAFI/RHDob0Go +oa0RTmtxytziGOYQrCoFXedkqmgrXyGRw+zK9iwESBY86w3zTgBPjoN5AoGBAIze +GrAiUwLPum/vpZIijm1A03mJ4LT48muHDx1186jq4t7lxJDMmrAUoYhHRXCZzNw5 +JdRfHauOmnvTVm0w0IUDcbker56U0GYX9v+Cs9xBkZ7Gal5RwRIPx/KhcFg7EXS+ +xo0knvC2kmHIzh/Z6NTPGPz6yrir71FRgFphw5STAoGBAInAr23ONZn5jivDzeVp +brRygLnCQ1PtEVVM0s4i22A8iUnUeoRqr2Hm3fyt32NswiQr/FQzRt+SlyVIzsdN +ChF9p9RH1dIVEuR4gk7yRS6laTYRXJNWNkkAy51KV9Rud29OGMMuDkEvvMJES8gR +ka1zmnCOxuoNHWhp/sK3sE9E +-----END PRIVATE KEY----- diff --git a/cmd/certs/server.crt b/cmd/certs/server.crt new file mode 100644 index 0000000..bc6b8c2 --- /dev/null +++ b/cmd/certs/server.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICrTCCAZUCFCZpsd+FFemiHfYxvPEIMFUaE2lzMA0GCSqGSIb3DQEBCwUAMA8x +DTALBgNVBAMMBE15Q0EwHhcNMjQxMTE3MTAwMjUzWhcNMjUxMTE3MTAwMjUzWjAX +MRUwEwYDVQQDDAxzZXJ2ZXIubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCu9E+UlQWADnLG+Q+nFX1I/dmGt1DLIVUstrb5njWMk4QJX2QIicw5 +Kv1SMrXbPGyqyoEqaLjoJ77sO2Q7Cd6jZGARv64CA7n56+LWslcBZ6i9lqJtTQGD +WSHXZWDnHS6gw326hK/X/cU/Nu84MoQzW/SdIatZeBOC9RurYEoHJ9rMMWXgSDn6 +Q2km9/Zh2sIeg/OYt8Qsbv/3DcXe6p7msJr4Um/yxkLjz6xiOyaKbaQv004JPdPU +6bmT0CFtXfaotoqqI0JxJq7nxf9m9HKejUNIliTiPesNV/WpH1rvKSoXQnxsgG1C +sn5rmYbveWoiRkLZbxvR9swBG2kzwxNvAgMBAAEwDQYJKoZIhvcNAQELBQADggEB +AJ7LJRP0OKtLYPsOcnwg4eOZ9ShGI5dkfktKHG1G0iLLK0+aviAbcWD7ydYOnYv5 +uK/MVpKGrcjpCqj0G9AlHYWNbiSS044mMdOH6oExMCNKnHKBVexvuErWb7N47Jl2 +YvPMIY27q2RLPAQmaIUHoq3J1PoOmeomVNxXHbOX0VvnnwxH/QbfCrkDlsVm7AmA +k2l5x0mmW08buqBYm8EYM/nhXPM2rgyqzUll2RTnmERAOM0h3+wFTQWmKqs2xlTQ +Q1eJ6r49qbqY0h8KO7FIbUVBXfm9nHY2NLe2YRug3G4unALMOTBsM6MJmFDybVPW +UOWJdPhBRkzvKmwL0hmY7f8= +-----END CERTIFICATE----- diff --git a/cmd/certs/server.csr b/cmd/certs/server.csr new file mode 100644 index 0000000..232ffd2 --- /dev/null +++ b/cmd/certs/server.csr @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICXDCCAUQCAQAwFzEVMBMGA1UEAwwMc2VydmVyLmxvY2FsMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvRPlJUFgA5yxvkPpxV9SP3ZhrdQyyFVLLa2 ++Z41jJOECV9kCInMOSr9UjK12zxsqsqBKmi46Ce+7DtkOwneo2RgEb+uAgO5+evi +1rJXAWeovZaibU0Bg1kh12Vg5x0uoMN9uoSv1/3FPzbvODKEM1v0nSGrWXgTgvUb +q2BKByfazDFl4Eg5+kNpJvf2YdrCHoPzmLfELG7/9w3F3uqe5rCa+FJv8sZC48+s +Yjsmim2kL9NOCT3T1Om5k9AhbV32qLaKqiNCcSau58X/ZvRyno1DSJYk4j3rDVf1 +qR9a7ykqF0J8bIBtQrJ+a5mG73lqIkZC2W8b0fbMARtpM8MTbwIDAQABoAAwDQYJ +KoZIhvcNAQELBQADggEBAHdQcMiWDzQ7UO1pY5FWTiwB0DHRpy3j9AQfelzzwTbt +slkkQYkqZleeMywYknAxlJm2Gr3yTz5KDhJPF9QRzTkek8nHK24Ygv9ei51hnQg0 +jwCW2ZGgh2roNjuUd5rqZYo03tnTuFJDbKO/JJCH2tvLDAjkww8zfD3h3fZznnU6 +S+chGyFNeX8VzthBS4Gvyz8+V5/7IaKVMjnonkD8Hxs03pzlJ6FtK4QMHDj9YEkb +bmkPuHDvuWrbkikILR7IuTEqE0wzmm8l4gYIaS3WKwpCQye1OiHrF35pNg1yx0wK +NGvjLOllIMBhoiRV7pJoSWkSJeZqajwdYQiFggJoW78= +-----END CERTIFICATE REQUEST----- diff --git a/cmd/certs/server.key b/cmd/certs/server.key new file mode 100644 index 0000000..cb01dd3 --- /dev/null +++ b/cmd/certs/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCu9E+UlQWADnLG ++Q+nFX1I/dmGt1DLIVUstrb5njWMk4QJX2QIicw5Kv1SMrXbPGyqyoEqaLjoJ77s +O2Q7Cd6jZGARv64CA7n56+LWslcBZ6i9lqJtTQGDWSHXZWDnHS6gw326hK/X/cU/ +Nu84MoQzW/SdIatZeBOC9RurYEoHJ9rMMWXgSDn6Q2km9/Zh2sIeg/OYt8Qsbv/3 +DcXe6p7msJr4Um/yxkLjz6xiOyaKbaQv004JPdPU6bmT0CFtXfaotoqqI0JxJq7n +xf9m9HKejUNIliTiPesNV/WpH1rvKSoXQnxsgG1Csn5rmYbveWoiRkLZbxvR9swB +G2kzwxNvAgMBAAECggEADjxBx2iyuF80lp0IWYOFnK1PCEedMtIFAKzjSX9Ggygz +m6Gf3ZP8woANeaU3p92MR/9PMDiyJu2o+sbAWo9shqXxrTAIBBDyjnPTkr2TF8Gr ++LUrhTI5V8smVkTg9B0rQJh3f/gw6KW06XZaU5vEpvsp9akaLJ75E3RHKpQcoeVJ +GC8mai20ZeEOI5wBQchB5XrW9DCtW18QWZAM64AqN9lIhBQf5TG2UkVx5ISzTVZ7 +wizTYPlEkm46uy4xrpv/UfjuEOaGfRSgfEdJyhWV9zBg3CTY5pY59WyOOlayuKd/ +GWq9L19tcPh1mjxsu+f7cfHwLEt91UxYYdIoIpQHEQKBgQDuev5hqJaZwmjW23B4 +SZjwnZ/etobt2YrlvZjy3e1cm8AF9M4OHsHe7lITL7fCirQWUgxnNwm7fPK7nh8o +JUmiDrmssAfDtKeEInz1Gqu5pj8F9kfo/KrMCw9ig3XtUVzfad1zbR0Q/wBBXGrC +ZYlEm/NNhAYI2ORUvRz5VrJR3wKBgQC7zpttlAfR1HTd3/xNHQJYCHoPaMYErDZ5 +Alk4g2XI57VMoAPLmPBSlL4i+wk+gNPJH7w3pr/qLMSBHtx/yLT3illseKy/QNkO +1bb5YadFWszt0exwx7tfjDt8RtCHBPrMfmcwylvCmOoRVs7+hBhDlLU5WVz4VsAN +Zq1tKfEQcQKBgQDTVLLwH9G1WA5HuBYmwjGBqGzvk5hmVg08IZPURM3+7xZvMM0Y +vjDXOSIKVpLlFr0XuoW7QY6iUstXb3v0u3ZQ4fOwEB4RU5nPAjDxkzzyO1xGEEUR +Nja0smhjyFNMhnlikhHoI51KXm7/fMIumoPWBMzKuGAQnwNYBG4UlrtWyQKBgESI +SUl8Sjo0qAzLDntpSZCsTzZOSmwsF5ii1cH8mOjuPMdgYOIrxg6sfpGvP5lSU3ZC +IWHBdKjUe0SO6XGr4PWvw6AEjS0hUdPLAwEPtIVnc/6YqwogqGxedNqN0Mxkccyr +l6ZDQabKPCfloJVZyKzomBT8WiO5LE33mPOL6Y7RAoGBAIlorvlepz1RiI93df4C +dRnbEggF219OPU9uMoPiCHKLECFKLeqy4aoR/4K5GLtn87pPL4bhiToush/XbN3p +iqapomXJHWreXeykm1jzw5cJoj+kuk52h8V7RpGLw99+8fyIVkJ0NtY/Yo4i05ya +X32b+RISS4okb7fSWxM4YfEX +-----END PRIVATE KEY----- diff --git a/pkg/options/option.go b/pkg/options/option.go index b7575bf..eead180 100644 --- a/pkg/options/option.go +++ b/pkg/options/option.go @@ -56,6 +56,14 @@ type Option struct { GrpcEnable bool GrpcPort uint32 + + HttpsEnable bool + HttpsPort uint32 + CACertFile string + TlsCertFile string + TlsKeyFile string + TlsServerName string + MTLS bool } func (o *Option) AddFlags(flags *pflag.FlagSet) { @@ -79,6 +87,15 @@ func (o *Option) AddFlags(flags *pflag.FlagSet) { flags.BoolVar(&o.GrpcEnable, "grpc-enable", true, "grpc enable") flags.Uint32Var(&o.GrpcPort, "grpc-port", 9091, "grpc demo order port") + + flags.BoolVar(&o.HttpsEnable, "https-enable", false, "https enable") + flags.Uint32Var(&o.HttpsPort, "https-port", 443, "https port") + flags.StringVar(&o.CACertFile, "cacert", "", "CA cert file") + flags.StringVar(&o.TlsCertFile, "cert", "", "tls cert file") + flags.StringVar(&o.TlsKeyFile, "key", "", "tls key file") + flags.StringVar(&o.TlsServerName, "server-name", "", "tls server name") + flags.BoolVar(&o.MTLS, "mtls", false, "mtls enable") + } func (o *Option) Complete() {