Add better tls support.

dc4eu · Apr 11, 2024 · f76b7c6 · f76b7c6
1 parent bf2fa65
commit f76b7c6
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 3 deletions.
diff --git a/dev_config_docker.yaml b/dev_config_docker.yaml
@@ -78,6 +78,10 @@ persistent:
 apigw:
   api_server:
     addr: :8080
+    tls:
+      enabled: false
+      cert_file_path: ""
+      key_file_path: ""
 
 py_pdfsigner:
   sign_queue_name: sign

diff --git a/dockerfiles/worker b/dockerfiles/worker
@@ -24,15 +24,15 @@ ARG SERVICE_NAME
 
 WORKDIR /
 
-RUN apt-get update && apt-get install -y curl procps iputils-ping less
+RUN apt-get update && apt-get install -y curl procps iputils-ping less coreutils file netcat-openbsd
 RUN rm -rf /var/lib/apt/lists/*
 
 COPY --from=builder /go/src/app/bin/vc_${SERVICE_NAME} /vc_service
 COPY --from=builder /go/src/app/docs /docs
 
 EXPOSE 8080
 
-HEALTHCHECK --interval=20s --timeout=10s CMD curl --connect-timeout 5 http://localhost:8080/health | grep -q STATUS_OK
+HEALTHCHECK --interval=20s --timeout=10s CMD curl --insecure --connect-timeout 5 https://localhost:8080/health | grep -q STATUS_OK
 
 # vars in CMD and ENTRYPOINT are evaluated at runtime, that's why we use a static name on the binary.
 CMD [ "./vc_service" ]
diff --git a/internal/apigw/httpserver/tls.go b/internal/apigw/httpserver/tls.go
@@ -6,9 +6,11 @@ import (
 )
 
 func (s *Service) applyTLSConfig(ctx context.Context) {
+	ctx, span := s.tp.Start(ctx, "httpserver:applyTLSConfig")
+	defer span.End()
+
 	cfg := &tls.Config{
 		MinVersion:               tls.VersionTLS12,
-		CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
 		PreferServerCipherSuites: true,
 	}