Allow disabling TLS behind a load balancer

Upgrade dependencies
2026-03-27 22:46:37 +00:00 · 2022-08-04 21:34:52 +02:00
parent 48da75b96d
commit 0f329f8e55
4 changed files with 44 additions and 38 deletions
--- a/cmd/rdpgw/config/configuration.go
+++ b/cmd/rdpgw/config/configuration.go
@@ -16,6 +16,7 @@ type Configuration struct {
 type ServerConfig struct {
 	GatewayAddress       string
 	Port                 int
+	DisableTLS			 bool
 	CertFile             string
 	KeyFile              string
 	Hosts                []string
@@ -70,6 +71,7 @@ func init() {
 	viper.SetDefault("client.networkAutoDetect", 1)
 	viper.SetDefault("client.bandwidthAutoDetect", 1)
 	viper.SetDefault("security.verifyClientIp", true)
+	viper.SetDefault("server.tlsDisabled",  false)
 }

 func Load(configFile string) Configuration {
--- a/cmd/rdpgw/main.go
+++ b/cmd/rdpgw/main.go
@@ -81,31 +81,33 @@ func main() {
 	}
 	api.NewApi()

-	if conf.Server.CertFile == "" || conf.Server.KeyFile == "" {
-		log.Fatal("Both certfile and keyfile need to be specified")
-	}
-
-	//mux := http.NewServeMux()
-	//mux.HandleFunc("*", HelloServer)
-
 	log.Printf("Starting remote desktop gateway server")
-
 	cfg := &tls.Config{}
-	tlsDebug := os.Getenv("SSLKEYLOGFILE")
-	if tlsDebug != "" {
-		w, err := os.OpenFile(tlsDebug, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
-		if err != nil {
-			log.Fatalf("Cannot open key log file %s for writing %s", tlsDebug, err)
+
+	if conf.Server.DisableTLS {
+		log.Printf("TLS disabled - rdp gw connections require tls make sure to have a terminator")
+	} else {
+		if conf.Server.CertFile == "" || conf.Server.KeyFile == "" {
+			log.Fatal("Both certfile and keyfile need to be specified")
 		}
-		log.Printf("Key log file set to: %s", tlsDebug)
-		cfg.KeyLogWriter = w
+
+		tlsDebug := os.Getenv("SSLKEYLOGFILE")
+		if tlsDebug != "" {
+			w, err := os.OpenFile(tlsDebug, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+			if err != nil {
+				log.Fatalf("Cannot open key log file %s for writing %s", tlsDebug, err)
+			}
+			log.Printf("Key log file set to: %s", tlsDebug)
+			cfg.KeyLogWriter = w
+		}
+
+		cert, err := tls.LoadX509KeyPair(conf.Server.CertFile, conf.Server.KeyFile)
+		if err != nil {
+			log.Fatal(err)
+		}
+		cfg.Certificates = append(cfg.Certificates, cert)
 	}

-	cert, err := tls.LoadX509KeyPair(conf.Server.CertFile, conf.Server.KeyFile)
-	if err != nil {
-		log.Fatal(err)
-	}
-	cfg.Certificates = append(cfg.Certificates, cert)
 	server := http.Server{
 		Addr:      ":" + strconv.Itoa(conf.Server.Port),
 		TLSConfig: cfg,