HTTPS support

README.md

@@ -72,6 +72,24 @@ Content-Length: 19
 ```
 
 
+# TLS
+
+To enable TLS support, add `-cert` and `-key` options:
+
+```
+$ ./simple_upload_server -cert ./cert.pem -key ./key.pem root/
+INFO[0000] starting up simple-upload-server
+WARN[0000] token generated                               token=28d93c74c8589ab62b5e
+INFO[0000] start listening TLS                           cert=./cert.pem key=./key.pem port=25443
+INFO[0000] start listening                               ip=0.0.0.0 port=25478 root=root token=28d93c74c8589ab62b5e upload_limit=5242880
+...
+```
+
+This server listens on `25443/tcp` for TLS connections by default. This can be changed by passing `-tlsport` option.
+
+NOTE: The endpoint using HTTP is still active even if TLS is enabled.
+
+
 # Security
 
 There is no Basic/Digest authentication. This app implements dead simple authentication: "security token".

simple_upload_server.go

@@ -16,10 +16,13 @@ var logger *logrus.Logger
 func run(args []string) int {
 	bindAddress := flag.String("ip", "0.0.0.0", "IP address to bind")
 	listenPort := flag.Int("port", 25478, "port number to listen on")
+	tlsListenPort := flag.Int("tlsport", 25443, "port number to listen on with TLS")
 	// 5,242,880 bytes == 5 MiB
 	maxUploadSize := flag.Int64("upload_limit", 5242880, "max size of uploaded file (byte)")
 	tokenFlag := flag.String("token", "", "specify the security token (it is automatically generated if empty)")
 	logLevelFlag := flag.String("loglevel", "info", "logging level")
+	certFile := flag.String("cert", "", "path to certificate file")
+	keyFile := flag.String("key", "", "path to key file")
 	flag.Parse()
 	serverRoot := flag.Arg(0)
 	if len(serverRoot) == 0 {
@@ -42,17 +45,44 @@ func run(args []string) int {
 		token = fmt.Sprintf("%x", b)
 		logger.WithField("token", token).Warn("token generated")
 	}
-	logger.WithFields(logrus.Fields{
-		"ip":           *bindAddress,
-		"port":         *listenPort,
-		"token":        token,
-		"upload_limit": *maxUploadSize,
-		"root":         serverRoot,
-	}).Info("start listening")
+	tlsEnabled := *certFile != "" && *keyFile != ""
 	server := NewServer(serverRoot, *maxUploadSize, token)
 	http.Handle("/upload", server)
 	http.Handle("/files/", server)
-	http.ListenAndServe(fmt.Sprintf("%s:%d", *bindAddress, *listenPort), nil)
+
+	errors := make(chan error)
+
+	go func() {
+		logger.WithFields(logrus.Fields{
+			"ip":           *bindAddress,
+			"port":         *listenPort,
+			"token":        token,
+			"upload_limit": *maxUploadSize,
+			"root":         serverRoot,
+		}).Info("start listening")
+
+		if err := http.ListenAndServe(fmt.Sprintf("%s:%d", *bindAddress, *listenPort), nil); err != nil {
+			errors <- err
+		}
+	}()
+
+	if tlsEnabled {
+		go func() {
+			logger.WithFields(logrus.Fields{
+				"cert": *certFile,
+				"key":  *keyFile,
+				"port": *tlsListenPort,
+			}).Info("start listening TLS")
+
+			if err := http.ListenAndServeTLS(fmt.Sprintf("%s:%d", *bindAddress, *tlsListenPort), *certFile, *keyFile, nil); err != nil {
+				errors <- err
+			}
+		}()
+	}
+
+	err := <-errors
+	logger.WithError(err).Info("closing server")
+
 	return 0
 }