service: fix alpn certificate usage

Signed-off-by: Adphi <philippe.adrien.nousse@gmail.com>
2025-01-02 22:30:46 +00:00 · 2024-12-21 14:44:56 +01:00 · 2024-12-21 14:44:56 +01:00 · 939c060513
commit 939c060513
parent 174aa3a497
2 changed files with 4 additions and 3 deletions
--- a/service/options.go
+++ b/service/options.go
@ -566,6 +566,7 @@ func (o *options) parseTLSConfig() error {
 	if o.tlsConfig != nil {
 		return nil
 	}
+	nextProtos := []string{"h2", "h2c", "http/1.1", "acme-tls/1"}
 	if !o.hasTLSConfig() {
 		if !o.secure {
 			return nil
@ -593,6 +594,7 @@ func (o *options) parseTLSConfig() error {
 		o.tlsConfig = &tls.Config{
 			Certificates: []tls.Certificate{cert},
 			ClientAuth:   tls.NoClientCert,
+			NextProtos:   nextProtos,
 		}
 		return nil
 	}
@ -612,6 +614,7 @@ func (o *options) parseTLSConfig() error {
 	o.tlsConfig = &tls.Config{
 		Certificates: []tls.Certificate{cert},
 		RootCAs:      caCertPool,
+		NextProtos:   nextProtos,
 	}
 	if !o.hasClientTLSConfig() {
 		return nil
--- a/service/service.go
+++ b/service/service.go
@ -310,7 +310,6 @@ func (s *service) runWithoutCmux(ctx context.Context, g *errgroup.Group) error {
 					handler.ServeHTTP(w, r)
 				}
 			}), &http2.Server{}),
-			TLSConfig: s.opts.tlsConfig,
 		}
 		if err := http2.ConfigureServer(hServer, &http2.Server{}); err != nil {
 			return err
@ -336,8 +335,7 @@ func (s *service) runWithCmux(ctx context.Context, g *errgroup.Group) error {

 	if s.opts.mux != nil {
 		hServer := &http.Server{
-			Handler:   alice.New(s.opts.middlewares...).Then(cors.New(s.opts.cors).Handler(s.opts.mux)),
-			TLSConfig: s.opts.tlsConfig,
+			Handler: alice.New(s.opts.middlewares...).Then(cors.New(s.opts.cors).Handler(s.opts.mux)),
 		}
 		g.Go(func() error {
 			defer hServer.Shutdown(ctx)