Enable HTTPS for monitoring

gnatsd.go

@@ -42,6 +42,8 @@ func main() {
 	flag.StringVar(&opts.Authorization, "auth", "", "Authorization token required for connection.")
 	flag.IntVar(&opts.HTTPPort, "m", 0, "HTTP Port for /varz, /connz endpoints.")
 	flag.IntVar(&opts.HTTPPort, "http_port", 0, "HTTP Port for /varz, /connz endpoints.")
+	flag.IntVar(&opts.HTTPSPort, "ms", 0, "HTTPS Port for /varz, /connz endpoints.")
+	flag.IntVar(&opts.HTTPSPort, "https_port", 0, "HTTPS Port for /varz, /connz endpoints.")
 	flag.StringVar(&configFile, "c", "", "Configuration file.")
 	flag.StringVar(&configFile, "config", "", "Configuration file.")
 	flag.StringVar(&opts.PidFile, "P", "", "File to store process pid.")
@@ -58,7 +60,6 @@ func main() {
 	flag.StringVar(&opts.RoutesStr, "routes", "", "Routes to actively solicit a connection.")
 	flag.StringVar(&opts.ClusterListenStr, "cluster_listen", "", "Cluster url from which members can solicit routes.")
 	flag.BoolVar(&showTlsHelp, "help_tls", false, "TLS help.")
-
 	flag.BoolVar(&opts.TLS, "tls", false, "Enable TLS.")
 	flag.BoolVar(&opts.TLSVerify, "tlsverify", false, "Enable TLS with client verification.")
 	flag.StringVar(&opts.TLSCert, "tlscert", "", "Server certificate file.")

server/configs/test.conf

@@ -37,4 +37,3 @@ max_payload: 65536
 
 # slow consumer threshold
 max_pending_size: 10000000
-

server/monitor.go

@@ -299,19 +299,20 @@ func (s *Server) HandleRoot(w http.ResponseWriter, r *http.Request) {
 	fmt.Fprintf(w, `<html lang="en">
         <head>
         <style type="text/css">
-        body { font-family: “Century Gothic”, CenturyGothic, AppleGothic, sans-serif; }
+        body { font-family: “Century Gothic”, CenturyGothic, AppleGothic, sans-serif; font-size: 18; }
         a { margin-left: 32px; }
         </style>
         </head>
 		<body>
             <img src="http://nats.io/img/logo.png" alt="NATS">
 			<br/>
-			<a href=http://%s/varz>http://%s/varz</a><br/>
-			<a href=http://%s/connz>http://%s/connz</a><br/>
-			<a href=http://%s/routez>http://%s/routez</a><br/>
-			<a href=http://%s/subscriptionsz>http://%s/subscriptionsz</a><br/>
+			<a href=/varz>varz</a><br/>
+			<a href=/connz>connz</a><br/>
+			<a href=/routez>routez</a><br/>
+			<a href=/subsz>subsz</a><br/>
 		</body>
-	</html>`, r.Host, r.Host, r.Host, r.Host, r.Host, r.Host, r.Host, r.Host)
+	</html>
+    `)
 }
 
 // HandleVarz will process HTTP requests for server information.

server/opts.go

@@ -33,6 +33,7 @@ type Options struct {
 	PingInterval       time.Duration `json:"ping_interval"`
 	MaxPingsOut        int           `json:"ping_max"`
 	HTTPPort           int           `json:"http_port"`
+	HTTPSPort          int           `json:"https_port"`
 	AuthTimeout        float64       `json:"auth_timeout"`
 	MaxControlLine     int           `json:"max_control_line"`
 	MaxPayload         int           `json:"max_payload"`
@@ -118,6 +119,8 @@ func ProcessConfigFile(configFile string) (*Options, error) {
 			opts.AuthTimeout = auth.timeout
 		case "http_port", "monitor_port":
 			opts.HTTPPort = int(v.(int64))
+		case "https_port":
+			opts.HTTPSPort = int(v.(int64))
 		case "cluster":
 			cm := v.(map[string]interface{})
 			if err := parseCluster(cm, opts); err != nil {

server/server.go

@@ -204,6 +204,14 @@ func (s *Server) Start() {
 		s.StartHTTPMonitoring()
 	}
 
+	// Start up the https server if needed.
+	if s.opts.HTTPSPort != 0 {
+		if s.opts.TLSConfig == nil {
+			Fatalf("TLS cert and key required for HTTPS")
+		}
+		s.StartHTTPSMonitoring()
+	}
+
 	// Start up routing as well if needed.
 	if s.opts.ClusterPort != 0 {
 		s.StartRouting()
@@ -289,7 +297,6 @@ func (s *Server) AcceptLoop() {
 	Noticef("Listening for client connections on %s", hp)
 	l, e := net.Listen("tcp", hp)
 	if e != nil {
-		fmt.Printf("could not listen on port for %s, %v\n", hp, e)
 		Fatalf("Error listening on port: %s, %q", hp, e)
 		return
 	}
@@ -359,11 +366,30 @@ func (s *Server) StartProfiler() {
 
 // StartHTTPMonitoring will enable the HTTP monitoring port.
 func (s *Server) StartHTTPMonitoring() {
-	Noticef("Starting http monitor on port %d", s.opts.HTTPPort)
+	s.startMonitoring(false)
+}
 
-	hp := fmt.Sprintf("%s:%d", s.opts.Host, s.opts.HTTPPort)
+// StartHTTPMonitoring will enable the HTTPS monitoring port.
+func (s *Server) StartHTTPSMonitoring() {
+	s.startMonitoring(true)
+}
+
+// Start the monitoring server
+func (s *Server) startMonitoring(secure bool) {
+	var hp string
+	var err error
+
+	if secure {
+		hp := fmt.Sprintf("%s:%d", s.opts.Host, s.opts.HTTPSPort)
+		Noticef("Starting https monitor on %s", hp)
+		s.http, err = tls.Listen("tcp", hp, s.opts.TLSConfig)
+
+	} else {
+		hp := fmt.Sprintf("%s:%d", s.opts.Host, s.opts.HTTPPort)
+		Noticef("Starting http monitor on %s", hp)
+		s.http, err = net.Listen("tcp", hp)
+	}
 
-	l, err := net.Listen("tcp", hp)
 	if err != nil {
 		Fatalf("Can't listen to the monitor port: %v", err)
 	}
@@ -372,18 +398,16 @@ func (s *Server) StartHTTPMonitoring() {
 
 	// Root
 	mux.HandleFunc("/", s.HandleRoot)
-
 	// Varz
 	mux.HandleFunc("/varz", s.HandleVarz)
-
 	// Connz
 	mux.HandleFunc("/connz", s.HandleConnz)
-
 	// Routez
 	mux.HandleFunc("/routez", s.HandleRoutez)
-
 	// Subz
 	mux.HandleFunc("/subscriptionsz", s.HandleSubsz)
+	// Subz
+	mux.HandleFunc("/subsz", s.HandleSubsz)
 
 	srv := &http.Server{
 		Addr:           hp,
@@ -393,8 +417,6 @@ func (s *Server) StartHTTPMonitoring() {
 		MaxHeaderBytes: 1 << 20,
 	}
 
-	s.http = l
-
 	go func() {
 		srv.Serve(s.http)
 		srv.Handler = nil

server/usage.go

@@ -13,6 +13,7 @@ Server Options:
     -p, --port PORT                  Use PORT for clients (default: 4222)
     -P, --pid FILE                   File to store PID
     -m, --http_port PORT             Use HTTP PORT for monitoring
+    -ms,--https_port PORT            Use HTTPS PORT for monitoring
     -c, --config FILE                Configuration File
 
 Logging Options: