enabling TLS config in http zero

hypermodeinc · Oct 9, 2020 · 4945380 · 4945380
1 parent bd4d0f7
commit 4945380
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/dgraph/cmd/zero/http.go b/dgraph/cmd/zero/http.go
@@ -246,9 +246,18 @@ func (st *state) serveHTTP(l net.Listener) {
 		IdleTimeout:  2 * time.Minute,
 	}
 
+	tlsCfg, err := x.LoadServerTLSConfig(Zero.Conf, "node.crt", "node.key")
+	x.Check(err)
+
 	go func() {
 		defer st.zero.closer.Done()
-		err := srv.Serve(l)
+		switch {
+		case tlsCfg != nil:
+			srv.TLSConfig = tlsCfg
+			err = srv.ServeTLS(l, "", "")
+		default:
+			err = srv.Serve(l)
+		}
 		glog.Errorf("Stopped taking more http(s) requests. Err: %v", err)
 		ctx, cancel := context.WithTimeout(context.Background(), 630*time.Second)
 		defer cancel()

diff --git a/dgraph/cmd/zero/run.go b/dgraph/cmd/zero/run.go
@@ -88,6 +88,7 @@ instances to achieve high-availability.
 	flag.StringP("wal", "w", "zw", "Directory storing WAL.")
 	flag.Duration("rebalance_interval", 8*time.Minute, "Interval for trying a predicate move.")
 	flag.String("enterprise_license", "", "Path to the enterprise license file.")
+	x.RegisterClientTLSFlags(flag)
 }
 
 func setupListener(addr string, port int, kind string) (listener net.Listener, err error) {