in server/cmd/harp-server/internal/dispatchers/http/wire.go [58:119]
func httpServer(ctx context.Context, cfg *config.Configuration, bm manager.Backend) (*http.Server, error) {
r := chi.NewRouter()
// middleware stack
r.Use(middleware.RequestID)
r.Use(middleware.RealIP)
r.Use(middleware.Recoverer)
// timeout before request cancelation
r.Use(middleware.Timeout(60 * time.Second))
// Apply container keyring
container.SetKeyring(cfg.Keyring)
// API endpoint
backendRouter, err := routes.Backends(ctx, cfg, bm)
if err != nil {
return nil, err
}
r.Route("/api/v1", func(r chi.Router) {
r.Mount("/", http.StripPrefix("/api/v1", backendRouter))
})
// Assign router to server
server := &http.Server{
ReadTimeout: 5 * time.Second,
WriteTimeout: 5 * time.Second,
IdleTimeout: 30 * time.Second,
ReadHeaderTimeout: 2 * time.Second,
Handler: r,
}
// Enable TLS if requested
if cfg.HTTP.UseTLS {
// Client authentication enabled but not required
clientAuth := tls.VerifyClientCertIfGiven
if cfg.HTTP.TLS.ClientAuthenticationRequired {
clientAuth = tls.RequireAndVerifyClientCert
}
// Generate TLS configuration
tlsConfig, err := tlsconfig.Server(&tlsconfig.Options{
KeyFile: cfg.HTTP.TLS.PrivateKeyPath,
CertFile: cfg.HTTP.TLS.CertificatePath,
CAFile: cfg.HTTP.TLS.CACertificatePath,
ClientAuth: clientAuth,
})
if err != nil {
log.For(ctx).Error("Unable to build TLS configuration from settings", zap.Error(err))
return nil, err
}
// Create the TLS credentials
server.TLSConfig = tlsConfig
} else {
log.For(ctx).Info("No transport encryption enabled for HTTP server")
}
// Return result
return server, nil
}