add tls support
This commit is contained in:
Sergey Krashevich
@@ -580,11 +580,19 @@ api:
|
|||||||
base_path: "/rtc" # default "", API prefix for serve on suburl (/api => /rtc/api)
|
base_path: "/rtc" # default "", API prefix for serve on suburl (/api => /rtc/api)
|
||||||
static_dir: "www" # default "", folder for static files (custom web interface)
|
static_dir: "www" # default "", folder for static files (custom web interface)
|
||||||
origin: "*" # default "", allow CORS requests (only * supported)
|
origin: "*" # default "", allow CORS requests (only * supported)
|
||||||
|
tls_listen: ":1985" # default "", HTTPS port
|
||||||
|
tls_cert: | # default "". PEM-encoded fullchain certificate for https
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
.....
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
tls_private_key: | # default "". PEM-encoded private key for https
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
.....
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
```
|
```
|
||||||
|
|
||||||
**PS:**
|
**PS:**
|
||||||
|
|
||||||
- go2rtc doesn't provide HTTPS. Use [Nginx](https://nginx.org/) or [Ngrok](#module-ngrok) or [Home Assistant Add-on](#go2rtc-home-assistant-add-on) for this tasks
|
|
||||||
- MJPEG over WebSocket plays better than native MJPEG because Chrome [bug](https://bugs.chromium.org/p/chromium/issues/detail?id=527446)
|
- MJPEG over WebSocket plays better than native MJPEG because Chrome [bug](https://bugs.chromium.org/p/chromium/issues/detail?id=527446)
|
||||||
- MP4 over WebSocket was created only for Apple iOS because it doesn't support MSE and native MP4
|
- MP4 over WebSocket was created only for Apple iOS because it doesn't support MSE and native MP4
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
package api
|
package api
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"github.com/AlexxIT/go2rtc/cmd/app"
|
"github.com/AlexxIT/go2rtc/cmd/app"
|
||||||
"github.com/rs/zerolog"
|
"github.com/rs/zerolog"
|
||||||
@@ -21,6 +22,9 @@ func Init() {
|
|||||||
BasePath string `yaml:"base_path"`
|
BasePath string `yaml:"base_path"`
|
||||||
StaticDir string `yaml:"static_dir"`
|
StaticDir string `yaml:"static_dir"`
|
||||||
Origin string `yaml:"origin"`
|
Origin string `yaml:"origin"`
|
||||||
|
TLSListen string `yaml:"tls_listen"`
|
||||||
|
TLSCert string `yaml:"tls_cert"`
|
||||||
|
TLSPrivateKey string `yaml:"tls_private_key"`
|
||||||
} `yaml:"api"`
|
} `yaml:"api"`
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -75,6 +79,37 @@ func Init() {
|
|||||||
log.Fatal().Err(err).Msg("[api] serve")
|
log.Fatal().Err(err).Msg("[api] serve")
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
|
||||||
|
// Initialize the HTTPS server
|
||||||
|
if cfg.Mod.TLSListen != "" {
|
||||||
|
tlsConfig := &tls.Config{}
|
||||||
|
if cfg.Mod.TLSCert != "" && cfg.Mod.TLSPrivateKey != "" {
|
||||||
|
tlsListener, err := net.Listen("tcp", cfg.Mod.TLSListen)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal().Err(err).Msg("[api] tls listen")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
log.Info().Str("addr", cfg.Mod.TLSListen).Msg("[api] tls listen")
|
||||||
|
|
||||||
|
cert, err := tls.X509KeyPair([]byte(cfg.Mod.TLSCert), []byte(cfg.Mod.TLSPrivateKey))
|
||||||
|
if err != nil {
|
||||||
|
print(cfg.Mod.TLSCert)
|
||||||
|
log.Fatal().Err(err).Msg("[api] tls load cert/key")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
tlsConfig.Certificates = []tls.Certificate{cert}
|
||||||
|
|
||||||
|
tlsServer := &http.Server{
|
||||||
|
Handler: Handler,
|
||||||
|
TLSConfig: tlsConfig,
|
||||||
|
}
|
||||||
|
go func() {
|
||||||
|
if err := tlsServer.ServeTLS(tlsListener, "", ""); err != nil {
|
||||||
|
log.Fatal().Err(err).Msg("[api] tls serve")
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var Handler http.Handler
|
var Handler http.Handler
|
||||||
|
|||||||
Reference in New Issue
Block a user