Laik/61 ssl (#69)

* Enable support for SSL, looks for /certs/privkey.pem and /certs/cert.pem * added instruction for SSL
csync · Mar 8, 2017 · 06d8c8f · 06d8c8f
1 parent 85c5677
commit 06d8c8f
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -132,6 +132,14 @@ The ACL for a key is set when the key is created by the first write performed to
 
   Need to handle workloads larger than what's possible with a single instance? [Check this out](https://github.com/csync/csync-server/wiki/Using-external-PostgreSQL-and-RabbitMQ-instances)
 
+## Enable SSL
+
+  To enable SSL mount your certificates onto `/certs` inside the container:
+
+  `docker run -v /your-cert-directory:/certs -d -p 6005:6005 ibmcom/csync`
+
+  We expect `your-cert-directory` to contain the `privkey.pem` and `cert.pem` files. We have used [certbot](https://certbot.eff.org/) to help with the process. 
+
 ## Dataviewer
 
 When running a local CSync instance, the dataviewer can be accessed on `localhost:6005`. Currently the dataviewer supports Google Authentication and Guest Login. For details on how to use the dataviewer, checkout the [README](https://github.com/csync/csync-server/blob/master/vertx/public/dataviewer/README.md). 

diff --git a/vertx/src/main/scala/com/ibm/csync/vertx/Main.scala b/vertx/src/main/scala/com/ibm/csync/vertx/Main.scala
@@ -17,6 +17,7 @@
 package com.ibm.csync.vertx
 
 import java.io.{File, FileInputStream}
+import java.nio.file.{Paths, Files}
 import javax.sql.DataSource
 
 import com.ibm.csync.commands.{Happy, Response}
@@ -29,6 +30,7 @@ import com.typesafe.scalalogging.LazyLogging
 import com.zaxxer.hikari.{HikariConfig, HikariDataSource}
 import io.vertx.core._
 import io.vertx.core.http._
+import io.vertx.core.net.PemKeyCertOptions
 import org.json4s.JValue
 import org.postgresql.ds.PGSimpleDataSource
 import com.ibm.bluemix.deploymenttracker.client.CFJavaTrackerClient
@@ -167,14 +169,19 @@ object Main extends LazyLogging {
       "vertx.logger-delegate-factory-class-name",
       classOf[io.vertx.core.logging.SLF4JLogDelegateFactory].getName
     )
-
     val vertx = Vertx.vertx()
     val ds = initPostgres
     val rabbitConnection = initRabbit
-
     val port = sys.env.getOrElse("CSYNC_PORT", "6005")
+    val serverOptions = if (Files.exists(Paths.get("/certs/privkey.pem")) && Files.exists(Paths.get("/certs/cert.pem"))) {
+      new HttpServerOptions()
+        .setPort(port.toInt)
+        .setSsl(true)
+        .setPemKeyCertOptions(new PemKeyCertOptions().setKeyPath("/certs/privkey.pem").setCertPath("/certs/cert.pem"))
+    } else {
+      new HttpServerOptions().setPort(port.toInt)
+    }
 
-    val serverOptions = new HttpServerOptions().setPort(port.toInt)
     val f: File = new File("public/package.json")
     if (f.exists()) {
       val is = new FileInputStream("public/package.json")