service: fix alpn certificate usage

Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
This commit is contained in:
Adphi 2024-12-21 14:44:56 +01:00
parent 174aa3a497
commit 939c060513
Signed by: adphi
GPG Key ID: 46BE4062DB2397FF
2 changed files with 4 additions and 3 deletions

View File

@ -566,6 +566,7 @@ func (o *options) parseTLSConfig() error {
if o.tlsConfig != nil { if o.tlsConfig != nil {
return nil return nil
} }
nextProtos := []string{"h2", "h2c", "http/1.1", "acme-tls/1"}
if !o.hasTLSConfig() { if !o.hasTLSConfig() {
if !o.secure { if !o.secure {
return nil return nil
@ -593,6 +594,7 @@ func (o *options) parseTLSConfig() error {
o.tlsConfig = &tls.Config{ o.tlsConfig = &tls.Config{
Certificates: []tls.Certificate{cert}, Certificates: []tls.Certificate{cert},
ClientAuth: tls.NoClientCert, ClientAuth: tls.NoClientCert,
NextProtos: nextProtos,
} }
return nil return nil
} }
@ -612,6 +614,7 @@ func (o *options) parseTLSConfig() error {
o.tlsConfig = &tls.Config{ o.tlsConfig = &tls.Config{
Certificates: []tls.Certificate{cert}, Certificates: []tls.Certificate{cert},
RootCAs: caCertPool, RootCAs: caCertPool,
NextProtos: nextProtos,
} }
if !o.hasClientTLSConfig() { if !o.hasClientTLSConfig() {
return nil return nil

View File

@ -310,7 +310,6 @@ func (s *service) runWithoutCmux(ctx context.Context, g *errgroup.Group) error {
handler.ServeHTTP(w, r) handler.ServeHTTP(w, r)
} }
}), &http2.Server{}), }), &http2.Server{}),
TLSConfig: s.opts.tlsConfig,
} }
if err := http2.ConfigureServer(hServer, &http2.Server{}); err != nil { if err := http2.ConfigureServer(hServer, &http2.Server{}); err != nil {
return err return err
@ -337,7 +336,6 @@ func (s *service) runWithCmux(ctx context.Context, g *errgroup.Group) error {
if s.opts.mux != nil { if s.opts.mux != nil {
hServer := &http.Server{ hServer := &http.Server{
Handler: alice.New(s.opts.middlewares...).Then(cors.New(s.opts.cors).Handler(s.opts.mux)), Handler: alice.New(s.opts.middlewares...).Then(cors.New(s.opts.cors).Handler(s.opts.mux)),
TLSConfig: s.opts.tlsConfig,
} }
g.Go(func() error { g.Go(func() error {
defer hServer.Shutdown(ctx) defer hServer.Shutdown(ctx)