Split Proxy - TLS Support

mredolatti commented 1 year ago

support for serving HTTPS directly from split-proxy
support for serving HTTPS in admin & dashboard endpoints (works for Split-Sync as well)
requires custom private key & certificate
support for mTLS (accepts optional root certificate for client validation)
support for limiting minimum TLS version
support for limiting allowed cipher suites

How to test manually:

if you don't want to create your own certs skip the next 4 bullet points:

ensure you're running openssl >= 1.1 for generating certificates
cd test/certs/https
make clean all
cd ../../..

(continued)

make split-proxy

add the following lines to /etc/hosts:

127.0.0.1 split-proxy
127.0.0.1 split-proxy-admin

 ./split-proxy \
    -apikey=<YOUR_APIKEY> \
    -server-tls-enabled \
    -server-tls-private-key-fn=./test/certs/https/proxy.key \
    -server-tls-cert-chain-fn=./test/certs/https/proxy.crt \
    -server-tls-min-tls-version=1.3 \
    -server-tls-allowed-cipher-suites=TLS_CHACHA20_POLY1305_SHA256

curl -v \
    https://split-proxy:3000/api/splitChanges \
    -H"Authorization: Bearer SDK_API_KEY" \
    --cacert test/certs/https/ca.crt

curl -v \
    https://split-proxy-admin:3010/health/application \
    --cacert test/certs/https/ca.crt

sonarqube-pull-requests[bot] commented 1 year ago

SonarQube Quality Gate

0 Bugs
0 Vulnerabilities
0 Security Hotspots
3 Code Smells

66.3% Coverage
0.0% Duplication

sonarqube-pull-requests[bot] commented 1 year ago

SonarQube Quality Gate

55.6% Coverage on New Code (is less than 80%)

See analysis details on SonarQube

sonarqube-pull-requests[bot] commented 1 year ago

SonarQube Quality Gate

55.6% Coverage on New Code (is less than 80%)

See analysis details on SonarQube

splitio / split-synchronizer

Split Proxy - TLS Support #209