mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-04-29 15:29:52 -05:00
Code Issues Packages Projects Releases Wiki Activity

Nats tls (#4781)

Browse Source 
* use tls for nats connections

* add config options for nats client tls config

* add nats tls config to CI

* add function to create a certpool

* add option to provide a rootCA to validate the server's TLS certificate

* add option to provide a rootCA to validate the server's TLS certificate

* add option to provide a rootCA to validate the server's TLS certificate

* add option to provide a rootCA to validate the server's TLS certificate

* configure nats clients in reva to use tls
This commit is contained in:
David Christofas
2022-10-12 14:56:47 +02:00
committed by GitHub
parent 24807bbac8
commit 4623b6c8e7
27 changed files with 289 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/nats/pkg/command/server.go
+23
View File
@@ -2,11 +2,13 @@ package command
import (
"context"
"crypto/tls"
"fmt"
"github.com/oklog/run"
"github.com/owncloud/ocis/v2/ocis-pkg/config/configlog"
pkgcrypto "github.com/owncloud/ocis/v2/ocis-pkg/crypto"
"github.com/owncloud/ocis/v2/services/nats/pkg/config"
"github.com/owncloud/ocis/v2/services/nats/pkg/config/parser"
"github.com/owncloud/ocis/v2/services/nats/pkg/logging"
@@ -36,6 +38,26 @@ func Server(cfg *config.Config) *cli.Command {
defer cancel()
// Generate a self-signing cert if no certificate is present
if err := pkgcrypto.GenCert(cfg.Nats.TLSCert, cfg.Nats.TLSKey, logger); err != nil {
logger.Fatal().Err(err).Msgf("Could not generate test-certificate")
}
crt, err := tls.LoadX509KeyPair(cfg.Nats.TLSCert, cfg.Nats.TLSKey)
if err != nil {
return err
}
clientAuth := tls.RequireAndVerifyClientCert
if cfg.Nats.TLSSkipVerifyClientCert {
clientAuth = tls.NoClientCert
}
tlsConf := &tls.Config{
MinVersion: tls.VersionTLS12,
ClientAuth: clientAuth,
Certificates: []tls.Certificate{crt},
}
natsServer, err := nats.NewNATSServer(
ctx,
logging.NewLogWrapper(logger),
@@ -43,6 +65,7 @@ func Server(cfg *config.Config) *cli.Command {
nats.Port(cfg.Nats.Port),
nats.ClusterID(cfg.Nats.ClusterID),
nats.StoreDir(cfg.Nats.StoreDir),
nats.TLSConfig(tlsConf),
)
if err != nil {
return err