mirror of
https://github.com/aclindsa/moneygo.git
synced 2024-12-26 15:42:27 -05:00
Merge pull request #34 from aclindsa/always_https
Only serve over HTTPS, optionally auto-generating certificates
This commit is contained in:
commit
9837afd547
16
Gopkg.lock
generated
16
Gopkg.lock
generated
@ -5,7 +5,7 @@
|
|||||||
branch = "master"
|
branch = "master"
|
||||||
name = "github.com/aclindsa/gorp"
|
name = "github.com/aclindsa/gorp"
|
||||||
packages = ["."]
|
packages = ["."]
|
||||||
revision = "d53dbb52439a458ae75f574d9420f66b6489441d"
|
revision = "4735379e1f46302b58b985d8172a53988aad93b4"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
name = "github.com/aclindsa/ofxgo"
|
name = "github.com/aclindsa/ofxgo"
|
||||||
@ -25,11 +25,17 @@
|
|||||||
revision = "a0583e0143b1624142adab07e0e97fe106d99561"
|
revision = "a0583e0143b1624142adab07e0e97fe106d99561"
|
||||||
version = "v1.3"
|
version = "v1.3"
|
||||||
|
|
||||||
|
[[projects]]
|
||||||
|
branch = "master"
|
||||||
|
name = "github.com/kabukky/httpscerts"
|
||||||
|
packages = ["."]
|
||||||
|
revision = "617593d7dcb39c9ed617bb62c5e2056244d02184"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
branch = "master"
|
branch = "master"
|
||||||
name = "github.com/lib/pq"
|
name = "github.com/lib/pq"
|
||||||
packages = [".","oid"]
|
packages = [".","oid"]
|
||||||
revision = "8c6ee72f3e6bcb1542298dd5f76cb74af9742cec"
|
revision = "83612a56d3dd153a94a629cd64925371c9adad78"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
name = "github.com/mattn/go-sqlite3"
|
name = "github.com/mattn/go-sqlite3"
|
||||||
@ -47,13 +53,13 @@
|
|||||||
branch = "master"
|
branch = "master"
|
||||||
name = "golang.org/x/net"
|
name = "golang.org/x/net"
|
||||||
packages = ["context"]
|
packages = ["context"]
|
||||||
revision = "9dfe39835686865bff950a07b394c12a98ddc811"
|
revision = "a8b9294777976932365dabb6640cf1468d95c70f"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
branch = "master"
|
branch = "master"
|
||||||
name = "golang.org/x/text"
|
name = "golang.org/x/text"
|
||||||
packages = ["currency","internal","internal/format","internal/gen","internal/tag","language","unicode/cldr"]
|
packages = ["currency","internal","internal/format","internal/gen","internal/tag","language","unicode/cldr"]
|
||||||
revision = "88f656faf3f37f690df1a32515b479415e1a6769"
|
revision = "57961680700a5336d15015c8c50686ca5ba362a4"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
name = "gopkg.in/gcfg.v1"
|
name = "gopkg.in/gcfg.v1"
|
||||||
@ -70,6 +76,6 @@
|
|||||||
[solve-meta]
|
[solve-meta]
|
||||||
analyzer-name = "dep"
|
analyzer-name = "dep"
|
||||||
analyzer-version = 1
|
analyzer-version = 1
|
||||||
inputs-digest = "de6a009267b8a81e29fc30f4bb7431c32ca42650d6cfd458324324f3f63abbff"
|
inputs-digest = "ad90bfdaa27132d84af5979b27d0960663bd13d57510566071056e1d4bb0d503"
|
||||||
solver-name = "gps-cdcl"
|
solver-name = "gps-cdcl"
|
||||||
solver-version = 1
|
solver-version = 1
|
||||||
|
16
README.md
16
README.md
@ -63,15 +63,21 @@ cusip_list.csv file and re-run the `go generate ...` command.
|
|||||||
|
|
||||||
## Running
|
## Running
|
||||||
|
|
||||||
Assuming you're in the same directory you ran the above installation commands
|
MoneyGo requires HTTPS or FCGI (no HTTP). Before starting the server, you will
|
||||||
from, running MoneyGo is then as easy as:
|
want to edit the example configuration file
|
||||||
|
(src/github.com/aclindsa/moneygo/example_config.ini) to point to your own SSL
|
||||||
|
certificate/key OR set 'generate-certs-if-absent = true' in the '[http]' section
|
||||||
|
of the config file.
|
||||||
|
|
||||||
|
Then, assuming you're in the same directory you ran the above installation
|
||||||
|
commands from, running MoneyGo is as easy as:
|
||||||
|
|
||||||
$ ./bin/moneygo -config src/github.com/aclindsa/moneygo/example_config.ini
|
$ ./bin/moneygo -config src/github.com/aclindsa/moneygo/example_config.ini
|
||||||
|
|
||||||
You should then be able to explore MoneyGo by visiting http://localhost:8080 in
|
You should then be able to explore MoneyGo by visiting https://localhost:8443 in
|
||||||
your browser. Editing the configuration file supplied will allow you to modify
|
your browser. Editing the configuration file supplied will allow you to modify
|
||||||
several settings including the port used and whether to serve via FastCGI
|
several settings including the port used, SSL certificate locations, and whether
|
||||||
instead of HTTP (the default).
|
to serve via FastCGI instead of HTTPS (the default).
|
||||||
|
|
||||||
## Missing Features
|
## Missing Features
|
||||||
|
|
||||||
|
@ -1,10 +1,10 @@
|
|||||||
[moneygo]
|
[moneygo]
|
||||||
|
|
||||||
# Whether to serve as FastCGI (default is false, for HTTP)
|
# Whether to serve as FastCGI (default is false, for HTTPS)
|
||||||
fcgi = false
|
fcgi = false
|
||||||
|
|
||||||
# Port to serve FCGI or HTTP on
|
# Port on which to serve HTTPS or FCGI
|
||||||
port = 8080
|
port = 8443
|
||||||
|
|
||||||
# Base directory for serving files out of. This should point to the root of the
|
# Base directory for serving files out of. This should point to the root of the
|
||||||
# moneygo source directory
|
# moneygo source directory
|
||||||
@ -25,3 +25,18 @@ db-type = sqlite3
|
|||||||
# Postgres documentation: https://godoc.org/github.com/lib/pq
|
# Postgres documentation: https://godoc.org/github.com/lib/pq
|
||||||
# example DSN: "postgres://user:password@localhost/dbname"
|
# example DSN: "postgres://user:password@localhost/dbname"
|
||||||
db-dsn = file:moneygo.sqlite?cache=shared&mode=rwc
|
db-dsn = file:moneygo.sqlite?cache=shared&mode=rwc
|
||||||
|
|
||||||
|
|
||||||
|
[https]
|
||||||
|
# If 'fcgi = false', the following paths to a SSL certificate and the paired
|
||||||
|
# private key are used when serving HTTPS
|
||||||
|
cert-file = ./cert.pem
|
||||||
|
key-file = ./key.pem
|
||||||
|
|
||||||
|
# Attempt to generate self-signed certificates if the certificate files
|
||||||
|
# specified above are missing or invalid. This should *never* be set to 'true'
|
||||||
|
# for any environment where security is important (including but not limited to
|
||||||
|
# production systems)
|
||||||
|
generate-certs-if-absent = false
|
||||||
|
# A CSV list of hostnames to generate the above certs for
|
||||||
|
generate-certs-hosts = localhost,127.0.0.1
|
||||||
|
@ -55,8 +55,16 @@ type MoneyGo struct {
|
|||||||
DSN string `gcfg:"db-dsn"` // 'Data Source Name' for database connection
|
DSN string `gcfg:"db-dsn"` // 'Data Source Name' for database connection
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type Https struct {
|
||||||
|
CertFile string `gcfg:"cert-file"`
|
||||||
|
KeyFile string `gcfg:"key-file"`
|
||||||
|
GenerateCerts bool `gcfg:"generate-certs-if-absent"` // Generate certificates if missing
|
||||||
|
GenerateCertsHosts string `gcfg:"generate-certs-hosts"` // Hostnames to generate certificates for if missing and GenerateCerts==true
|
||||||
|
}
|
||||||
|
|
||||||
type Config struct {
|
type Config struct {
|
||||||
MoneyGo MoneyGo
|
MoneyGo MoneyGo
|
||||||
|
Https Https
|
||||||
}
|
}
|
||||||
|
|
||||||
func ReadConfig(filename string) (*Config, error) {
|
func ReadConfig(filename string) (*Config, error) {
|
||||||
@ -68,6 +76,12 @@ func ReadConfig(filename string) (*Config, error) {
|
|||||||
DBType: SQLite,
|
DBType: SQLite,
|
||||||
DSN: "file:moneygo.sqlite?cache=shared&mode=rwc",
|
DSN: "file:moneygo.sqlite?cache=shared&mode=rwc",
|
||||||
},
|
},
|
||||||
|
Https: Https{
|
||||||
|
CertFile: "./cert.pem",
|
||||||
|
KeyFile: "./key.pem",
|
||||||
|
GenerateCerts: false,
|
||||||
|
GenerateCertsHosts: "localhost",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
err := gcfg.ReadFileInto(&cfg, filename)
|
err := gcfg.ReadFileInto(&cfg, filename)
|
||||||
|
19
main.go
19
main.go
@ -8,6 +8,7 @@ import (
|
|||||||
"github.com/aclindsa/moneygo/internal/config"
|
"github.com/aclindsa/moneygo/internal/config"
|
||||||
"github.com/aclindsa/moneygo/internal/db"
|
"github.com/aclindsa/moneygo/internal/db"
|
||||||
"github.com/aclindsa/moneygo/internal/handlers"
|
"github.com/aclindsa/moneygo/internal/handlers"
|
||||||
|
"github.com/kabukky/httpscerts"
|
||||||
"log"
|
"log"
|
||||||
"net"
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
@ -89,10 +90,24 @@ func main() {
|
|||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Printf("Serving on port %d out of directory: %s", cfg.MoneyGo.Port, cfg.MoneyGo.Basedir)
|
|
||||||
if cfg.MoneyGo.Fcgi {
|
if cfg.MoneyGo.Fcgi {
|
||||||
|
log.Printf("Serving via FCGI on port %d out of directory: %s", cfg.MoneyGo.Port, cfg.MoneyGo.Basedir)
|
||||||
fcgi.Serve(listener, servemux)
|
fcgi.Serve(listener, servemux)
|
||||||
} else {
|
} else {
|
||||||
http.Serve(listener, servemux)
|
cert := cfg.Https.CertFile
|
||||||
|
key := cfg.Https.KeyFile
|
||||||
|
|
||||||
|
if err := httpscerts.Check(cert, key); err != nil {
|
||||||
|
if !cfg.Https.GenerateCerts {
|
||||||
|
log.Fatalf("HTTPS certficates not found at '%s' and '%s'. If you would like for them to be auto-generated for you, specify 'generate-certs-if-absent = true' in your config file at '%s'", cert, key, configFile)
|
||||||
|
}
|
||||||
|
|
||||||
|
err = httpscerts.Generate(cert, key, cfg.Https.GenerateCertsHosts)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("Error: Generating HTTPS cert/key at '%s' and '%s' failed: %s", cert, key, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
log.Printf("Serving via HTTPS on port %d out of directory: %s", cfg.MoneyGo.Port, cfg.MoneyGo.Basedir)
|
||||||
|
http.ServeTLS(listener, servemux, cert, key)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user