root
/
minio
mirror of https://github.com/minio/minio.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity
minio/cmd/certs.go

116 lines
2.9 KiB
Go
Raw Normal View History

config/main: Re-write config files - add to new config v3 - New config format. ``` { "version": "3", "address": ":9000", "backend": { "type": "fs", "disk": "/path" }, "credential": { "accessKey": "WLGDGYAQYIGI833EV05A", "secretKey": "BYvgJM101sHngl2uzjXS/OBF/aMxAN06JrJ3qJlF" }, "region": "us-east-1", "logger": { "file": { "enable": false, "fileName": "", "level": "error" }, "syslog": { "enable": false, "address": "", "level": "debug" }, "console": { "enable": true, "level": "fatal" } } } ``` New command lines in lieu of supporting XL. Minio initialize filesystem backend. ~~~ $ minio init fs <path> ~~~ Minio initialize XL backend. ~~~ $ minio init xl <url1>...<url16> ~~~ For 'fs' backend it starts the server. ~~~ $ minio server ~~~ For 'xl' backend it waits for servers to join. ~~~ $ minio server ... [PROGRESS BAR] of servers connecting ~~~ Now on other servers execute 'join' and they connect. ~~~ .... minio join <url1> -- from <url2> && minio server minio join <url1> -- from <url3> && minio server ... ... minio join <url1> -- from <url16> && minio server ~~~
2016-02-13 07:27:10 +08:00
/*
Make unit testable cert parsing functions. (#3863)
2017-03-09 11:20:01 +08:00
* Minio Cloud Storage, (C) 2015, 2016, 2017 Minio, Inc.
config/main: Re-write config files - add to new config v3 - New config format. ``` { "version": "3", "address": ":9000", "backend": { "type": "fs", "disk": "/path" }, "credential": { "accessKey": "WLGDGYAQYIGI833EV05A", "secretKey": "BYvgJM101sHngl2uzjXS/OBF/aMxAN06JrJ3qJlF" }, "region": "us-east-1", "logger": { "file": { "enable": false, "fileName": "", "level": "error" }, "syslog": { "enable": false, "address": "", "level": "debug" }, "console": { "enable": true, "level": "fatal" } } } ``` New command lines in lieu of supporting XL. Minio initialize filesystem backend. ~~~ $ minio init fs <path> ~~~ Minio initialize XL backend. ~~~ $ minio init xl <url1>...<url16> ~~~ For 'fs' backend it starts the server. ~~~ $ minio server ~~~ For 'xl' backend it waits for servers to join. ~~~ $ minio server ... [PROGRESS BAR] of servers connecting ~~~ Now on other servers execute 'join' and they connect. ~~~ .... minio join <url1> -- from <url2> && minio server minio join <url1> -- from <url3> && minio server ... ... minio join <url1> -- from <url16> && minio server ~~~
2016-02-13 07:27:10 +08:00
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
server: Move all the top level files into cmd folder. (#2490) This change brings a change which was done for the 'mc' package to allow for clean repo and have a cleaner github drop in experience.
2016-08-19 07:23:42 +08:00
package cmd
config/main: Re-write config files - add to new config v3 - New config format. ``` { "version": "3", "address": ":9000", "backend": { "type": "fs", "disk": "/path" }, "credential": { "accessKey": "WLGDGYAQYIGI833EV05A", "secretKey": "BYvgJM101sHngl2uzjXS/OBF/aMxAN06JrJ3qJlF" }, "region": "us-east-1", "logger": { "file": { "enable": false, "fileName": "", "level": "error" }, "syslog": { "enable": false, "address": "", "level": "debug" }, "console": { "enable": true, "level": "fatal" } } } ``` New command lines in lieu of supporting XL. Minio initialize filesystem backend. ~~~ $ minio init fs <path> ~~~ Minio initialize XL backend. ~~~ $ minio init xl <url1>...<url16> ~~~ For 'fs' backend it starts the server. ~~~ $ minio server ~~~ For 'xl' backend it waits for servers to join. ~~~ $ minio server ... [PROGRESS BAR] of servers connecting ~~~ Now on other servers execute 'join' and they connect. ~~~ .... minio join <url1> -- from <url2> && minio server minio join <url1> -- from <url3> && minio server ... ... minio join <url1> -- from <url16> && minio server ~~~
2016-02-13 07:27:10 +08:00
import (
Refactor HTTP server to address bugs (#4636) * Refactor HTTP server to address bugs * Remove unnecessary goroutine to start multiple TCP listeners. * HTTP server waits for shutdown to maximum of Server.ShutdownTimeout than per serverShutdownPoll. * Handles new connection errors properly. * Handles read and write timeout properly. * Handles error on start of HTTP server properly by exiting minio process. Fixes #4494 #4476 & fixed review comments
2017-07-13 07:33:21 +08:00
"crypto/tls"
Display SSL expiry warnings (#2925)
2016-10-14 19:48:08 +08:00
"crypto/x509"
"encoding/pem"
Make unit testable cert parsing functions. (#3863)
2017-03-09 11:20:01 +08:00
"fmt"
Display SSL expiry warnings (#2925)
2016-10-14 19:48:08 +08:00
"io/ioutil"
config/main: Re-write config files - add to new config v3 - New config format. ``` { "version": "3", "address": ":9000", "backend": { "type": "fs", "disk": "/path" }, "credential": { "accessKey": "WLGDGYAQYIGI833EV05A", "secretKey": "BYvgJM101sHngl2uzjXS/OBF/aMxAN06JrJ3qJlF" }, "region": "us-east-1", "logger": { "file": { "enable": false, "fileName": "", "level": "error" }, "syslog": { "enable": false, "address": "", "level": "debug" }, "console": { "enable": true, "level": "fatal" } } } ``` New command lines in lieu of supporting XL. Minio initialize filesystem backend. ~~~ $ minio init fs <path> ~~~ Minio initialize XL backend. ~~~ $ minio init xl <url1>...<url16> ~~~ For 'fs' backend it starts the server. ~~~ $ minio server ~~~ For 'xl' backend it waits for servers to join. ~~~ $ minio server ... [PROGRESS BAR] of servers connecting ~~~ Now on other servers execute 'join' and they connect. ~~~ .... minio join <url1> -- from <url2> && minio server minio join <url1> -- from <url3> && minio server ... ... minio join <url1> -- from <url16> && minio server ~~~
2016-02-13 07:27:10 +08:00
"path/filepath"
)
Refactor HTTP server to address bugs (#4636) * Refactor HTTP server to address bugs * Remove unnecessary goroutine to start multiple TCP listeners. * HTTP server waits for shutdown to maximum of Server.ShutdownTimeout than per serverShutdownPoll. * Handles new connection errors properly. * Handles read and write timeout properly. * Handles error on start of HTTP server properly by exiting minio process. Fixes #4494 #4476 & fixed review comments
2017-07-13 07:33:21 +08:00
func parsePublicCertFile(certFile string) (x509Certs []*x509.Certificate, err error) {
// Read certificate file.
var data []byte
if data, err = ioutil.ReadFile(certFile); err != nil {
return nil, err
Make unit testable cert parsing functions. (#3863)
2017-03-09 11:20:01 +08:00
}
config/main: Re-write config files - add to new config v3 - New config format. ``` { "version": "3", "address": ":9000", "backend": { "type": "fs", "disk": "/path" }, "credential": { "accessKey": "WLGDGYAQYIGI833EV05A", "secretKey": "BYvgJM101sHngl2uzjXS/OBF/aMxAN06JrJ3qJlF" }, "region": "us-east-1", "logger": { "file": { "enable": false, "fileName": "", "level": "error" }, "syslog": { "enable": false, "address": "", "level": "debug" }, "console": { "enable": true, "level": "fatal" } } } ``` New command lines in lieu of supporting XL. Minio initialize filesystem backend. ~~~ $ minio init fs <path> ~~~ Minio initialize XL backend. ~~~ $ minio init xl <url1>...<url16> ~~~ For 'fs' backend it starts the server. ~~~ $ minio server ~~~ For 'xl' backend it waits for servers to join. ~~~ $ minio server ... [PROGRESS BAR] of servers connecting ~~~ Now on other servers execute 'join' and they connect. ~~~ .... minio join <url1> -- from <url2> && minio server minio join <url1> -- from <url3> && minio server ... ... minio join <url1> -- from <url16> && minio server ~~~
2016-02-13 07:27:10 +08:00
Make unit testable cert parsing functions. (#3863)
2017-03-09 11:20:01 +08:00
// Parse all certs in the chain.
Refactor HTTP server to address bugs (#4636) * Refactor HTTP server to address bugs * Remove unnecessary goroutine to start multiple TCP listeners. * HTTP server waits for shutdown to maximum of Server.ShutdownTimeout than per serverShutdownPoll. * Handles new connection errors properly. * Handles read and write timeout properly. * Handles error on start of HTTP server properly by exiting minio process. Fixes #4494 #4476 & fixed review comments
2017-07-13 07:33:21 +08:00
current := data
Make unit testable cert parsing functions. (#3863)
2017-03-09 11:20:01 +08:00
for len(current) > 0 {
Refactor HTTP server to address bugs (#4636) * Refactor HTTP server to address bugs * Remove unnecessary goroutine to start multiple TCP listeners. * HTTP server waits for shutdown to maximum of Server.ShutdownTimeout than per serverShutdownPoll. * Handles new connection errors properly. * Handles read and write timeout properly. * Handles error on start of HTTP server properly by exiting minio process. Fixes #4494 #4476 & fixed review comments
2017-07-13 07:33:21 +08:00
var pemBlock *pem.Block
if pemBlock, current = pem.Decode(current); pemBlock == nil {
return nil, fmt.Errorf("Could not read PEM block from file %s", certFile)
Make unit testable cert parsing functions. (#3863)
2017-03-09 11:20:01 +08:00
}
config/main: Re-write config files - add to new config v3 - New config format. ``` { "version": "3", "address": ":9000", "backend": { "type": "fs", "disk": "/path" }, "credential": { "accessKey": "WLGDGYAQYIGI833EV05A", "secretKey": "BYvgJM101sHngl2uzjXS/OBF/aMxAN06JrJ3qJlF" }, "region": "us-east-1", "logger": { "file": { "enable": false, "fileName": "", "level": "error" }, "syslog": { "enable": false, "address": "", "level": "debug" }, "console": { "enable": true, "level": "fatal" } } } ``` New command lines in lieu of supporting XL. Minio initialize filesystem backend. ~~~ $ minio init fs <path> ~~~ Minio initialize XL backend. ~~~ $ minio init xl <url1>...<url16> ~~~ For 'fs' backend it starts the server. ~~~ $ minio server ~~~ For 'xl' backend it waits for servers to join. ~~~ $ minio server ... [PROGRESS BAR] of servers connecting ~~~ Now on other servers execute 'join' and they connect. ~~~ .... minio join <url1> -- from <url2> && minio server minio join <url1> -- from <url3> && minio server ... ... minio join <url1> -- from <url16> && minio server ~~~
2016-02-13 07:27:10 +08:00
Refactor HTTP server to address bugs (#4636) * Refactor HTTP server to address bugs * Remove unnecessary goroutine to start multiple TCP listeners. * HTTP server waits for shutdown to maximum of Server.ShutdownTimeout than per serverShutdownPoll. * Handles new connection errors properly. * Handles read and write timeout properly. * Handles error on start of HTTP server properly by exiting minio process. Fixes #4494 #4476 & fixed review comments
2017-07-13 07:33:21 +08:00
var x509Cert *x509.Certificate
if x509Cert, err = x509.ParseCertificate(pemBlock.Bytes); err != nil {
return nil, err
Remove globalQuiet and globalConfigDir global variables (#3830)
2017-03-03 06:21:30 +08:00
}
Add support of user self signed certificates Additionally add documentation about how to configure TLS with Minio
2016-11-11 23:18:44 +08:00
Refactor HTTP server to address bugs (#4636) * Refactor HTTP server to address bugs * Remove unnecessary goroutine to start multiple TCP listeners. * HTTP server waits for shutdown to maximum of Server.ShutdownTimeout than per serverShutdownPoll. * Handles new connection errors properly. * Handles read and write timeout properly. * Handles error on start of HTTP server properly by exiting minio process. Fixes #4494 #4476 & fixed review comments
2017-07-13 07:33:21 +08:00
x509Certs = append(x509Certs, x509Cert)
Add support of user self signed certificates Additionally add documentation about how to configure TLS with Minio
2016-11-11 23:18:44 +08:00
}
Remove globalQuiet and globalConfigDir global variables (#3830)
2017-03-03 06:21:30 +08:00
Refactor HTTP server to address bugs (#4636) * Refactor HTTP server to address bugs * Remove unnecessary goroutine to start multiple TCP listeners. * HTTP server waits for shutdown to maximum of Server.ShutdownTimeout than per serverShutdownPoll. * Handles new connection errors properly. * Handles read and write timeout properly. * Handles error on start of HTTP server properly by exiting minio process. Fixes #4494 #4476 & fixed review comments
2017-07-13 07:33:21 +08:00
if len(x509Certs) == 0 {
return nil, fmt.Errorf("Empty public certificate file %s", certFile)
Make unit testable cert parsing functions. (#3863)
2017-03-09 11:20:01 +08:00
}
config/main: Re-write config files - add to new config v3 - New config format. ``` { "version": "3", "address": ":9000", "backend": { "type": "fs", "disk": "/path" }, "credential": { "accessKey": "WLGDGYAQYIGI833EV05A", "secretKey": "BYvgJM101sHngl2uzjXS/OBF/aMxAN06JrJ3qJlF" }, "region": "us-east-1", "logger": { "file": { "enable": false, "fileName": "", "level": "error" }, "syslog": { "enable": false, "address": "", "level": "debug" }, "console": { "enable": true, "level": "fatal" } } } ``` New command lines in lieu of supporting XL. Minio initialize filesystem backend. ~~~ $ minio init fs <path> ~~~ Minio initialize XL backend. ~~~ $ minio init xl <url1>...<url16> ~~~ For 'fs' backend it starts the server. ~~~ $ minio server ~~~ For 'xl' backend it waits for servers to join. ~~~ $ minio server ... [PROGRESS BAR] of servers connecting ~~~ Now on other servers execute 'join' and they connect. ~~~ .... minio join <url1> -- from <url2> && minio server minio join <url1> -- from <url3> && minio server ... ... minio join <url1> -- from <url16> && minio server ~~~
2016-02-13 07:27:10 +08:00
Refactor HTTP server to address bugs (#4636) * Refactor HTTP server to address bugs * Remove unnecessary goroutine to start multiple TCP listeners. * HTTP server waits for shutdown to maximum of Server.ShutdownTimeout than per serverShutdownPoll. * Handles new connection errors properly. * Handles read and write timeout properly. * Handles error on start of HTTP server properly by exiting minio process. Fixes #4494 #4476 & fixed review comments
2017-07-13 07:33:21 +08:00
return x509Certs, nil
config/main: Re-write config files - add to new config v3 - New config format. ``` { "version": "3", "address": ":9000", "backend": { "type": "fs", "disk": "/path" }, "credential": { "accessKey": "WLGDGYAQYIGI833EV05A", "secretKey": "BYvgJM101sHngl2uzjXS/OBF/aMxAN06JrJ3qJlF" }, "region": "us-east-1", "logger": { "file": { "enable": false, "fileName": "", "level": "error" }, "syslog": { "enable": false, "address": "", "level": "debug" }, "console": { "enable": true, "level": "fatal" } } } ``` New command lines in lieu of supporting XL. Minio initialize filesystem backend. ~~~ $ minio init fs <path> ~~~ Minio initialize XL backend. ~~~ $ minio init xl <url1>...<url16> ~~~ For 'fs' backend it starts the server. ~~~ $ minio server ~~~ For 'xl' backend it waits for servers to join. ~~~ $ minio server ... [PROGRESS BAR] of servers connecting ~~~ Now on other servers execute 'join' and they connect. ~~~ .... minio join <url1> -- from <url2> && minio server minio join <url1> -- from <url3> && minio server ... ... minio join <url1> -- from <url16> && minio server ~~~
2016-02-13 07:27:10 +08:00
}
Make unit testable cert parsing functions. (#3863)
2017-03-09 11:20:01 +08:00
func getRootCAs(certsCAsDir string) (*x509.CertPool, error) {
// Get all CA file names.
var caFiles []string
fis, err := ioutil.ReadDir(certsCAsDir)
Remove errors package, add comments and simplify. (#2925)
2016-10-15 02:15:59 +08:00
if err != nil {
return nil, err
Display SSL expiry warnings (#2925)
2016-10-14 19:48:08 +08:00
}
Make unit testable cert parsing functions. (#3863)
2017-03-09 11:20:01 +08:00
for _, fi := range fis {
caFiles = append(caFiles, filepath.Join(certsCAsDir, fi.Name()))
}
Display SSL expiry warnings (#2925)
2016-10-14 19:48:08 +08:00
Make unit testable cert parsing functions. (#3863)
2017-03-09 11:20:01 +08:00
if len(caFiles) == 0 {
return nil, nil
}
Display SSL expiry warnings (#2925)
2016-10-14 19:48:08 +08:00
Make unit testable cert parsing functions. (#3863)
2017-03-09 11:20:01 +08:00
rootCAs, err := x509.SystemCertPool()
if err != nil {
// In some systems like Windows, system cert pool is not supported.
// Hence we create a new cert pool.
rootCAs = x509.NewCertPool()
}
Display SSL expiry warnings (#2925)
2016-10-14 19:48:08 +08:00
Make unit testable cert parsing functions. (#3863)
2017-03-09 11:20:01 +08:00
// Load custom root CAs for client requests
for _, caFile := range caFiles {
caCert, err := ioutil.ReadFile(caFile)
Display SSL expiry warnings (#2925)
2016-10-14 19:48:08 +08:00
if err != nil {
Refactor HTTP server to address bugs (#4636) * Refactor HTTP server to address bugs * Remove unnecessary goroutine to start multiple TCP listeners. * HTTP server waits for shutdown to maximum of Server.ShutdownTimeout than per serverShutdownPoll. * Handles new connection errors properly. * Handles read and write timeout properly. * Handles error on start of HTTP server properly by exiting minio process. Fixes #4494 #4476 & fixed review comments
2017-07-13 07:33:21 +08:00
return nil, err
Display SSL expiry warnings (#2925)
2016-10-14 19:48:08 +08:00
}
Make unit testable cert parsing functions. (#3863)
2017-03-09 11:20:01 +08:00
rootCAs.AppendCertsFromPEM(caCert)
Display SSL expiry warnings (#2925)
2016-10-14 19:48:08 +08:00
}
Make unit testable cert parsing functions. (#3863)
2017-03-09 11:20:01 +08:00
return rootCAs, nil
Display SSL expiry warnings (#2925)
2016-10-14 19:48:08 +08:00
}
event: Enhance event message struct to provide origin server. (#3557) `principalId` i.e user identity is kept as AccessKey in accordance with S3 spec. Additionally responseElements{} are added starting with `x-amz-request-id` is a hexadecimal of the event time itself in nanosecs. `x-minio-origin-server` - points to the server generating the event. Fixes #3556
2017-01-11 08:43:48 +08:00
Refactor HTTP server to address bugs (#4636) * Refactor HTTP server to address bugs * Remove unnecessary goroutine to start multiple TCP listeners. * HTTP server waits for shutdown to maximum of Server.ShutdownTimeout than per serverShutdownPoll. * Handles new connection errors properly. * Handles read and write timeout properly. * Handles error on start of HTTP server properly by exiting minio process. Fixes #4494 #4476 & fixed review comments
2017-07-13 07:33:21 +08:00
func getSSLConfig() (x509Certs []*x509.Certificate, rootCAs *x509.CertPool, tlsCert *tls.Certificate, secureConn bool, err error) {
server: handle command line and env variables at one place. (#3975)
2017-03-31 02:21:19 +08:00
if !(isFile(getPublicCertFile()) && isFile(getPrivateKeyFile())) {
Refactor HTTP server to address bugs (#4636) * Refactor HTTP server to address bugs * Remove unnecessary goroutine to start multiple TCP listeners. * HTTP server waits for shutdown to maximum of Server.ShutdownTimeout than per serverShutdownPoll. * Handles new connection errors properly. * Handles read and write timeout properly. * Handles error on start of HTTP server properly by exiting minio process. Fixes #4494 #4476 & fixed review comments
2017-07-13 07:33:21 +08:00
return nil, nil, nil, false, nil
server: handle command line and env variables at one place. (#3975)
2017-03-31 02:21:19 +08:00
}
Refactor HTTP server to address bugs (#4636) * Refactor HTTP server to address bugs * Remove unnecessary goroutine to start multiple TCP listeners. * HTTP server waits for shutdown to maximum of Server.ShutdownTimeout than per serverShutdownPoll. * Handles new connection errors properly. * Handles read and write timeout properly. * Handles error on start of HTTP server properly by exiting minio process. Fixes #4494 #4476 & fixed review comments
2017-07-13 07:33:21 +08:00
if x509Certs, err = parsePublicCertFile(getPublicCertFile()); err != nil {
return nil, nil, nil, false, err
server: handle command line and env variables at one place. (#3975)
2017-03-31 02:21:19 +08:00
}
Refactor HTTP server to address bugs (#4636) * Refactor HTTP server to address bugs * Remove unnecessary goroutine to start multiple TCP listeners. * HTTP server waits for shutdown to maximum of Server.ShutdownTimeout than per serverShutdownPoll. * Handles new connection errors properly. * Handles read and write timeout properly. * Handles error on start of HTTP server properly by exiting minio process. Fixes #4494 #4476 & fixed review comments
2017-07-13 07:33:21 +08:00
var cert tls.Certificate
if cert, err = tls.LoadX509KeyPair(getPublicCertFile(), getPrivateKeyFile()); err != nil {
return nil, nil, nil, false, err
}
tlsCert = &cert
server: handle command line and env variables at one place. (#3975)
2017-03-31 02:21:19 +08:00
if rootCAs, err = getRootCAs(getCADir()); err != nil {
Refactor HTTP server to address bugs (#4636) * Refactor HTTP server to address bugs * Remove unnecessary goroutine to start multiple TCP listeners. * HTTP server waits for shutdown to maximum of Server.ShutdownTimeout than per serverShutdownPoll. * Handles new connection errors properly. * Handles read and write timeout properly. * Handles error on start of HTTP server properly by exiting minio process. Fixes #4494 #4476 & fixed review comments
2017-07-13 07:33:21 +08:00
return nil, nil, nil, false, err
server: handle command line and env variables at one place. (#3975)
2017-03-31 02:21:19 +08:00
}
secureConn = true
Refactor HTTP server to address bugs (#4636) * Refactor HTTP server to address bugs * Remove unnecessary goroutine to start multiple TCP listeners. * HTTP server waits for shutdown to maximum of Server.ShutdownTimeout than per serverShutdownPoll. * Handles new connection errors properly. * Handles read and write timeout properly. * Handles error on start of HTTP server properly by exiting minio process. Fixes #4494 #4476 & fixed review comments
2017-07-13 07:33:21 +08:00
return x509Certs, rootCAs, tlsCert, secureConn, nil
event: Enhance event message struct to provide origin server. (#3557) `principalId` i.e user identity is kept as AccessKey in accordance with S3 spec. Additionally responseElements{} are added starting with `x-amz-request-id` is a hexadecimal of the event time itself in nanosecs. `x-minio-origin-server` - points to the server generating the event. Fixes #3556
2017-01-11 08:43:48 +08:00
}