mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

p2phttp support https

Browse source
This commit is contained in:
Joey Hess 2024-07-23 15:37:36 -04:00
parent b7149e897b
commit 73ffb58456
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
3 changed files with 40 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

24
Command/P2PHttp.hs
View file

@ -37,6 +37,9 @@ cmd = withAnnexOptions [jobsOption] $ command "p2phttp" SectionPlumbing
data Options = Options data Options = Options
{ portOption :: Maybe PortNumber { portOption :: Maybe PortNumber
, bindOption :: Maybe String , bindOption :: Maybe String
, certFileOption :: Maybe FilePath
, privateKeyFileOption :: Maybe FilePath
, chainFileOption :: [FilePath]
, authEnvOption :: Bool , authEnvOption :: Bool
, authEnvHttpOption :: Bool , authEnvHttpOption :: Bool
, unauthReadOnlyOption :: Bool , unauthReadOnlyOption :: Bool
@ -54,6 +57,18 @@ optParser _ = Options
( long "bind" <> metavar paramAddress ( long "bind" <> metavar paramAddress
<> help "specify address to bind to" <> help "specify address to bind to"
)) ))
<*> optional (strOption
( long "certfile" <> metavar paramFile
<> help "TLS certificate file for HTTPS"
))
<*> optional (strOption
( long "privatekeyfile" <> metavar paramFile
<> help "TLS private key file for HTTPS"
))
<*> many (strOption
( long "chainfile" <> metavar paramFile
<> help "TLS chain file"
))
<*> switch <*> switch
( long "authenv" ( long "authenv"
<> help "authenticate users from environment (https only)" <> help "authenticate users from environment (https only)"
@ -83,8 +98,13 @@ seek o = getAnnexWorkerPool $ \workerpool ->
mkGetServerMode authenv o mkGetServerMode authenv o
let settings = Warp.setPort port $ Warp.setHost host $ let settings = Warp.setPort port $ Warp.setHost host $
Warp.defaultSettings Warp.defaultSettings
Warp.runSettings settings (p2pHttpApp st) case (certFileOption o, privateKeyFileOption o) of
--Warp.runTLS settings (p2pHttpApp st) (Nothing, Nothing) -> Warp.runSettings settings (p2pHttpApp st)
(Just certfile, Just privatekeyfile) -> do
let tlssettings = Warp.tlsSettingsChain
certfile (chainFileOption o) privatekeyfile
Warp.runTLS tlssettings settings (p2pHttpApp st)
_ -> giveup "You must use both --certfile and --privatekeyfile options to enable HTTPS."
where where
port = maybe port = maybe
(fromIntegral defaultP2PHttpProtocolPort) (fromIntegral defaultP2PHttpProtocolPort)

14
doc/git-annex-p2phttp.mdwn
View file

@ -52,6 +52,20 @@ convenient way to download the content of any key, by using the path
What address to bind to. The default is to bind to all addresses. What address to bind to. The default is to bind to all addresses.
* `--certfile=filename`
TLS certificate file to use. Combining this with `--privatekeyfile`
makes the server use HTTPS.
* `--privatekeyfile=filename`
TLS private key file to use. Combining this with `--certfile`
makes the server use HTTPS.
* `--chainfile=filename`
TLS chain file to use. This option can be repeated any number of times.
* `--authenv` * `--authenv`
Allows users to be authenticated with a username and password. Allows users to be authenticated with a username and password.

4
doc/todo/git-annex_proxies.mdwn
View file

@ -30,6 +30,8 @@ Planned schedule of work:
* Rest of Remote.Git needs implementing. * Rest of Remote.Git needs implementing.
* git-annex p2phttp serving .well-known for ACME.
* git-annex p2phttp needs to support https. Including serving .well-known * git-annex p2phttp needs to support https. Including serving .well-known
for ACME. for ACME.
@ -57,6 +59,8 @@ Planned schedule of work:
* Allow using annex+http urls in remote.name.annexUrl * Allow using annex+http urls in remote.name.annexUrl
* Make git-annex p2phttp support https.
## items deferred until later for [[design/passthrough_proxy]] ## items deferred until later for [[design/passthrough_proxy]]
* Check annex.diskreserve when proxying for special remotes * Check annex.diskreserve when proxying for special remotes