aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docker-compose.yaml6
-rw-r--r--go.mod2
-rw-r--r--hived.go15
3 files changed, 19 insertions, 4 deletions
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 8a404a1..3be8194 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -16,13 +16,17 @@ services:
depends_on:
- redis
entrypoint: /hived/docker-entrypoint.sh
+ volumes:
+ - /etc/letsencrypt/archive/api.terminaldweller.com/:/certs/
+ cap_drop:
+ - ALL
redis:
image: redis:6.2-alpine
networks:
- hivednet
restart: unless-stopped
ports:
- - "6379:6379"
+ - "127.0.0.1:6379:6379"
environment:
- ALLOW_EMPTY_PASSWORD=yes
volumes:
diff --git a/go.mod b/go.mod
index 5a1a643..97de2d8 100644
--- a/go.mod
+++ b/go.mod
@@ -6,9 +6,7 @@ require (
github.com/Knetic/govaluate v3.0.0+incompatible
github.com/go-redis/redis/v8 v8.6.0
github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible
- github.com/golang/protobuf v1.4.2
github.com/gorilla/mux v1.8.0
github.com/rs/zerolog v1.20.0
github.com/technoweenie/multipartstreamer v1.0.1 // indirect
- google.golang.org/protobuf v1.23.0
)
diff --git a/hived.go b/hived.go
index 97e9548..76fcd84 100644
--- a/hived.go
+++ b/hived.go
@@ -5,6 +5,7 @@ import (
"context"
"crypto/hmac"
"crypto/sha512"
+ "crypto/tls"
"encoding/hex"
"encoding/json"
"errors"
@@ -601,11 +602,23 @@ func robotsHandler(w http.ResponseWriter, r *http.Request) {
func startServer(gracefulWait time.Duration) {
r := mux.NewRouter()
+ cfg := &tls.Config{
+ MinVersion: tls.VersionTLS13,
+ CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
+ PreferServerCipherSuites: true,
+ CipherSuites: []uint16{
+ tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+ tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+ },
+ }
srv := &http.Server{
Addr: "0.0.0.0:" + *flagPort,
WriteTimeout: time.Second * 15,
ReadTimeout: time.Second * 15,
Handler: r,
+ TLSConfig: cfg,
}
r.HandleFunc("/health", healthHandler)
r.HandleFunc("/price", priceHandler)
@@ -615,7 +628,7 @@ func startServer(gracefulWait time.Duration) {
r.HandleFunc("/robots.txt", robotsHandler)
go func() {
- if err := srv.ListenAndServe(); err != nil {
+ if err := srv.ListenAndServeTLS("/certs/fullchain.pem", "/certs/privkey.pem"); err != nil {
log.Fatal().Err(err)
}
}()
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-30 03:31:43 +0000