Resolves #2 "Support binding to localhost"

shatil · bobveznat · commit 5e7d0e916cd1 · 2017-05-23T09:45:58.000-07:00
Introduces user-configured listen address and defaults to a more secure
listen address of `127.0.0.1:8080`.
diff --git a/sign_certd.go b/sign_certd.go
@@ -620,6 +620,11 @@ func signdFlags() []cli.Flag {
 			Value: configPath,
 			Usage: "Path to config.json",
 		},
+		cli.StringFlag{
+			Name:  "listen-address",
+			Value: "127.0.0.1:8080",
+			Usage: "HTTP service address",
+		},
 	}
 }
 
@@ -636,7 +641,7 @@ func signCertd(c *cli.Context) error {
 			return cli.NewExitError(fmt.Sprintf("Error validation config for env '%s': %s", envName, err), 1)
 		}
 	}
-	err = runSignCertd(config)
+	err = runSignCertd(config, c.String("listen-address"))
 	return err
 }
 
@@ -647,7 +652,7 @@ func makeCertRequestHandler(config map[string]ssh_ca_util.SignerdConfig) certReq
 	return requestHandler
 }
 
-func runSignCertd(config map[string]ssh_ca_util.SignerdConfig) error {
+func runSignCertd(config map[string]ssh_ca_util.SignerdConfig, addr string) error {
 	log.Println("Server running version", ssh_ca_util.BuildVersion)
 	log.Println("Using SSH agent at", os.Getenv("SSH_AUTH_SOCK"))
 
@@ -671,6 +676,6 @@ func runSignCertd(config map[string]ssh_ca_util.SignerdConfig) error {
 	request := r.Path("/cert/requests/{requestID}").Subrouter()
 	request.Methods("GET").HandlerFunc(requestHandler.getRequestStatus)
 	request.Methods("POST", "DELETE").HandlerFunc(requestHandler.signOrRejectRequest)
-	http.ListenAndServe(":8080", r)
+	http.ListenAndServe(addr, r)
 	return nil
 }

Original file line number	Diff line number	Diff line change
`@@ -620,6 +620,11 @@ func signdFlags() []cli.Flag {`
`620`	`620`	`Value: configPath,`
`621`	`621`	`Usage: "Path to config.json",`
`622`	`622`	`},`
	`623`	`+ cli.StringFlag{`
	`624`	`+ Name: "listen-address",`
	`625`	`+ Value: "127.0.0.1:8080",`
	`626`	`+ Usage: "HTTP service address",`
	`627`	`+ },`
`623`	`628`	`}`
`624`	`629`	`}`
`625`	`630`
`@@ -636,7 +641,7 @@ func signCertd(c *cli.Context) error {`
`636`	`641`	`return cli.NewExitError(fmt.Sprintf("Error validation config for env '%s': %s", envName, err), 1)`
`637`	`642`	`}`
`638`	`643`	`}`
`639`		`- err = runSignCertd(config)`
	`644`	`+ err = runSignCertd(config, c.String("listen-address"))`
`640`	`645`	`return err`
`641`	`646`	`}`
`642`	`647`
`@@ -647,7 +652,7 @@ func makeCertRequestHandler(config map[string]ssh_ca_util.SignerdConfig) certReq`
`647`	`652`	`return requestHandler`
`648`	`653`	`}`
`649`	`654`
`650`		`-func runSignCertd(config map[string]ssh_ca_util.SignerdConfig) error {`
	`655`	`+func runSignCertd(config map[string]ssh_ca_util.SignerdConfig, addr string) error {`
`651`	`656`	`log.Println("Server running version", ssh_ca_util.BuildVersion)`
`652`	`657`	`log.Println("Using SSH agent at", os.Getenv("SSH_AUTH_SOCK"))`
`653`	`658`
`@@ -671,6 +676,6 @@ func runSignCertd(config map[string]ssh_ca_util.SignerdConfig) error {`
`671`	`676`	`request := r.Path("/cert/requests/{requestID}").Subrouter()`
`672`	`677`	`request.Methods("GET").HandlerFunc(requestHandler.getRequestStatus)`
`673`	`678`	`request.Methods("POST", "DELETE").HandlerFunc(requestHandler.signOrRejectRequest)`
`674`		`- http.ListenAndServe(":8080", r)`
	`679`	`+ http.ListenAndServe(addr, r)`
`675`	`680`	`return nil`
`676`	`681`	`}`