mirror of https://github.com/jetkvm/kvm.git
57 lines
1.2 KiB
Go
57 lines
1.2 KiB
Go
package kvm
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"net/http"
|
|
|
|
"github.com/jetkvm/kvm/internal/websecure"
|
|
)
|
|
|
|
const (
|
|
tlsStorePath = "/userdata/jetkvm/tls"
|
|
webSecureListen = ":443"
|
|
webSecureSelfSignedDefaultDomain = "jetkvm.local"
|
|
webSecureSelfSignedCAName = "JetKVM Self-Signed CA"
|
|
webSecureSelfSignedOrganization = "JetKVM"
|
|
webSecureSelfSignedOU = "JetKVM Self-Signed"
|
|
)
|
|
|
|
var (
|
|
certStore *websecure.CertStore
|
|
certSigner *websecure.SelfSigner
|
|
)
|
|
|
|
func initCertStore() {
|
|
certStore = websecure.NewCertStore(tlsStorePath)
|
|
certStore.LoadCertificates()
|
|
|
|
certSigner = websecure.NewSelfSigner(
|
|
certStore,
|
|
logger,
|
|
webSecureSelfSignedDefaultDomain,
|
|
webSecureSelfSignedOrganization,
|
|
webSecureSelfSignedOU,
|
|
webSecureSelfSignedCAName,
|
|
)
|
|
}
|
|
|
|
// RunWebSecureServer runs a web server with TLS.
|
|
func RunWebSecureServer() {
|
|
r := setupRouter()
|
|
|
|
server := &http.Server{
|
|
Addr: webSecureListen,
|
|
Handler: r,
|
|
TLSConfig: &tls.Config{
|
|
MaxVersion: tls.VersionTLS13,
|
|
CurvePreferences: []tls.CurveID{},
|
|
GetCertificate: certSigner.GetCertificate,
|
|
},
|
|
}
|
|
logger.Info().Str("listen", WebSecureListen).Msg("Starting websecure server")
|
|
err := server.ListenAndServeTLS("", "")
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
}
|