diff --git a/README.md b/README.md index 3118c08..66705bb 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,9 @@ By performing a simple HTTP GET or POST request to that endpoint, your specified However, hook defined like that could pose a security threat to your system, because anyone who knows your endpoint, can send a request and execute your command. To prevent that, you can use the `"trigger-rule"` property for your hook, to specify the exact circumstances under which the hook would be triggered. For example, you can use them to add a secret that you must supply as a parameter in order to successfully trigger the hook. Please check out the [Hook rules page](https://github.com/adnanh/webhook/wiki/Hook-Rules) for detailed list of available rules and their usage. +# Using HTTPS +[webhook](https://github.com/adnanh/webhook/) by default serves hooks using http. If you want [webhook](https://github.com/adnanh/webhook/) to serve secure content using https, you can use the `-secure` flag while starting [webhook](https://github.com/adnanh/webhook/). Files containing a certificate and matching private key for the server must be provided using the `-cert /path/to/cert.pem` and `-key /path/to/key.pem` flags. If the certificate is signed by a certificate authority, the cert file should be the concatenation of the server's certificate followed by the CA's certificate. + # Examples Check out [Hook examples page](https://github.com/adnanh/webhook/wiki/Hook-Examples) for more complex examples of hooks. diff --git a/webhook.go b/webhook.go index 1a8ee2c..50e3610 100644 --- a/webhook.go +++ b/webhook.go @@ -22,7 +22,7 @@ import ( ) const ( - version = "2.1.0" + version = "2.2.0" ) var ( @@ -31,6 +31,9 @@ var ( verbose = flag.Bool("verbose", false, "show verbose output") hotReload = flag.Bool("hotreload", false, "watch hooks file for changes and reload them automatically") hooksFilePath = flag.String("hooks", "hooks.json", "path to the json file containing defined hooks the webhook should serve") + secure = flag.Bool("secure", false, "use HTTPS instead of HTTP") + cert = flag.String("cert", "cert.pem", "path to the HTTPS certificate pem file") + key = flag.String("key", "key.pem", "path to the HTTPS certificate private key pem file") watcher *fsnotify.Watcher @@ -107,8 +110,14 @@ func main() { n.UseHandler(router) - log.Printf("listening on %s:%d", *ip, *port) - log.Fatal(http.ListenAndServe(fmt.Sprintf("%s:%d", *ip, *port), n)) + if *secure { + log.Printf("starting secure (https) webhook on %s:%d", *ip, *port) + log.Fatal(http.ListenAndServeTLS(fmt.Sprintf("%s:%d", *ip, *port), *cert, *key, n)) + } else { + log.Printf("starting insecure (http) webhook on %s:%d", *ip, *port) + log.Fatal(http.ListenAndServe(fmt.Sprintf("%s:%d", *ip, *port), n)) + } + } func hookHandler(w http.ResponseWriter, r *http.Request) {