feat: web service support TLS

Author: zhufuyi

cmd/serverNameExample_grpcGwPbExample/initial/createService.go

@@ -18,13 +18,15 @@ func CreateServices() []app.IServer {
 	// case 1, create a http service without registry
 	httpServer := server.NewHTTPServer_pbExample(httpAddr,
 		server.WithHTTPIsProd(cfg.App.Env == "prod"),
+		server.WithHTTPTLS(cfg.HTTP.TLS),
 	)
 
 	// case 2, Create a http service and register it with consul or etcd or nacos
 	//httpRegistry, httpInstance := registerService("http", cfg.App.Host, cfg.HTTP.Port)
 	//httpServer := server.NewHTTPServer_pbExample(httpAddr,
 	//	server.WithHTTPRegistry(httpRegistry, httpInstance),
 	//	server.WithHTTPIsProd(cfg.App.Env == "prod"),
+	//	server.WithHTTPTLS(cfg.HTTP.TLS),
 	//)
 
 	servers = append(servers, httpServer)

cmd/serverNameExample_grpcHttpPbExample/initial/createService.go

@@ -19,6 +19,7 @@ func CreateServices() []app.IServer {
 	// case 1, create http and grpc services without registry
 	httpServer := server.NewHTTPServer(httpAddr,
 		server.WithHTTPIsProd(cfg.App.Env == "prod"),
+		server.WithHTTPTLS(cfg.HTTP.TLS),
 	)
 	grpcServer := server.NewGRPCServer(grpcAddr)
 
@@ -27,6 +28,7 @@ func CreateServices() []app.IServer {
 	//httpServer := server.NewHTTPServer(httpAddr,
 	//	server.WithHTTPRegistry(httpRegistry, httpInstance),
 	//	server.WithHTTPIsProd(cfg.App.Env == "prod"),
+	//	server.WithHTTPTLS(cfg.HTTP.TLS),
 	//)
 	//grpcRegistry, grpcInstance := registerService("grpc", cfg.App.Host, cfg.Grpc.Port)
 	//grpcServer := server.NewGRPCServer(grpcAddr,

cmd/serverNameExample_httpExample/initial/createService.go

@@ -18,6 +18,7 @@ func CreateServices() []app.IServer {
 	httpAddr := ":" + strconv.Itoa(cfg.HTTP.Port)
 	httpServer := server.NewHTTPServer(httpAddr,
 		server.WithHTTPIsProd(cfg.App.Env == "prod"),
+		server.WithHTTPTLS(cfg.HTTP.TLS),
 	)
 	servers = append(servers, httpServer)
 

cmd/serverNameExample_httpPbExample/initial/createService.go

@@ -18,6 +18,7 @@ func CreateServices() []app.IServer {
 	httpAddr := ":" + strconv.Itoa(cfg.HTTP.Port)
 	httpServer := server.NewHTTPServer_pbExample(httpAddr,
 		server.WithHTTPIsProd(cfg.App.Env == "prod"),
+		server.WithHTTPTLS(cfg.HTTP.TLS),
 	)
 	servers = append(servers, httpServer)
 

cmd/serverNameExample_mixExample/initial/createService.go

@@ -26,6 +26,7 @@ func CreateServices() []app.IServer {
 	httpServer := server.NewHTTPServer(httpAddr,
 		server.WithHTTPRegistry(httpRegistry, httpInstance),
 		server.WithHTTPIsProd(cfg.App.Env == "prod"),
+		server.WithHTTPTLS(cfg.HTTP.TLS),
 	)
 	servers = append(servers, httpServer)
 

cmd/sponge/commands/generate/rpc-gw-pb.go

@@ -212,10 +212,6 @@ func (g *rpcGwPbGenerator) addFields(r replacer.Replacer) []replacer.Field {
 			Old: appConfigFileMark2,
 			New: getDBConfigCode(""), // no db config
 		},
-		{ // replace the configuration of the *.yml file
-			Old: appConfigFileMark,
-			New: "",
-		},
 		//{ // replace the contents of the model/init.go file
 		//	Old: modelInitDBFileMark,
 		//	New: getInitDBCode(DBDriverMysql), // default is mysql

cmd/sponge/commands/generate/template.go

@@ -370,7 +370,17 @@ func NewCenter(configFile string) (*Center, error) {
 	httpServerConfigCode = `# http server settings
 http:
   port: 8080                # listen port
-  timeout: 0                # request timeout, unit(second), if 0 means not set, if greater than 0 means set timeout, if enableHTTPProfile is true, it needs to set 0 or greater than 60s`
+  timeout: 0                 # request timeout, unit(second), if 0 means not set, if greater than 0 means set timeout, if enableHTTPProfile is true, it needs to set 0 or greater than 60s
+  tls:
+    # TLS mode options:
+    #   self-signed  - Use localhost self-signed certificate
+    #   encrypt      - Use Let's Encrypt (requires domain & email)
+    #   external     - Use external certificates (requires certFile & keyFile)
+    enableMode: ""
+    domain: ""        # Required if enableMode = encrypt
+    email: ""         # Required if enableMode = encrypt
+    certFile: ""      # Required if enableMode = external, absolute path of cert file
+    keyFile: ""       # Required if enableMode = external, absolute path of key file`
 
 	rpcServerConfigCode = `# grpc server settings
 grpc:
@@ -414,6 +424,16 @@ grpcClient:
 http:
   port: 8080                # listen port
   timeout: 0                 # request timeout, unit(second), if 0 means not set, if greater than 0 means set timeout, if enableHTTPProfile is true, it needs to set 0 or greater than 60s
+  tls:
+    # TLS mode options:
+    #   self-signed  - Use localhost self-signed certificate
+    #   encrypt      - Use Let's Encrypt (requires domain & email)
+    #   external     - Use external certificates (requires certFile & keyFile)
+    enableMode: ""
+    domain: ""        # Required if enableMode = encrypt
+    email: ""         # Required if enableMode = encrypt
+    certFile: ""      # Required if enableMode = external, absolute path of cert file
+    keyFile: ""       # Required if enableMode = external, absolute path of key file
 
 
 # grpc client-side settings, support for setting up multiple grpc clients.
@@ -441,7 +461,17 @@ grpcClient:
 	grpcAndHTTPServerConfigCode = `# http server settings
 http:
   port: 8080                # listen port
-  timeout: 0                # request timeout, unit(second), if 0 means not set, if greater than 0 means set timeout, if enableHTTPProfile is true, it needs to set 0 or greater than 60s
+  timeout: 0                 # request timeout, unit(second), if 0 means not set, if greater than 0 means set timeout, if enableHTTPProfile is true, it needs to set 0 or greater than 60s
+  tls:
+    # TLS mode options:
+    #   self-signed  - Use localhost self-signed certificate
+    #   encrypt      - Use Let's Encrypt (requires domain & email)
+    #   external     - Use external certificates (requires certFile & keyFile)
+    enableMode: ""
+    domain: ""        # Required if enableMode = encrypt
+    email: ""         # Required if enableMode = encrypt
+    certFile: ""      # Required if enableMode = external, absolute path of cert file
+    keyFile: ""       # Required if enableMode = external, absolute path of key file
 
 
 # grpc server settings

configs/serverNameExample.yml

@@ -23,7 +23,16 @@ app:
 http:
   port: 8080                # listen port
   timeout: 0                 # request timeout, unit(second), if 0 means not set, if greater than 0 means set timeout, if enableHTTPProfile is true, it needs to set 0 or greater than 60s
-
+  tls:
+    # TLS mode options:
+    #   self-signed  - Use localhost self-signed certificate
+    #   encrypt      - Use Let's Encrypt (requires domain & email)
+    #   external     - Use external certificates (requires certFile & keyFile)
+    enableMode: ""
+    domain: ""        # Required if enableMode = encrypt
+    email: ""         # Required if enableMode = encrypt
+    certFile: ""      # Required if enableMode = external, absolute path of cert file
+    keyFile: ""       # Required if enableMode = external, absolute path of key file
 
 # grpc server settings
 grpc:

internal/config/serverNameExample.go

@@ -9,16 +9,18 @@ import (
 	"github.com/gin-gonic/gin"
 
 	"github.com/go-dev-frame/sponge/pkg/app"
+	"github.com/go-dev-frame/sponge/pkg/httpsrv"
 	"github.com/go-dev-frame/sponge/pkg/servicerd/registry"
 
+	"github.com/go-dev-frame/sponge/internal/config"
 	"github.com/go-dev-frame/sponge/internal/routers"
 )
 
 var _ app.IServer = (*httpServer)(nil)
 
 type httpServer struct {
 	addr   string
-	server *http.Server
+	server *httpsrv.Server
 
 	instance  *registry.ServiceInstance
 	iRegistry registry.Registry
@@ -33,8 +35,8 @@ func (s *httpServer) Start() error {
 		}
 	}
 
-	if err := s.server.ListenAndServe(); err != nil && err != http.ErrServerClosed {
-		return fmt.Errorf("listen server error: %v", err)
+	if err := s.server.Run(); err != nil {
+		return fmt.Errorf("run %s service error: %v", s.server.Scheme(), err)
 	}
 	return nil
 }
@@ -56,7 +58,29 @@ func (s *httpServer) Stop() error {
 
 // String comment
 func (s *httpServer) String() string {
-	return "http service address " + s.addr
+	return s.server.Scheme() + " service address is " + s.addr
+}
+
+func newServer(server *http.Server, tls config.TLS) *httpsrv.Server {
+	var c *httpsrv.Server
+	switch httpsrv.Mode(tls.EnableMode) {
+	case httpsrv.ModeTLSSelfSigned:
+		c = httpsrv.New(server, httpsrv.NewTLSSelfSignedConfig())
+	case httpsrv.ModeTLSEncrypt:
+		c = httpsrv.New(server,
+			httpsrv.NewTLSEAutoEncryptConfig(
+				tls.Domain,
+				tls.Email,
+				// enable http redirect to https, port 80 to 443, default is false
+				//httpsrv.WithTLSEncryptEnableRedirect(),
+			),
+		)
+	case httpsrv.ModeTLSExternal:
+		c = httpsrv.New(server, httpsrv.NewTLSExternalConfig(tls.CertFile, tls.KeyFile))
+	default:
+		c = httpsrv.New(server) // default is http, no tls
+	}
+	return c
 }
 
 // NewHTTPServer creates a new http server
@@ -82,7 +106,7 @@ func NewHTTPServer(addr string, opts ...HTTPOption) app.IServer {
 
 	return &httpServer{
 		addr:      addr,
-		server:    server,
+		server:    newServer(server, o.tls),
 		iRegistry: o.iRegistry,
 		instance:  o.instance,
 	}
@@ -113,7 +137,7 @@ func NewHTTPServer_pbExample(addr string, opts ...HTTPOption) app.IServer { //no
 
 	return &httpServer{
 		addr:      addr,
-		server:    server,
+		server:    newServer(server, o.tls),
 		iRegistry: o.iRegistry,
 		instance:  o.instance,
 	}