From 882a1c40146c477204860ebe5e8ed7baf990400e Mon Sep 17 00:00:00 2001
From: zhouhaibing089 <zhouhaibing089@gmail.com>
Date: Wed, 3 May 2017 14:29:32 +0800
Subject: [PATCH] https: tls configuration and run on https (#1877)

---
 build/serve.js               |  4 ++--
 src/app/backend/dashboard.go | 20 ++++++++++++++++----
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/build/serve.js b/build/serve.js
index 870e7c11b..910d9057e 100644
--- a/build/serve.js
+++ b/build/serve.js
@@ -46,11 +46,11 @@ function getBackendArgs(mode) {
   let args = [`--heapster-host=${conf.backend.heapsterServerHost}`];
 
   if (mode === conf.backend.production) {
-    args.push(`--port=${conf.frontend.serverPort}`);
+    args.push(`--insecure-port=${conf.frontend.serverPort}`);
   }
 
   if (mode === conf.backend.development) {
-    args.push(`--port=${conf.backend.devServerPort}`);
+    args.push(`--insecure-port=${conf.backend.devServerPort}`);
   }
 
   if (conf.backend.envKubeconfig) {
diff --git a/src/app/backend/dashboard.go b/src/app/backend/dashboard.go
index 204e7fde9..8a7a6065f 100644
--- a/src/app/backend/dashboard.go
+++ b/src/app/backend/dashboard.go
@@ -29,9 +29,13 @@ import (
 )
 
 var (
-	argPort          = pflag.Int("port", 9090, "The port to listen to for incoming HTTP requests")
-	argBindAddress   = pflag.IP("bind-address", net.IPv4(0, 0, 0, 0), "The IP address on which to serve the --port (set to 0.0.0.0 for all interfaces).")
-	argApiserverHost = pflag.String("apiserver-host", "", "The address of the Kubernetes Apiserver "+
+	argInsecurePort        = pflag.Int("insecure-port", 9090, "The port to listen to for incoming HTTP requests.")
+	argPort                = pflag.Int("port", 8443, "The secure port to listen to for incoming HTTPS requests.")
+	argInsecureBindAddress = pflag.IP("insecure-bind-address", net.IPv4(127, 0, 0, 1), "The IP address on which to serve the --port (set to 0.0.0.0 for all interfaces).")
+	argBindAddress         = pflag.IP("bind-address", net.IPv4(0, 0, 0, 0), "The IP address on which to serve the --secure-port (set to 0.0.0.0 for all interfaces).")
+	argCertFile            = pflag.String("tls-cert-file", "", "File containing the default x509 Certificate for HTTPS.")
+	argKeyFile             = pflag.String("tls-key-file", "", "File containing the default x509 private key matching --tls-cert-file.")
+	argApiserverHost       = pflag.String("apiserver-host", "", "The address of the Kubernetes Apiserver "+
 		"to connect to in the format of protocol://address:port, e.g., "+
 		"http://localhost:8080. If not specified, the assumption is that the binary runs inside a "+
 		"Kubernetes cluster and local discovery is attempted.")
@@ -86,7 +90,15 @@ func main() {
 	// TODO(maciaszczykm): Move to /appConfig.json as it was discussed in #640.
 	http.Handle("/api/appConfig.json", handler.AppHandler(handler.ConfigHandler))
 	http.Handle("/metrics", prometheus.Handler())
-	log.Print(http.ListenAndServe(fmt.Sprintf("%s:%d", *argBindAddress, *argPort), nil))
+
+	// Listen for http and https
+	addr := fmt.Sprintf("%s:%d", *argInsecureBindAddress, *argInsecurePort)
+	go log.Fatal(http.ListenAndServe(addr, nil))
+	secureAddr := fmt.Sprintf("%s:%d", *argBindAddress, *argPort)
+	if len(*argCertFile) != 0 && len(*argKeyFile) != 0 {
+		go log.Fatal(http.ListenAndServeTLS(secureAddr, *argCertFile, *argKeyFile, nil))
+	}
+	select {}
 }
 
 /**
-- 
GitLab