lerko/nib-v1
1
1
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

feat(serve): add TLS support with --tls-cert and --tls-key flags

Browse Source 
Adds make cert target for self-signed dev certs and development guide.
This commit is contained in:
Tyler Koenig
2026-05-17 14:53:14 -04:00
parent 805467486b
commit dd8878ebcf
4 changed files with 123 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/serve.go
+26 -4
View File
@@ -20,6 +20,8 @@ var WebFS fs.FS
var (
servePort int
serveDev bool
tlsCert string
tlsKey string
)
var serveCmd = &cobra.Command{
@@ -29,12 +31,19 @@ var serveCmd = &cobra.Command{
}
func init() {
serveCmd.Flags().IntVar(&servePort, "port", 0, "port to listen on (default 4444)")
serveCmd.Flags().IntVar(&servePort, "port", 0, "port to listen on (default 4444, or 4443 with TLS)")
serveCmd.Flags().BoolVar(&serveDev, "dev", false, "enable CORS for development")
serveCmd.Flags().StringVar(&tlsCert, "tls-cert", "", "path to TLS certificate file")
serveCmd.Flags().StringVar(&tlsKey, "tls-key", "", "path to TLS private key file")
rootCmd.AddCommand(serveCmd)
}
func runServe(_ *cobra.Command, _ []string) error {
useTLS := tlsCert != "" && tlsKey != ""
if (tlsCert != "") != (tlsKey != "") {
return fmt.Errorf("both --tls-cert and --tls-key are required for TLS")
}
port := servePort
if port == 0 {
if envPort := os.Getenv("NIB_PORT"); envPort != "" {
@@ -43,6 +52,8 @@ func runServe(_ *cobra.Command, _ []string) error {
return fmt.Errorf("invalid NIB_PORT: %w", err)
}
port = p
} else if useTLS {
port = 4443
} else {
port = 4444
}
@@ -69,12 +80,23 @@ func runServe(_ *cobra.Command, _ []string) error {
defer stop()
go func() {
fmt.Printf("nib serving on %s\n", addr)
if useTLS {
fmt.Printf("nib serving on https://localhost%s\n", addr)
} else {
fmt.Printf("nib serving on http://localhost%s\n", addr)
}
if serveDev {
fmt.Println(" CORS enabled (dev mode)")
}
if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
fmt.Fprintf(os.Stderr, "server error: %v\n", err)
var listenErr error
if useTLS {
listenErr = srv.ListenAndServeTLS(tlsCert, tlsKey)
} else {
listenErr = srv.ListenAndServe()
}
if listenErr != nil && listenErr != http.ErrServerClosed {
fmt.Fprintf(os.Stderr, "server error: %v\n", listenErr)
}
}()