Allow disabling TLS behind a load balancer

Upgrade dependencies
2025-08-15 05:13:47 +02:00 · 2022-08-04 21:34:52 +02:00 · 2022-08-04 21:34:52 +02:00 · 0f329f8e55
commit 0f329f8e55
parent 48da75b96d
4 changed files with 44 additions and 38 deletions
--- a/2
+++ b/2
@ -48,7 +48,7 @@ install: build

 .PHONY: mod
 mod:
-	go mod tidy
+	go mod tidy -compat=1.17

 # ------------------------------------------------------------------------------
 #  test
--- a/cmd/rdpgw/config/configuration.go
+++ b/cmd/rdpgw/config/configuration.go
@ -16,6 +16,7 @@ type Configuration struct {
 type ServerConfig struct {
 	GatewayAddress       string
 	Port                 int
+	DisableTLS			 bool
 	CertFile             string
 	KeyFile              string
 	Hosts                []string
@ -70,6 +71,7 @@ func init() {
 	viper.SetDefault("client.networkAutoDetect", 1)
 	viper.SetDefault("client.bandwidthAutoDetect", 1)
 	viper.SetDefault("security.verifyClientIp", true)
+	viper.SetDefault("server.tlsDisabled",  false)
 }

 func Load(configFile string) Configuration {
--- a/cmd/rdpgw/main.go
+++ b/cmd/rdpgw/main.go
@ -81,31 +81,33 @@ func main() {
 	}
 	api.NewApi()

-	if conf.Server.CertFile == "" || conf.Server.KeyFile == "" {
-		log.Fatal("Both certfile and keyfile need to be specified")
-	}
-
-	//mux := http.NewServeMux()
-	//mux.HandleFunc("*", HelloServer)
-
 	log.Printf("Starting remote desktop gateway server")
-
 	cfg := &tls.Config{}
-	tlsDebug := os.Getenv("SSLKEYLOGFILE")
-	if tlsDebug != "" {
-		w, err := os.OpenFile(tlsDebug, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
-		if err != nil {
-			log.Fatalf("Cannot open key log file %s for writing %s", tlsDebug, err)
+
+	if conf.Server.DisableTLS {
+		log.Printf("TLS disabled - rdp gw connections require tls make sure to have a terminator")
+	} else {
+		if conf.Server.CertFile == "" || conf.Server.KeyFile == "" {
+			log.Fatal("Both certfile and keyfile need to be specified")
 		}
-		log.Printf("Key log file set to: %s", tlsDebug)
-		cfg.KeyLogWriter = w
+
+		tlsDebug := os.Getenv("SSLKEYLOGFILE")
+		if tlsDebug != "" {
+			w, err := os.OpenFile(tlsDebug, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+			if err != nil {
+				log.Fatalf("Cannot open key log file %s for writing %s", tlsDebug, err)
+			}
+			log.Printf("Key log file set to: %s", tlsDebug)
+			cfg.KeyLogWriter = w
+		}
+
+		cert, err := tls.LoadX509KeyPair(conf.Server.CertFile, conf.Server.KeyFile)
+		if err != nil {
+			log.Fatal(err)
+		}
+		cfg.Certificates = append(cfg.Certificates, cert)
 	}

-	cert, err := tls.LoadX509KeyPair(conf.Server.CertFile, conf.Server.KeyFile)
-	if err != nil {
-		log.Fatal(err)
-	}
-	cfg.Certificates = append(cfg.Certificates, cert)
 	server := http.Server{
 		Addr:      ":" + strconv.Itoa(conf.Server.Port),
 		TLSConfig: cfg,
--- a/go.mod
+++ b/go.mod
@ -3,44 +3,46 @@ module github.com/bolkedebruin/rdpgw
 go 1.17

 require (
-	github.com/coreos/go-oidc/v3 v3.1.0
+	github.com/coreos/go-oidc/v3 v3.2.0
 	github.com/go-jose/go-jose/v3 v3.0.0
 	github.com/gorilla/sessions v1.2.1
-	github.com/gorilla/websocket v1.4.2
+	github.com/gorilla/websocket v1.5.0
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/prometheus/client_golang v1.12.1
-	github.com/spf13/cobra v1.3.0
-	github.com/spf13/viper v1.10.1
-	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8
+	github.com/spf13/cobra v1.5.0
+	github.com/spf13/viper v1.12.0
+	golang.org/x/oauth2 v0.0.0-20220722155238-128564f6959c
 )

 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
-	github.com/fsnotify/fsnotify v1.5.1 // indirect
+	github.com/fsnotify/fsnotify v1.5.4 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/gorilla/securecookie v1.1.1 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
-	github.com/magiconair/properties v1.8.5 // indirect
+	github.com/magiconair/properties v1.8.6 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
-	github.com/mitchellh/mapstructure v1.4.3 // indirect
-	github.com/pelletier/go-toml v1.9.4 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/pelletier/go-toml v1.9.5 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.1 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.32.1 // indirect
 	github.com/prometheus/procfs v0.7.3 // indirect
-	github.com/spf13/afero v1.8.0 // indirect
-	github.com/spf13/cast v1.4.1 // indirect
+	github.com/spf13/afero v1.8.2 // indirect
+	github.com/spf13/cast v1.5.0 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/subosito/gotenv v1.2.0 // indirect
-	golang.org/x/crypto v0.0.0-20220128200615-198e4374d7ed // indirect
-	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
-	golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27 // indirect
+	github.com/subosito/gotenv v1.3.0 // indirect
+	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 // indirect
+	golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e // indirect
+	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
 	golang.org/x/text v0.3.7 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.27.1 // indirect
-	gopkg.in/ini.v1 v1.66.3 // indirect
+	google.golang.org/protobuf v1.28.0 // indirect
+	gopkg.in/ini.v1 v1.66.4 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.0 // indirect
 )