add tls listen option

ffddorf · Mar 22, 2022 · 3d8d4fc · 3d8d4fc
1 parent 5d724f0
commit 3d8d4fc
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 3 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,6 @@
+.github/**/*
+docs/**/*
+.gitignore
+docker-compose.yml
+LICENSE
+README.md
diff --git a/README.md b/README.md
@@ -41,6 +41,8 @@ The following table describes the default configuration, although the backend se
 |----------------------|--------|------------|---------------------------------------------------------------------------------------------------|
 | LOG_LEVEL            | string | `info`     | Log level (options are: `fatal`, `info`, `warning`, `debug`, `trace`)                             |
 | LISTEN_ADDR          | string | `:8080`    | Address the HTTP server listens on                                                                |
+| TLS_KEY              | string | --         | Path to TLS key file for listening with TLS (fallback to HTTP if not specified)                 |
+| TLS_CERT             | string | --         | Path to TLS certificate file for listening with TLS (fallback to HTTP if not specified)         |
 | STORAGE_BACKEND      | string | `fs`       | Module for state file storage (checkout [docs/storage.md](./docs/storage.md) for other options)   |
 | STORAGE_FS_DIR       | string | `./states` | File system directory for `fs` storage module to store state files                                |
 | KMS_BACKEND          | string | `local`    | Module used for encryption (checkout [docs/kms.md](./docs/kms.md) for other options)              |

diff --git a/cmd/terraform-backend.go b/cmd/terraform-backend.go
@@ -132,13 +132,13 @@ func stateHandler(store storage.Storage, locker lock.Locker, kms kms.KMS) func(h
 }
 
 func healthHandler(w http.ResponseWriter, req *http.Request) {
+	log.Infof("%s %s", req.Method, req.URL.Path)
 	httpResponse(w, http.StatusOK, "")
 }
 
 func main() {
 	viper.AutomaticEnv()
 	viper.SetDefault("log_level", "info")
-	viper.SetDefault("listen_addr", ":8080")
 
 	level, err := log.ParseLevel(viper.GetString("log_level"))
 	if err != nil {
@@ -165,10 +165,21 @@ func main() {
 	}
 	log.Infof("initialized %s KMS backend", kms.GetName())
 
+	viper.SetDefault("listen_addr", ":8080")
 	addr := viper.GetString("listen_addr")
-	log.Printf("listening on %s", addr)
+	tlsKey := viper.GetString("tls_key")
+	tlsCert := viper.GetString("tls_cert")
+
 	r := mux.NewRouter().StrictSlash(true)
 	r.HandleFunc("/state/{project}/{id}", stateHandler(store, locker, kms))
 	r.HandleFunc("/health", healthHandler)
-	log.Fatalf("failed to listen on %s: %v", addr, http.ListenAndServe(addr, r))
+
+	if tlsKey != "" && tlsCert != "" {
+		log.Printf("listening on %s with tls", addr)
+		err = http.ListenAndServeTLS(addr, tlsCert, tlsKey, r)
+	} else {
+		log.Printf("listening on %s", addr)
+		err = http.ListenAndServe(addr, r)
+	}
+	log.Fatalf("failed to listen on %s: %v", addr, err)
 }