authentik/internal/web/web_ssl.go

33 lines
850 B
Go

package web
import (
"crypto/tls"
"net"
"goauthentik.io/internal/config"
"goauthentik.io/internal/crypto"
)
// ServeHTTPS constructs a net.Listener and starts handling HTTPS requests
func (ws *WebServer) listenTLS() {
cert, err := crypto.GenerateSelfSignedCert()
if err != nil {
ws.log.WithError(err).Error("failed to generate default cert")
}
tlsConfig := &tls.Config{
MinVersion: tls.VersionTLS12,
MaxVersion: tls.VersionTLS12,
Certificates: []tls.Certificate{cert},
}
ln, err := net.Listen("tcp", config.G.Web.ListenTLS)
if err != nil {
ws.log.WithError(err).Fatalf("failed to listen")
}
ws.log.WithField("addr", config.G.Web.ListenTLS).Info("Running")
tlsListener := tls.NewListener(tcpKeepAliveListener{ln.(*net.TCPListener)}, tlsConfig)
ws.serve(tlsListener)
ws.log.Printf("closing %s", tlsListener.Addr())
}