-
-
Save hdm/d271eb94a51f7f908ecb9ddc82d2b644 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| func main() { | |
| var s servers.Server | |
| // Toggle mode based on TLSNAME environment variable | |
| tlsName := envy.Get("TLSNAME", "") | |
| // TODO: Expose timeout configurations as environment variables as well | |
| if len(tlsName) == 0 { | |
| // Plain HTTP mode | |
| plainServer := &http.Server{ | |
| IdleTimeout: 60 * time.Second, | |
| // Large uploads of imported scan files | |
| ReadTimeout: 90 * time.Second, | |
| // Large downloads of the agent and scanner | |
| WriteTimeout: 900 * time.Second, | |
| Addr: "0.0.0.0:3000", | |
| } | |
| s = servers.Wrap(plainServer) | |
| } else { | |
| // Automatic TLS mode | |
| certManager := &autocert.Manager{ | |
| Prompt: autocert.AcceptTOS, | |
| HostPolicy: autocert.HostWhitelist(tlsName), | |
| Cache: autocert.DirCache("certs"), | |
| } | |
| getCert := func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) { | |
| // Default the server name to tlsName if no SNI was sent | |
| if hello.ServerName == "" { | |
| hello.ServerName = tlsName | |
| } | |
| return certManager.GetCertificate(hello) | |
| } | |
| tlsServer := &http.Server{ | |
| IdleTimeout: 60 * time.Second, | |
| // Large uploads of imported scan files | |
| ReadTimeout: 90 * time.Second, | |
| // Large downloads of the agent and scanner | |
| WriteTimeout: 900 * time.Second, | |
| Addr: "0.0.0.0:443", | |
| TLSConfig: &tls.Config{ | |
| GetCertificate: getCert, | |
| PreferServerCipherSuites: true, | |
| CurvePreferences: []tls.CurveID{ | |
| tls.CurveP256, | |
| tls.X25519, // Go 1.8 only | |
| }, | |
| MinVersion: tls.VersionTLS12, | |
| CipherSuites: []uint16{ | |
| tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, | |
| tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, | |
| tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, // Go 1.8 only | |
| tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, // Go 1.8 only | |
| tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, | |
| tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, | |
| }, | |
| }, | |
| } | |
| plain := &http.Server{ | |
| Handler: certManager.HTTPHandler(nil), | |
| Addr: ":80", | |
| ReadTimeout: 5 * time.Second, | |
| WriteTimeout: 10 * time.Second, | |
| IdleTimeout: 60 * time.Second, | |
| } | |
| go plain.ListenAndServe() | |
| s = servers.WrapTLS(tlsServer, "", "") | |
| } | |
| app := actions.App() | |
| if err := app.Serve(s); err != nil { | |
| log.Fatal(err) | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment