https support-WIP

author: terminaldweller <thabogre@gmail.com> 2021-09-11 18:26:52 +0000
committer: terminaldweller <thabogre@gmail.com> 2021-09-11 18:26:52 +0000
commit: bb6958b6f6ca38520a1c26976b5ce71ca8c508f3 (patch)
tree: a0c17efc6c1fcd3365d2dbe91b26db2a4277e378
parent: added a codacy badge (diff)
download: hived-bb6958b6f6ca38520a1c26976b5ce71ca8c508f3.tar.gz
hived-bb6958b6f6ca38520a1c26976b5ce71ca8c508f3.zip
3 files changed, 19 insertions, 4 deletions
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 8a404a1..3be8194 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -16,13 +16,17 @@ services:
     depends_on:
       - redis
     entrypoint: /hived/docker-entrypoint.sh
+    volumes:
+      - /etc/letsencrypt/archive/api.terminaldweller.com/:/certs/
+    cap_drop:
+      - ALL
   redis:
     image: redis:6.2-alpine
     networks:
       - hivednet
     restart: unless-stopped
     ports:
-      - "6379:6379"
+      - "127.0.0.1:6379:6379"
     environment:
       - ALLOW_EMPTY_PASSWORD=yes
     volumes:
diff --git a/go.mod b/go.mod
index 5a1a643..97de2d8 100644
--- a/go.mod
+++ b/go.mod
@@ -6,9 +6,7 @@ require (
 	github.com/Knetic/govaluate v3.0.0+incompatible
 	github.com/go-redis/redis/v8 v8.6.0
 	github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible
-	github.com/golang/protobuf v1.4.2
 	github.com/gorilla/mux v1.8.0
 	github.com/rs/zerolog v1.20.0
 	github.com/technoweenie/multipartstreamer v1.0.1 // indirect
-	google.golang.org/protobuf v1.23.0
 )
diff --git a/hived.go b/hived.go
index 97e9548..76fcd84 100644
--- a/hived.go
+++ b/hived.go
@@ -5,6 +5,7 @@ import (
 	"context"
 	"crypto/hmac"
 	"crypto/sha512"
+	"crypto/tls"
 	"encoding/hex"
 	"encoding/json"
 	"errors"
@@ -601,11 +602,23 @@ func robotsHandler(w http.ResponseWriter, r *http.Request) {
 
 func startServer(gracefulWait time.Duration) {
 	r := mux.NewRouter()
+	cfg := &tls.Config{
+		MinVersion:               tls.VersionTLS13,
+		CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
+		PreferServerCipherSuites: true,
+		CipherSuites: []uint16{
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+		},
+	}
 	srv := &http.Server{
 		Addr:         "0.0.0.0:" + *flagPort,
 		WriteTimeout: time.Second * 15,
 		ReadTimeout:  time.Second * 15,
 		Handler:      r,
+		TLSConfig:    cfg,
 	}
 	r.HandleFunc("/health", healthHandler)
 	r.HandleFunc("/price", priceHandler)
@@ -615,7 +628,7 @@ func startServer(gracefulWait time.Duration) {
 	r.HandleFunc("/robots.txt", robotsHandler)
 
 	go func() {
-		if err := srv.ListenAndServe(); err != nil {
+		if err := srv.ListenAndServeTLS("/certs/fullchain.pem", "/certs/privkey.pem"); err != nil {
 			log.Fatal().Err(err)
 		}
 	}()
author	terminaldweller <thabogre@gmail.com>	2021-09-11 18:26:52 +0000
committer	terminaldweller <thabogre@gmail.com>	2021-09-11 18:26:52 +0000
commit	bb6958b6f6ca38520a1c26976b5ce71ca8c508f3 (patch)
tree	a0c17efc6c1fcd3365d2dbe91b26db2a4277e378
parent	added a codacy badge (diff)
download	hived-bb6958b6f6ca38520a1c26976b5ce71ca8c508f3.tar.gz hived-bb6958b6f6ca38520a1c26976b5ce71ca8c508f3.zip