diff options
author | Nick Thomas <nick@gitlab.com> | 2019-05-28 12:46:50 +0300 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2019-05-28 12:46:50 +0300 |
commit | 80fa0bb4e200a6b3b9194766dd209de28d1cf08a (patch) | |
tree | c559fced12a012af3f680512e3869b2e4454176c /main.go | |
parent | ef7fff4fa64c9cb3ca57faef3f26fa59f4f51ecb (diff) | |
parent | 1050f11598642b017486fc655561399d3766efb5 (diff) |
Merge branch '187-tls-version' into 'master'
Provide ability to disable old TLS versions
Closes #187
See merge request gitlab-org/gitlab-pages!146
Diffstat (limited to 'main.go')
-rw-r--r-- | main.go | 15 |
1 files changed, 13 insertions, 2 deletions
@@ -10,6 +10,8 @@ import ( "github.com/namsral/flag" log "github.com/sirupsen/logrus" + + "gitlab.com/gitlab-org/gitlab-pages/internal/tlsconfig" ) // VERSION stores the information about the semantic version of application @@ -52,6 +54,8 @@ var ( redirectURI = flag.String("auth-redirect-uri", "", "GitLab application redirect URI") maxConns = flag.Uint("max-conns", 5000, "Limit on the number of concurrent connections to the HTTP, HTTPS or proxy listeners") insecureCiphers = flag.Bool("insecure-ciphers", false, "Use default list of cipher suites, may contain insecure ones like 3DES and RC4") + tlsMinVersion = flag.String("tls-min-version", "tls1.2", tlsconfig.FlagUsage("min")) + tlsMaxVersion = flag.String("tls-max-version", "", tlsconfig.FlagUsage("max")) disableCrossOriginRequests = flag.Bool("disable-cross-origin-requests", false, "Disable cross-origin requests") @@ -84,6 +88,9 @@ func configFromFlags() appConfig { config.LogVerbose = *logVerbose config.MaxConns = int(*maxConns) config.InsecureCiphers = *insecureCiphers + // tlsMinVersion and tlsMaxVersion are validated in appMain + config.TLSMinVersion = tlsconfig.AllTLSVersions[*tlsMinVersion] + config.TLSMaxVersion = tlsconfig.AllTLSVersions[*tlsMaxVersion] for _, file := range []struct { contents *[]byte @@ -164,6 +171,9 @@ func appMain() { flag.String(flag.DefaultConfigFlagname, "", "path to config file") flag.Parse() + if err := tlsconfig.ValidateTLSVersions(*tlsMinVersion, *tlsMaxVersion); err != nil { + fatal(err) + } printVersion(*showVersion, VERSION) @@ -175,8 +185,7 @@ func appMain() { }).Print("GitLab Pages Daemon") log.Printf("URL: https://gitlab.com/gitlab-org/gitlab-pages") - err := os.Chdir(*pagesRoot) - if err != nil { + if err := os.Chdir(*pagesRoot); err != nil { fatal(err) } @@ -209,6 +218,8 @@ func appMain() { "root-cert": *pagesRootKey, "root-key": *pagesRootCert, "status_path": config.StatusPath, + "tls-min-version": *tlsMinVersion, + "tls-max-version": *tlsMaxVersion, "use-http-2": config.HTTP2, "auth-secret": config.StoreSecret, "auth-server": config.GitLabServer, |