diff --git a/gnatsd.go b/gnatsd.go index b9c6ff80..6635e9bd 100644 --- a/gnatsd.go +++ b/gnatsd.go @@ -42,6 +42,8 @@ func main() { flag.StringVar(&opts.Authorization, "auth", "", "Authorization token required for connection.") flag.IntVar(&opts.HTTPPort, "m", 0, "HTTP Port for /varz, /connz endpoints.") flag.IntVar(&opts.HTTPPort, "http_port", 0, "HTTP Port for /varz, /connz endpoints.") + flag.IntVar(&opts.HTTPSPort, "ms", 0, "HTTPS Port for /varz, /connz endpoints.") + flag.IntVar(&opts.HTTPSPort, "https_port", 0, "HTTPS Port for /varz, /connz endpoints.") flag.StringVar(&configFile, "c", "", "Configuration file.") flag.StringVar(&configFile, "config", "", "Configuration file.") flag.StringVar(&opts.PidFile, "P", "", "File to store process pid.") @@ -58,7 +60,6 @@ func main() { flag.StringVar(&opts.RoutesStr, "routes", "", "Routes to actively solicit a connection.") flag.StringVar(&opts.ClusterListenStr, "cluster_listen", "", "Cluster url from which members can solicit routes.") flag.BoolVar(&showTlsHelp, "help_tls", false, "TLS help.") - flag.BoolVar(&opts.TLS, "tls", false, "Enable TLS.") flag.BoolVar(&opts.TLSVerify, "tlsverify", false, "Enable TLS with client verification.") flag.StringVar(&opts.TLSCert, "tlscert", "", "Server certificate file.") diff --git a/server/configs/test.conf b/server/configs/test.conf index b27215a2..baf54187 100644 --- a/server/configs/test.conf +++ b/server/configs/test.conf @@ -37,4 +37,3 @@ max_payload: 65536 # slow consumer threshold max_pending_size: 10000000 - diff --git a/server/monitor.go b/server/monitor.go index cac044de..69f7a2eb 100644 --- a/server/monitor.go +++ b/server/monitor.go @@ -299,19 +299,20 @@ func (s *Server) HandleRoot(w http.ResponseWriter, r *http.Request) { fmt.Fprintf(w, ` NATS
- http://%s/varz
- http://%s/connz
- http://%s/routez
- http://%s/subscriptionsz
+ varz
+ connz
+ routez
+ subsz
- `, r.Host, r.Host, r.Host, r.Host, r.Host, r.Host, r.Host, r.Host) + + `) } // HandleVarz will process HTTP requests for server information. diff --git a/server/opts.go b/server/opts.go index caa0774e..03b6cdd4 100644 --- a/server/opts.go +++ b/server/opts.go @@ -33,6 +33,7 @@ type Options struct { PingInterval time.Duration `json:"ping_interval"` MaxPingsOut int `json:"ping_max"` HTTPPort int `json:"http_port"` + HTTPSPort int `json:"https_port"` AuthTimeout float64 `json:"auth_timeout"` MaxControlLine int `json:"max_control_line"` MaxPayload int `json:"max_payload"` @@ -118,6 +119,8 @@ func ProcessConfigFile(configFile string) (*Options, error) { opts.AuthTimeout = auth.timeout case "http_port", "monitor_port": opts.HTTPPort = int(v.(int64)) + case "https_port": + opts.HTTPSPort = int(v.(int64)) case "cluster": cm := v.(map[string]interface{}) if err := parseCluster(cm, opts); err != nil { diff --git a/server/server.go b/server/server.go index fc5897be..bab0f03d 100644 --- a/server/server.go +++ b/server/server.go @@ -204,6 +204,14 @@ func (s *Server) Start() { s.StartHTTPMonitoring() } + // Start up the https server if needed. + if s.opts.HTTPSPort != 0 { + if s.opts.TLSConfig == nil { + Fatalf("TLS cert and key required for HTTPS") + } + s.StartHTTPSMonitoring() + } + // Start up routing as well if needed. if s.opts.ClusterPort != 0 { s.StartRouting() @@ -289,7 +297,6 @@ func (s *Server) AcceptLoop() { Noticef("Listening for client connections on %s", hp) l, e := net.Listen("tcp", hp) if e != nil { - fmt.Printf("could not listen on port for %s, %v\n", hp, e) Fatalf("Error listening on port: %s, %q", hp, e) return } @@ -359,11 +366,30 @@ func (s *Server) StartProfiler() { // StartHTTPMonitoring will enable the HTTP monitoring port. func (s *Server) StartHTTPMonitoring() { - Noticef("Starting http monitor on port %d", s.opts.HTTPPort) + s.startMonitoring(false) +} - hp := fmt.Sprintf("%s:%d", s.opts.Host, s.opts.HTTPPort) +// StartHTTPMonitoring will enable the HTTPS monitoring port. +func (s *Server) StartHTTPSMonitoring() { + s.startMonitoring(true) +} + +// Start the monitoring server +func (s *Server) startMonitoring(secure bool) { + var hp string + var err error + + if secure { + hp := fmt.Sprintf("%s:%d", s.opts.Host, s.opts.HTTPSPort) + Noticef("Starting https monitor on %s", hp) + s.http, err = tls.Listen("tcp", hp, s.opts.TLSConfig) + + } else { + hp := fmt.Sprintf("%s:%d", s.opts.Host, s.opts.HTTPPort) + Noticef("Starting http monitor on %s", hp) + s.http, err = net.Listen("tcp", hp) + } - l, err := net.Listen("tcp", hp) if err != nil { Fatalf("Can't listen to the monitor port: %v", err) } @@ -372,18 +398,16 @@ func (s *Server) StartHTTPMonitoring() { // Root mux.HandleFunc("/", s.HandleRoot) - // Varz mux.HandleFunc("/varz", s.HandleVarz) - // Connz mux.HandleFunc("/connz", s.HandleConnz) - // Routez mux.HandleFunc("/routez", s.HandleRoutez) - // Subz mux.HandleFunc("/subscriptionsz", s.HandleSubsz) + // Subz + mux.HandleFunc("/subsz", s.HandleSubsz) srv := &http.Server{ Addr: hp, @@ -393,8 +417,6 @@ func (s *Server) StartHTTPMonitoring() { MaxHeaderBytes: 1 << 20, } - s.http = l - go func() { srv.Serve(s.http) srv.Handler = nil diff --git a/server/usage.go b/server/usage.go index 8be506b8..e447a34b 100644 --- a/server/usage.go +++ b/server/usage.go @@ -13,6 +13,7 @@ Server Options: -p, --port PORT Use PORT for clients (default: 4222) -P, --pid FILE File to store PID -m, --http_port PORT Use HTTP PORT for monitoring + -ms,--https_port PORT Use HTTPS PORT for monitoring -c, --config FILE Configuration File Logging Options: