Docker/documize
Docker/documize
1
0
Fork 0
mirror of https://github.com/documize/community.git synced 2025-07-18 20:59:43 +02:00
Code Releases Activity

Support TLS version selection

Browse source 
Allow config file and ENV variables to define minimum TLS version used for SSL connections.

tlsversion=1.3
This commit is contained in:
Harvey Kandola 2022-10-10 17:40:36 -04:00
parent 828c01d189
commit 876775b395
3 changed files with 28 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
core/env/flags.go vendored
View file

@ -21,6 +21,7 @@ type Flags struct {
ForceHTTPPort2SSL string // (optional) HTTP that should be redirected to HTTPS
SSLCertFile string // (optional) name of SSL certificate PEM file
SSLKeyFile string // (optional) name of SSL key PEM file
TLSVersion string // (optional) minimum TLS version for SSL connections
SiteMode string // (optional) if 1 then serve offline web page
Location string // reserved
ConfigSource string // tells us if configuration info was obtained from command line or config file
@ -43,6 +44,7 @@ type httpConfig struct {
ForceSSLPort int
Cert string
Key string
TLSVersion string
}
type databaseConfig struct {

13
core/env/parser.go vendored
View file

@ -84,8 +84,13 @@ func configFile() (f Flags, ok bool) {
f.ForceHTTPPort2SSL = strconv.Itoa(ct.HTTP.ForceSSLPort)
f.SSLCertFile = ct.HTTP.Cert
f.SSLKeyFile = ct.HTTP.Key
f.TLSVersion = ct.HTTP.TLSVersion
f.Location = strings.ToLower(ct.Install.Location)
if len(f.TLSVersion) == 0 {
f.TLSVersion = "1.2"
}
ok = true
return
}
@ -93,7 +98,7 @@ func configFile() (f Flags, ok bool) {
// commandLineEnv loads command line and OS environment variables required by the program to function.
func commandLineEnv() (f Flags, ok bool) {
ok = true
var dbConn, dbType, jwtKey, siteMode, port, certFile, keyFile, forcePort2SSL, location string
var dbConn, dbType, jwtKey, siteMode, port, certFile, keyFile, forcePort2SSL, TLSVersion, location string
// register(&configFile, "salt", false, "the salt string used to encode JWT tokens, if not set a random value will be generated")
register(&jwtKey, "salt", false, "the salt string used to encode JWT tokens, if not set a random value will be generated")
@ -101,6 +106,7 @@ func commandLineEnv() (f Flags, ok bool) {
register(&keyFile, "key", false, "the key.pem file used for https")
register(&port, "port", false, "http/https port number")
register(&forcePort2SSL, "forcesslport", false, "redirect given http port number to TLS")
register(&TLSVersion, "tlsversion", false, "select minimum TLS: 1.0, 1.1, 1.2, 1.3")
register(&siteMode, "offline", false, "set to '1' for OFFLINE mode")
register(&dbType, "dbtype", true, "specify the database provider: mysql|percona|mariadb|postgresql|sqlserver")
register(&dbConn, "db", true, `'database specific connection string for example "user:password@tcp(localhost:3306)/dbname"`)
@ -118,9 +124,14 @@ func commandLineEnv() (f Flags, ok bool) {
f.SiteMode = siteMode
f.SSLCertFile = certFile
f.SSLKeyFile = keyFile
f.TLSVersion = TLSVersion
f.Location = strings.ToLower(location)
f.ConfigSource = "flags/environment"
if len(f.TLSVersion) == 0 {
f.TLSVersion = "1.2"
}
return f, ok
}