diff --git a/server/args.go b/server/args.go index cef59ac..6e35312 100644 --- a/server/args.go +++ b/server/args.go @@ -27,6 +27,7 @@ type Args struct { DBPath string Chain *string DaemonURL *url.URL + DaemonCAPath string EsHost string EsPort int PrometheusPort int @@ -230,6 +231,7 @@ func ParseArgs(searchRequest *pb.SearchRequest) *Args { chain := parser.Selector("", "chain", []string{chaincfg.MainNetParams.Name, chaincfg.TestNet3Params.Name, chaincfg.RegressionNetParams.Name, "testnet"}, &argparse.Options{Required: false, Help: "Which chain to use, default is 'mainnet'. Values 'regtest' and 'testnet' are for testing", Default: chaincfg.MainNetParams.Name}) daemonURLStr := parser.String("", "daemon-url", &argparse.Options{Required: false, Help: "URL for rpc to lbrycrd or lbcd, :@.", Validate: validateURL, Default: defaultDaemonURL}) + daemonCAPath := parser.String("", "daemon-ca-path", &argparse.Options{Required: false, Help: "Path to the lbcd CA file. Use SSL certificate to verify connection to lbcd."}) esHost := parser.String("", "eshost", &argparse.Options{Required: false, Help: "elasticsearch host", Default: DefaultEsHost}) esPort := parser.Int("", "esport", &argparse.Options{Required: false, Help: "elasticsearch port", Default: DefaultEsPort}) prometheusPort := parser.Int("", "prometheus-port", &argparse.Options{Required: false, Help: "prometheus port", Default: DefaultPrometheusPort}) @@ -303,6 +305,7 @@ func ParseArgs(searchRequest *pb.SearchRequest) *Args { DBPath: *dbPath, Chain: chain, DaemonURL: daemonURL, + DaemonCAPath: *daemonCAPath, EsHost: *esHost, EsPort: *esPort, PrometheusPort: *prometheusPort, diff --git a/server/server.go b/server/server.go index 6f40777..493e735 100644 --- a/server/server.go +++ b/server/server.go @@ -9,6 +9,7 @@ import ( "fmt" "hash" "io" + "io/ioutil" golog "log" "net" "net/http" @@ -291,6 +292,13 @@ func MakeHubServer(grp *stop.Group, args *Args) *Server { var lbcdClient *lbcd.Client = nil if args.DaemonURL != nil { + var rpcCertificate []byte + if args.DaemonCAPath != "" { + rpcCertificate, err = ioutil.ReadFile(args.DaemonCAPath) + if err != nil { + log.Fatalf("failed to read SSL certificate from path: %v", args.DaemonCAPath) + } + } log.Warnf("connecting to lbcd daemon at %v...", args.DaemonURL.Host) password, _ := args.DaemonURL.User.Password() cfg := &lbcd.ConnConfig{ @@ -298,11 +306,12 @@ func MakeHubServer(grp *stop.Group, args *Args) *Server { User: args.DaemonURL.User.Username(), Pass: password, HTTPPostMode: true, - DisableTLS: true, + DisableTLS: rpcCertificate == nil, + Certificates: rpcCertificate, } lbcdClient, err = lbcd.New(cfg, nil) if err != nil { - log.Fatalf("lbcd connection failed: %v", err) + log.Fatalf("lbcd daemon connection failed: %v", err) } }