Update server HTTPS configuration

[sergystepanov]

The HTTPS server configuration has been fixed and reworked.

• New configuration params:

   server:
     address: :8000
     https: false
     # Letsencrypt or self cert config
     tls:
       address: :443
       # the public domain of the coordinator
       domain: localhost:8000 
       letsencryptUrl:
       # if both are set then will use certs
       # and Letsencryt instead
       httpsKey:
       httpsCert:

  • The server.[tls.]address params now accept a string in the following format host:port, instead of a single port value.

    // before
    server.address: 8080 -> :8080
    // after
    server.address: :8080 -> :8080
    server.address: local:8080 -> local:8080

  • A secure HTTPS/WSS connection can be enabled now with the server.https config param and there are two possible ways of using it. The first one, when you leave both server.tls.httpsKey and server.tls.httpsCert params empty, in that case, you will be using Letsencrypt auto certification config, its default URL can be changed with the server.tls.letsencryptUrl. Alternatively, you can specify HTTPS cert and key files, if you want, as an example, test HTTPS with a local self-signed certificate.

• Worker pushes its zone and public ping server address (builds automatically) params during internal connection to the coordinator.

An example of SSL/TLS config:

# ...
coordinator:
  # ...
  # HTTP(S) server config
  server:
    # ...
    https: true
    # Letsencrypt or self cert config
    tls:
      address: :443
      # the public domain of the coordinator
      domain: localhost:8000
      letsencryptUrl:
      # if both are set then will use certs
      # and Letsencryt instead
      httpsCert: localhost.crt
      httpsKey: localhost.key
# ...
worker:
  network:
    # ...
    # make coordinator connection secure (wss)
    secure: true
  # ...  
  server:
    address: :9000
    https: true
    tls:
      address: :444
      # LetsEncrypt config
      # if empty will use URL from Go
      letsencryptUrl:
      # Own certs config
      httpsCert: localhost.crt
      httpsKey: localhost.key
# ...

• Auto host+port generation code was reworked. The coordinator won't roll any ports. Workers will roll http/s ports, including the monitoring server.

[giongto35]

Thanks very much. Let me check