Merge pull request #18 from trco/add-cert-to-image

Add and use built-in openssl certificate

.gitignore

@@ -1,9 +1,6 @@
 /data
 config*
-!config_structs.go
-!config/
-x_example_requests.txt
-x_notes.txt
-/x_proxy_setup
-demo.crt
-demo.key
+.vscode/
+!certs/
+wannabe.crt
+wannabe.key

Dockerfile

@@ -16,10 +16,13 @@ FROM alpine
 WORKDIR /usr/src/app
 
 COPY --from=builder /build/wannabe /usr/src/app/wannabe
+COPY certs/wannabe.crt /usr/src/app/certs/wannabe.crt
+COPY certs/wannabe.key /usr/src/app/certs/wannabe.key
 
 RUN apk add --no-cache bash curl
 
-ENV RUNNING_IN_CONTAINER=true
+ENV CERT_PATH=/usr/src/app/certs/wannabe.crt
+ENV CERT_KEY_PATH=/usr/src/app/certs/wannabe.key
 
 EXPOSE 6789
 EXPOSE 6790

README.md

@@ -8,46 +8,52 @@ Official docker images are available at [Docker Hub](https://hub.docker.com/r/tr
 
 For a successful startup, Wannabe requires the configuration and SSL certificate files.
 
-For information on configuration see the [Configuration](#configuration) section. You must generate and use the self-signed SSL certificate for Wannabe to securely proxy HTTPS requests to other servers. It's crucial to ensure that the client's operating system, whether on a local machine or within a containerized environment, trusts the SSL certificate for secure communication with Wannabe. For guidance on adding the SSL certificate to your operating system and configuring trust settings, please refer to the relevant documentation.
+For information on configuration, see the [Configuration](#configuration) section. Wannabe comes with a built-in self-signed SSL certificate that can be used out of the box for securely proxying HTTPS requests to other servers. It's crucial to ensure that the client's operating system, whether on a local machine or within a containerized environment, trusts the SSL certificate for secure communication with Wannabe. You can find the built-in certificate and its key in the `certs` folder of this repository. For guidance on adding the SSL certificate to your operating system and configuring trust settings, please refer to the relevant documentation.
+
+However, if you prefer to use your own custom SSL certificate, you have the option to generate and use a self-signed certificate. See the [Running as a standalone server](#running-as-a-standalone-server) or [Running in docker](#running-in-docker) sections for details on how to use your own custom SSL certificate.
 
 ### Generate self-signed SSL certificate
 
 ```
 // generate 2048-bit private key
-openssl genrsa -out wannabe.key 2048
+openssl genrsa -out custom_certificate_wannabe.key 2048
 ```
 
 ```
 // generate self-signed SSL certificate valid for 10 years
-openssl req -new -x509 -key wannabe.key -out wannabe.crt -days 3650
+openssl req -new -x509 -key custom_certificate_wannabe.key -out custom_certificate_wannabe.crt -days 3650
 ```
 
 ### Running as a standalone server
 
-Like any Go program, Wannabe can be launched by simply cloning the repository, adding a `config.json`, `wannabe.crt` and `wannabe.key` to the root of the cloned repository, compiling the source code into an executable binary file using the `go build` command, and then running the program with the `go run` command.
+Like any Go program, Wannabe can be launched by following these steps:
+1. Clone the repository.
+2. Add a `config.json` file to the root of the cloned repository.
+3. Use either the built-in certificate `wannabe.crt` and its key `wannabe.key` in the `certs` folder of the repository, or overwrite both certificate files with your own custom certificate and key.
+4. Compile the source code into an executable binary file using the `go build` command, then run the program with the `./wannabe` command (or `wannabe.exe` on Windows).
 
 ### Running in Docker
 
 Wannabe provides official [Docker images](https://hub.docker.com/r/trco/.wannabe) for running the application within a container.
 
-To ensure a successful launch of the application, the configuration `.json` file and SSL certificate `.crt` and `.key` files should be mounted from the host operating system to the `/usr/src/app` directory of the Wannabe container. The environment variables `CONFIG_PATH`, `CERT_PATH`, and `CERT_KEY_PATH` should be set to the paths where the relevant files are mounted. Inside the container, the Wannabe server operates on port 6789, and the API is accessible through port 6790.
+To ensure a successful launch of the application, the configuration `.json` file should be present at the defined `CONFIG_PATH` environment variable. In case of using your own custom SSL certificate, the certificate `.crt` and key `.key` files should be present at the defined `CERT_PATH` and `CERT_KEY_PATH` environment variables. Inside the container, the Wannabe server operates on port 6789, and the API is accessible through port 6790.
 
 ```
 // pull the latest Wannabe image from Docker Hub
 docker pull trco/wannabe
 ```
 
 ```
-// run Wannabe container using config.json and SSL certificate files wannabe.crt and wannabe.key
+// example of running Wannabe container using config.json and custom SSL certificate files
 docker run -d \
 -p 6789:6789 \
 -p 6790:6790 \
 -v $(pwd)/config.json:/usr/src/app/config.json \
--v $(pwd)/wannabe.crt:/usr/src/app/wannabe.crt \
--v $(pwd)/wannabe.key:/usr/src/app/wannabe.key \
+-v $(pwd)/custom_certificate_wannabe.crt:/usr/src/app/custom_certificate_wannabe.crt \
+-v $(pwd)/custom_certificate_wannabe.key:/usr/src/app/custom_certificate_wannabe.key \
 -e CONFIG_PATH=/usr/src/app/config.json \
--e CERT_PATH=/usr/src/app/wannabe.crt \
--e CERT_KEY_PATH=/usr/src/app/wannabe.key \
+-e CERT_PATH=/usr/src/app/custom_certificate_wannabe.crt \
+-e CERT_KEY_PATH=/usr/src/app/custom_certificate_wannabe.key \
 --name wannabe \
 trco/wannabe
 ```
@@ -630,4 +636,5 @@ Your pull request will be reviewed, and you may be asked to make further changes
 If you're eager to contribute to Wannabe but aren't sure where to begin, we've got you covered! You can dive right in by exploring our open issues or checking out our existing "next step" ideas. Simply head over to the Issues tab to get started!
 
 ## Author
-Uroš Trstenjak (Trčo), [github.com/trco](https://github.com/trco), [Connect on LinkedIn](https://www.linkedin.com/in/uros-trstenjak/).
+Uroš Trstenjak (Trčo), [github.com/trco](https://github.com/trco), [Connect on LinkedIn](https://www.linkedin.com/in/uros-trstenjak/).
+

certs/wannabe.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID4zCCAsugAwIBAgIUQvv/g/5gqGNnRo1mRQwI4f7Nc/QwDQYJKoZIhvcNAQEL
+BQAwgYAxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQK
+DBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEDAOBgNVBAMMB3dhbm5hYmUxJzAl
+BgkqhkiG9w0BCQEWGHVyb3MudHJzdGVuamFrQGdtYWlsLmNvbTAeFw0yNDEwMjEx
+ODIwMzlaFw0zNDEwMTkxODIwMzlaMIGAMQswCQYDVQQGEwJBVTETMBEGA1UECAwK
+U29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRAw
+DgYDVQQDDAd3YW5uYWJlMScwJQYJKoZIhvcNAQkBFhh1cm9zLnRyc3Rlbmpha0Bn
+bWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDoKOkiHVgu
+NjC/HNvhMZwjPstSbndgpvaXxrDhSjtE6yWjF+HNRcpY1CxQcBSrTpP3KIzksdTY
+omE0MyY7c/iwP6VQopk1Y+y2MXhzcOvxYJs/2iM+7ou4X3IknN39+dJMcZgv5HW+
+lwHrJrLs8HM5MJdTWWs9ynd/44rmIDNHCytxhv55f1G7rP2fVGDwVVU2O0I5q/ET
+adn/w0CIDBWovjlPtp0LARZRLWwvedAh7FayusqLl3z5KW2CqiZz4LrEMN3mYYY8
+eQtZ1PS4FEkdUIrC0Pt+ZLXPExB41eLpIUvGY3rd973ObWuBZBBnTjkM+Uc5adlY
+ZTxgdyOgHMxdAgMBAAGjUzBRMB0GA1UdDgQWBBQ2DXEkxQnHGrs4lx+uZeEudOB+
++zAfBgNVHSMEGDAWgBQ2DXEkxQnHGrs4lx+uZeEudOB++zAPBgNVHRMBAf8EBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCzpr+vDTJT08PPl0jjTuAA0ZahxT1/UpZA
+38anDY5g3felgOudgOdRR+bC95vic9YN3gl424iXWSXrIGxpWpibaT36TpDTXAXe
+s5H86S5CwNzuTog3em19PHXMrq3jv/nnwm1o6BPh9aQAarp7rmxq1uGlJMq4bjpu
+aJEM1tF6zd7fv9CfE7FM3o94vtBo+6gvbccoB4mJNxm8NVRD150Orb6NcSnnobbo
+s+FNbLq1RHYcBsWgpgb1EcB/kqNpZZ7Yf3FcUl1v51LP9XXznV84/2BTSvrInN5x
+XvVluktbNA3oPMxlqR05/zY+83YyQvLz+f3cZrVkyXdWCT+VdM2N
+-----END CERTIFICATE-----

certs/wannabe.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDoKOkiHVguNjC/
+HNvhMZwjPstSbndgpvaXxrDhSjtE6yWjF+HNRcpY1CxQcBSrTpP3KIzksdTYomE0
+MyY7c/iwP6VQopk1Y+y2MXhzcOvxYJs/2iM+7ou4X3IknN39+dJMcZgv5HW+lwHr
+JrLs8HM5MJdTWWs9ynd/44rmIDNHCytxhv55f1G7rP2fVGDwVVU2O0I5q/ETadn/
+w0CIDBWovjlPtp0LARZRLWwvedAh7FayusqLl3z5KW2CqiZz4LrEMN3mYYY8eQtZ
+1PS4FEkdUIrC0Pt+ZLXPExB41eLpIUvGY3rd973ObWuBZBBnTjkM+Uc5adlYZTxg
+dyOgHMxdAgMBAAECggEASKkROkej4ya7v/zIxqTvwMo0+ZIwU7Q95ofdsU052pqc
+F3zwg34N1Bpn2i8SEQGRZuAupJ8RxlGgCaXel+n2kjcBRwj02ZRyMB2wnLTha5T4
+UhY0RMyFN0nMIDBmfEhVrO46mvaucV2y0IW2p1ikP2h5XDFW0qqNFx5AyUCXu+pm
+6JnPdJOmYWPpfhnI61/ILkjy2bwmKRZhybjNfZ9daZUlHO9Id19wPxpaKJEoIuQm
+7CZ9mZTbVXBC4UkJcVx5kJtp1SE8M6yqNP4H+xejlGRS9WhRzR9co+Gnvt6XB0kP
+OssnPmW8GR/tCC53fg+RE+neTBRWfismLpalqmxMEwKBgQD4Jjdc2X1Rmh1Ki/dW
+rOOVl5E4evhFn78i6HW6mr6kZqNvpyBL89qwamAScRifsM0rka90FGZm3UfrM8Ze
+sXnYV4SxoVKLSBaSIy+/iIezBF2YEh854GAaZ+DFj0kSy4W4+EUk1yKCVdwnNIR4
+mlhupglUQ+U75fkySKLRYAgJhwKBgQDvgTG20ziyuxvncebtgXV8X1Qphmajt44/
+f6jxQBVPP6n3DnTwJmvjwen1pHP9MFlZncW0SGukH9FBSfExv2UhwEaGFlrA24yt
+xj8aRoy/FYMCccAM68CtT13uH5tBJ+Wj/jiR+kPZh5Tgxuq+Dc9EU8rcFrC4phc9
+j5qBzSIj+wKBgQD0HtyOGmQf2CaCxOlhupn1+3LhBpCiJgKqO9g96KguIc8dM2Qh
+dFerACtdWSepSgy9lQfvgXYwMfbjmz7Gv4An5gljmloTLasOv1Dk81LUOTI+PW28
+yVCiCZlloY140QHPs2aKVJ7da8w2QYMlBmqDCBLbdCPa5mZeInkS0490lwKBgQDh
+SAfILaQeUmur53LNIsGs7EpRCO/QvV6bEeyKiLnComKwVbPfFHTVdlgoS7kihfD1
+n7cQnjJJ3ffJztCF978b4S01AR/6WklYR6qhf4zyTDy/9tksDjFdk9MJokc6IVob
+SIxTmzFpEuQSDmlNvdWhMqQVI261MN2ZdVNjFt4vMwKBgEGUQVLRtX4+YZjMhDJV
+qZxGJiJrDTGsMHMDDbW5+RTdpYrSK9LmGylMoQ4Wd2eqLjiiWycZneai8G/EvEV9
+xp6Lume+1Gl9vU9h9NzehlIYVRX5OXKClI6QKkarA7WPvhThOWg9HgrHkE4x3x1z
+1yaH1DMFDGgmIhbk5WnIirF1
+-----END PRIVATE KEY-----

internal/config/load_config.go

@@ -34,23 +34,13 @@ func LoadConfig() (Config, error) {
 }
 
 func getConfigPath() (string, error) {
-	var configPath string
-
-	if os.Getenv(RunningInContainer) == "" {
-		// check if config.json exists
-		_, err := os.Stat("config.json")
-		if err != nil && !os.IsNotExist(err) {
-			return "", fmt.Errorf("failed checking if config.json file exists in the root folder")
-		} else if os.IsNotExist(err) {
-			return "", nil
-		}
-
-		return "config.json", nil
-	}
-
-	configPath = os.Getenv(ConfigPath)
+	configPath := os.Getenv(ConfigPath)
 	if configPath == "" {
-		return "", fmt.Errorf("%v env variable not set", ConfigPath)
+		configPath = "config.json"
+
+		if _, err := os.Stat(configPath); err != nil {
+			return "", fmt.Errorf("failed loading config file: %v", err)
+		}
 	}
 
 	return configPath, nil

internal/config/load_mitm_config.go

@@ -11,8 +11,10 @@ import (
 )
 
 func LoadMitmConfig() (*mitm.Config, error) {
-	// var certPath, certKeyPath string
 	certPath, certKeyPath, err := getCertPaths()
+	if err != nil {
+		return nil, err
+	}
 
 	tlsCert, err := tls.LoadX509KeyPair(certPath, certKeyPath)
 	if err != nil {
@@ -34,34 +36,23 @@ func LoadMitmConfig() (*mitm.Config, error) {
 }
 
 func getCertPaths() (string, string, error) {
-	var certPath, certKeyPath string
-
-	if os.Getenv(RunningInContainer) == "" {
-		_, err := os.Stat("wannabe.crt")
-		if err != nil {
-			return "", "", fmt.Errorf("failed loading wannabe.crt file: %v", err)
-		}
-		certPath = "wannabe.crt"
+	certPath := os.Getenv(CertPath)
+	if certPath == "" {
+		certPath = "certs/wannabe.crt"
 
-		_, err = os.Stat("wannabe.key")
-		if err != nil {
-			return "", "", fmt.Errorf("failed loading wannabe.key file: %v", err)
+		if _, err := os.Stat(certPath); err != nil {
+			return "", "", fmt.Errorf("failed loading certificate file: %v", err)
 		}
-		certKeyPath = "wannabe.key"
-
-		return certPath, certKeyPath, nil
 	}
 
-	certPath = os.Getenv(CertPath)
-	if certPath == "" {
-		return "", "", fmt.Errorf("%v env variable not set", CertPath)
-	}
+	certKeyPath := os.Getenv(CertKeyPath)
+	if certKeyPath == "" {
+		certKeyPath = "certs/wannabe.key"
 
-	certKeyPath = os.Getenv(CertKeyPath)
-	if certPath == "" {
-		return "", "", fmt.Errorf("%v env variable not set", CertKeyPath)
+		if _, err := os.Stat(certKeyPath); err != nil {
+			return "", "", fmt.Errorf("failed loading key file: %v", err)
+		}
 	}
 
 	return certPath, certKeyPath, nil
-
 }