This adds TLS termination support to boardwalkd. This is designed in a way where you can serve on a non-TLS port and/or a TLS port. When a TLS port is configured, an HTTPS scheme on the server URL is required, and UI requests to the non-TLS port (if any) will be upgraded automatically. API requests sent to the non-TLS port will be rejected.
How was this tested?
Tested mostly ad-hoc locally in the UI and API using a self-signed cert.
I did have to temporarily turn off cert validation in the protocol client to test this. Currently there is no option in the protocol client to ignore invalid certs, but that may be something useful for certain cases. I opted not to add that in this change but if we feel strongly about it I can add in an option to the boardwalk CLI.
This change identifies a known, minor bug, where supplying a port of 0 will not log the actual port number correctly. This is because when you request a port of 0, the operating system will pick a random open port.
Checklist
[x] Have you updated the VERSION file (if applicable)?
What and why?
Fixes #10
This adds TLS termination support to boardwalkd. This is designed in a way where you can serve on a non-TLS port and/or a TLS port. When a TLS port is configured, an HTTPS scheme on the server URL is required, and UI requests to the non-TLS port (if any) will be upgraded automatically. API requests sent to the non-TLS port will be rejected.
How was this tested?
Tested mostly ad-hoc locally in the UI and API using a self-signed cert.
I did have to temporarily turn off cert validation in the protocol client to test this. Currently there is no option in the protocol client to ignore invalid certs, but that may be something useful for certain cases. I opted not to add that in this change but if we feel strongly about it I can add in an option to the boardwalk CLI.
This change identifies a known, minor bug, where supplying a port of
0will not log the actual port number correctly. This is because when you request a port of0, the operating system will pick a random open port.Checklist