optional https port for s3 (#4482)

Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co>
2 years ago · 4dd890d4a2
2 changed files with 29 additions and 7 deletions
--- a/weed/command/filer.go
+++ b/weed/command/filer.go
@ -95,6 +95,7 @@ func init() {
 	// start s3 on filer
 	filerStartS3 = cmdFiler.Flag.Bool("s3", false, "whether to start S3 gateway")
 	filerS3Options.port = cmdFiler.Flag.Int("s3.port", 8333, "s3 server http listen port")
+	filerS3Options.portHttps = cmdFiler.Flag.Int("s3.port.https", 0, "s3 server https listen port")
 	filerS3Options.portGrpc = cmdFiler.Flag.Int("s3.port.grpc", 0, "s3 server grpc listen port")
 	filerS3Options.domainName = cmdFiler.Flag.String("s3.domainName", "", "suffix of the host name in comma separated list, {bucket}.{domainName}")
 	filerS3Options.dataCenter = cmdFiler.Flag.String("s3.dataCenter", "", "prefer to read and write to volumes in this data center")
--- a/weed/command/s3.go
+++ b/weed/command/s3.go
@ -32,6 +32,7 @@ type S3Options struct {
 	filer                     *string
 	bindIp                    *string
 	port                      *int
+	portHttps                 *int
 	portGrpc                  *int
 	config                    *string
 	domainName                *string
@ -51,6 +52,7 @@ func init() {
 	s3StandaloneOptions.filer = cmdS3.Flag.String("filer", "localhost:8888", "filer server address")
 	s3StandaloneOptions.bindIp = cmdS3.Flag.String("ip.bind", "", "ip address to bind to. Default to localhost.")
 	s3StandaloneOptions.port = cmdS3.Flag.Int("port", 8333, "s3 server http listen port")
+	s3StandaloneOptions.portHttps = cmdS3.Flag.Int("port.https", 0, "s3 server https listen port")
 	s3StandaloneOptions.portGrpc = cmdS3.Flag.Int("port.grpc", 0, "s3 server grpc listen port")
 	s3StandaloneOptions.domainName = cmdS3.Flag.String("domainName", "", "suffix of the host name in comma separated list, {bucket}.{domainName}")
 	s3StandaloneOptions.dataCenter = cmdS3.Flag.String("dataCenter", "", "prefer to read and write to volumes in this data center")
@ -264,6 +266,7 @@ func (s3opt *S3Options) startS3Server() bool {
 			glog.Fatalf("pemfile.NewProvider(%v) failed: %v", pemfileOptions, err)
 		}
 		httpS.TLSConfig = &tls.Config{GetCertificate: s3opt.GetCertificateWithUpdate}
+		if *s3opt.portHttps == 0 {
 			glog.V(0).Infof("Start Seaweed S3 API Server %s at https port %d", util.Version(), *s3opt.port)
 			if s3ApiLocalListener != nil {
 				go func() {
@ -276,6 +279,24 @@ func (s3opt *S3Options) startS3Server() bool {
 				glog.Fatalf("S3 API Server Fail to serve: %v", err)
 			}
 		} else {
+			glog.V(0).Infof("Start Seaweed S3 API Server %s at https port %d", util.Version(), *s3opt.portHttps)
+			s3ApiListenerHttps, s3ApiLocalListenerHttps, _ := util.NewIpAndLocalListeners(
+				*s3opt.bindIp, *s3opt.portHttps, time.Duration(10)*time.Second)
+			if s3ApiLocalListenerHttps != nil {
+				go func() {
+					if err = httpS.ServeTLS(s3ApiLocalListenerHttps, "", ""); err != nil {
+						glog.Fatalf("S3 API Server Fail to serve: %v", err)
+					}
+				}()
+			}
+			go func() {
+				if err = httpS.ServeTLS(s3ApiListenerHttps, "", ""); err != nil {
+					glog.Fatalf("S3 API Server Fail to serve: %v", err)
+				}
+			}()
+		}
+	}
+	if *s3opt.tlsPrivateKey == "" || *s3opt.portHttps > 0 {
 		glog.V(0).Infof("Start Seaweed S3 API Server %s at http port %d", util.Version(), *s3opt.port)
 		if s3ApiLocalListener != nil {
 			go func() {