Merge pull request #121 from endocode/kayrus/fd_https

Added possibility to use TLS with systemd socket activation
coreos · Nov 2, 2015 · db04588 · db04588
2 parents 6d2228f + b58cb23
commit db04588
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/activation/listeners.go b/activation/listeners.go
@@ -15,6 +15,7 @@
 package activation
 
 import (
+	"crypto/tls"
 	"net"
 )
 
@@ -35,3 +36,27 @@ func Listeners(unsetEnv bool) ([]net.Listener, error) {
 	}
 	return listeners, nil
 }
+
+// TLSListeners returns a slice containing a net.listener for each matching TCP socket type
+// passed to this process.
+// It uses default Listeners func and forces TCP sockets handlers to use TLS based on tlsConfig.
+func TLSListeners(unsetEnv bool, tlsConfig *tls.Config) ([]net.Listener, error) {
+	listeners, err := Listeners(unsetEnv)
+
+	if listeners == nil || err != nil {
+		return nil, err
+	}
+
+	if tlsConfig != nil && err == nil {
+		tlsConfig.NextProtos = []string{"http/1.1"}
+
+		for i, l := range listeners {
+			// Activate TLS only for TCP sockets
+			if l.Addr().Network() == "tcp" {
+				listeners[i] = tls.NewListener(l, tlsConfig)
+			}
+		}
+	}
+
+	return listeners, err
+}