addTlsSupport

Author: yckj0834

Makefile

@@ -45,7 +45,21 @@ clean:
 	rm -f 1.db
 	rm -f tty/asset.go
 	rm -f showme
+	rm -f *.crt
+	rm -f *.key
+	rm -f *.csr
+	rm -f tls/*
 
 .PHONY: windows
 windows: asset
-	CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build
+	CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build
+
+.PHONY: crt csr key
+crt: csr
+	openssl x509 -req -sha256 -days 3650 -in tls/server.csr -signkey tls/server.key -out tls/server.crt
+
+csr: key
+	openssl req -nodes -new -key tls/server.key -subj "/CN=www.lflxp.cn" -out tls/server.csr
+
+key: clean
+	openssl genrsa -out tls/server.key 2048

cmd/tty.go

@@ -21,6 +21,9 @@ import (
 )
 
 var (
+	enableTLS      bool
+	crtPath        string
+	keyPath        string
 	isProf         bool
 	isXsrf         bool
 	isAudit        bool
@@ -31,6 +34,7 @@ var (
 	username       string
 	password       string
 	port           string
+	host           string
 )
 
 // ttyCmd represents the tty command
@@ -40,7 +44,7 @@ var ttyCmd = &cobra.Command{
 	Long: `showme tty [flags] [command] [args]
 eg: showme tty -w -r showme proxy http`,
 	Run: func(cmd *cobra.Command, args []string) {
-		tty.ServeGin(port, username, password, args, isDebug, isReconnect, isPermitWrite, isAudit, isXsrf, isProf, MaxConnections)
+		tty.ServeGin(host, port, username, password, crtPath, keyPath, args, isDebug, isReconnect, isPermitWrite, isAudit, isXsrf, isProf, enableTLS, MaxConnections)
 	},
 }
 
@@ -58,12 +62,16 @@ func init() {
 	// ttyCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
 	ttyCmd.Flags().StringVarP(&username, "username", "u", "", "BasicAuth 用户名")
 	ttyCmd.Flags().StringVarP(&password, "password", "p", "", "BasicAuth 密码")
-	ttyCmd.Flags().StringVarP(&port, "port", "P", "8080", "http port")
+	ttyCmd.Flags().StringVarP(&host, "host", "H", "0.0.0.0", "http bind host")
+	ttyCmd.Flags().StringVarP(&port, "port", "P", "8080", "http bind port")
 	ttyCmd.Flags().BoolVarP(&isDebug, "debug", "d", false, "debug log mode")
 	ttyCmd.Flags().BoolVarP(&isReconnect, "reconnect", "r", false, "是否自动重连")
 	ttyCmd.Flags().BoolVarP(&isPermitWrite, "write", "w", false, "是否开启写入模式")
 	ttyCmd.Flags().BoolVarP(&isAudit, "audit", "a", false, "是否开启审计")
 	ttyCmd.Flags().BoolVarP(&isXsrf, "xsrf", "x", false, "是否开启xsrf,默认开启")
 	ttyCmd.Flags().BoolVarP(&isProf, "prof", "f", false, "是否开启pprof性能分析")
+	ttyCmd.Flags().BoolVarP(&enableTLS, "tls", "t", false, "是否开启https")
+	ttyCmd.Flags().StringVarP(&crtPath, "crt", "c", "./server.crt", "*.crt文件路径")
+	ttyCmd.Flags().StringVarP(&keyPath, "key", "k", "./server.key", "*.key文件路径")
 	ttyCmd.Flags().Int64VarP(&MaxConnections, "maxconnect", "m", 0, "最大连接数")
 }

go.mod

@@ -45,6 +45,7 @@ require (
 	github.com/spf13/viper v1.3.2
 	github.com/tatsushid/go-fastping v0.0.0-20160109021039-d7bb493dee3e
 	github.com/ugorji/go/codec v1.1.7
+	github.com/unrolled/secure v1.0.7
 	go.etcd.io/bbolt v1.3.3 // indirect
 	golang.org/x/net v0.0.0-20191004110552-13f9640d40b9
 	golang.org/x/text v0.3.2 // indirect

go.sum

@@ -38,6 +38,8 @@ github.com/cloudflare/golz4 v0.0.0-20150217214814-ef862a3cdc58/go.mod h1:EOBUe0h
 github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I=
 github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
 github.com/codahale/chacha20 v0.0.0-20151107025005-ec07b4f69a3f/go.mod h1:2EU+1emidIWL7uTbVXfPFlgYxYo3TGHz+ElH1Tp5GT0=
+github.com/codegangsta/negroni v1.0.0 h1:+aYywywx4bnKXWvoWtRfJ91vC59NbEhEY03sZjQhbVY=
+github.com/codegangsta/negroni v1.0.0/go.mod h1:v0y3T5G7Y1UlFfyxFn/QLRU4a2EuNau2iZY63YTKWo0=
 github.com/coreos/bbolt v1.3.2 h1:wZwiHHUieZCquLkDL0B8UhzreNWsPHooDAG3q34zk0s=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
@@ -264,6 +266,8 @@ github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8 h1:3SVOIvH7Ae1KRYy
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/ugorji/go/codec v1.1.7 h1:2SvQaVZ1ouYrrKKwoSk2pzd4A9evlKJb9oTL+OaLUSs=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
+github.com/unrolled/secure v1.0.7 h1:BcQHp3iKZyZCKj5gRqwQG+5urnGBF00wGgoPPwtheVQ=
+github.com/unrolled/secure v1.0.7/go.mod h1:uGc1OcRF8gCVBA+ANksKmvM85Hka6SZtQIbrKc3sHS4=
 github.com/wendal/errors v0.0.0-20130201093226-f66c77a7882b/go.mod h1:Q12BUT7DqIlHRmgv3RskH+UCM/4eqVMgI0EMmlSpAXc=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/ziutek/mymysql v1.5.4 h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs=

tls/server.crt

@@ -1,17 +1,17 @@
 -----BEGIN CERTIFICATE-----
-MIICpDCCAg2gAwIBAgIJAOy9ytzo9MxUMA0GCSqGSIb3DQEBCwUAMGsxCzAJBgNV
-BAYTAkNOMQswCQYDVQQIDAJDUTELMAkGA1UEBwwCY3ExCzAJBgNVBAoMAnljMQsw
-CQYDVQQLDAJjcTEUMBIGA1UEAwwLd3d3Lmx4cC5jb20xEjAQBgkqhkiG9w0BCQEW
-AzFAMTAeFw0xOTA3MTcwODMzNDlaFw0xOTA4MTYwODMzNDlaMGsxCzAJBgNVBAYT
-AkNOMQswCQYDVQQIDAJDUTELMAkGA1UEBwwCY3ExCzAJBgNVBAoMAnljMQswCQYD
-VQQLDAJjcTEUMBIGA1UEAwwLd3d3Lmx4cC5jb20xEjAQBgkqhkiG9w0BCQEWAzFA
-MTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2whb1N8cXTDgZxuJu6tTQoed
-XiTg6mVAng4tKCavtE8ESJ09BMgceiKXg7UsUTqDg6DOCqqKuI4/lc99Nl/fBp+u
-EAkedA0t899OifjUz9gPlSK7XXnjwmFwip8U8A+ogb+oDBnZzge7vanslZQTwTF7
-Aj2C3T5c4yAXIAFZKNUCAwEAAaNQME4wHQYDVR0OBBYEFGm/iwSVvPMyYEMByD3Z
-43mKs5XcMB8GA1UdIwQYMBaAFGm/iwSVvPMyYEMByD3Z43mKs5XcMAwGA1UdEwQF
-MAMBAf8wDQYJKoZIhvcNAQELBQADgYEAa2mfKk/f3b1HKOLHDjJe0NH9liAe6/0G
-o/SCY8BBKWkYoG6Tz56o5I3KtadgXTCrc3gu0TwhXh4lKpT82U1BuKxdwKnNaMjD
-c8WPOy2SGyCda9916ZoC2w8OXnVgkHe7QWwmjTE+qBEA2BOdlBl2X8ixqhtOJkQh
-V/of3OnlsPU=
+MIICtTCCAZ0CFCRiP06HWBrWzUKwBC40sHjGKjkRMA0GCSqGSIb3DQEBCwUAMBcx
+FTATBgNVBAMMDHd3dy5sZmx4cC5jbjAeFw0yMDAzMTcwNDE1NDlaFw0zMDAzMTUw
+NDE1NDlaMBcxFTATBgNVBAMMDHd3dy5sZmx4cC5jbjCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAOnFIzYwOg2bxfedrkmJbBBf2z7g6X4k7n6puduY4Db0
+8wRYChfftQ8V9LfTxReGaeJZMIcJKMmSUiSm/E9Hs52R2wSq3SXOYj4123XUB7u7
+yK3Bm6ldGIlYpGgePM6O7kO32llRPeMIZzgZ1NRelDrKFJ+/67pN9trV4sMjoV8s
+SUHp1mw2dAj2IVwCROtOvjMa4WuqY0UsND6n4p5Xp6gAYAi/yneurZL7yC9iA/zV
+AKN8sdxP4ahlwW0XbZqSv+1VYI3lmS2CE1Z2qyvQRDqAbu/9W+uuPPoZ7FKD8NTT
+3Sz3iBUpUhUGuQfoG1eKxvMl5n+hCscgxdo1AveOM1MCAwEAATANBgkqhkiG9w0B
+AQsFAAOCAQEAOO0Ftslt1N54RiXGaXVGFVY9R9PtgFY5qpssVlDIS08e8+V3PfDW
+76/JyguIMYo2LIO6sDyR83YstlPXRWN1eIaDBbQpBG2A7vk4+KH+Jm/5E6FMOEDv
+2Dsb6q8f2XAffFY8Ko/gbmGmX5U/fjVpqSoPaUmTH2/nABcMAKq1J3kugh04Gqid
+up0rjI66viagUfhN8P/0KMsxxSWctWOxyOe1YuLPrA6e1hj+lEhZAoJLIGQjKKvS
+GRAhoK/zG5Q7LUPAsE9dO4vThZckXv1+1fNTT6w6UxGZD50Wgdv7klIAvkqcvxKX
+P1uv51Sx4idM8SIZcMKKWdH3ZNvwrC1yzw==
 -----END CERTIFICATE-----

tls/server.csr

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICXDCCAUQCAQAwFzEVMBMGA1UEAwwMd3d3LmxmbHhwLmNuMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6cUjNjA6DZvF952uSYlsEF/bPuDpfiTufqm5
+25jgNvTzBFgKF9+1DxX0t9PFF4Zp4lkwhwkoyZJSJKb8T0eznZHbBKrdJc5iPjXb
+ddQHu7vIrcGbqV0YiVikaB48zo7uQ7faWVE94whnOBnU1F6UOsoUn7/ruk322tXi
+wyOhXyxJQenWbDZ0CPYhXAJE606+Mxrha6pjRSw0PqfinlenqABgCL/Kd66tkvvI
+L2ID/NUAo3yx3E/hqGXBbRdtmpK/7VVgjeWZLYITVnarK9BEOoBu7/1b6648+hns
+UoPw1NPdLPeIFSlSFQa5B+gbV4rG8yXmf6EKxyDF2jUC944zUwIDAQABoAAwDQYJ
+KoZIhvcNAQELBQADggEBAJLvXTK73yzF0r3m6vatjnO4ozj4qW/aEytKaYFyOPnF
+aQtbpCLsmGwWjt4sFMkcRUFV2OzJs70E6rfrchdk/shWdmXdi7vm6oJPYUHzOaW7
+D0GKicOHGVx8bEOz2gewzkouH9rnkNIM5bR0cXP4BbKad9nLc605TzH73NcU4652
+bOHRQEtagCyGH275xyXqg+IlO9qZeo5jxSFWo6eJLcO5xqSg7w8ETVcXO2UvEJgr
+H8d1wwo9uf4D4XBpgVLVsTcibD04GjP+8SQbtTmQQ38JqM15eaJY2zgKvOLA7lFW
+4UnMi1H0MypLWtiuiN3lLZ5OjFCbnXlWq61tBaJOzU0=
+-----END CERTIFICATE REQUEST-----

tls/server.key

@@ -1,16 +1,27 @@
------BEGIN PRIVATE KEY-----
-MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANsIW9TfHF0w4Gcb
-iburU0KHnV4k4OplQJ4OLSgmr7RPBEidPQTIHHoil4O1LFE6g4OgzgqqiriOP5XP
-fTZf3wafrhAJHnQNLfPfTon41M/YD5Uiu11548JhcIqfFPAPqIG/qAwZ2c4Hu72p
-7JWUE8ExewI9gt0+XOMgFyABWSjVAgMBAAECgYEA0jnlmh1CphdhatU9j0jTMwni
-+xc+YPsp2AoXQXBQOCmXHPL+O/atjnRhJGLh1FzrGY1f9VDWsGinkuyBa4z9CyHp
-TNCD0pvDrYpMT8sBiueqmkjUAsCyqzZJ/t2sMC7EdAC5JaAl8qqpHIhCYIzOkZjW
-emlrag01TapYZMy+dgkCQQDuv7/jnsTJgsDCgIaRt/5o1YLry128anQue+gze7Hw
-Keavwt7ECSVONueR+QXzct95AjTgFh5q7AicOtfIacKTAkEA6tvoCHQ0AeIKDmXu
-Z8AK89LcUwa11mAY69F9q9DtM/JnwuGgdQQdVsLv26xzJnCOFHttHTIPi1WXIN2p
-REr/9wJAbMScxjVRz8Aq0zG8nOxnEhmbgJLwzGLvNTIr8jB7Oz/Loe00kbjc7woi
-a6U4qdV+q+Fud1x8VRfdQFeqcNqF0wJBAIp1vRUG1QZrKbyVUXkvGgXnQWddZGSP
-YQHeDrX1xXJDrfKRrFRwaY+V+2zJ/VUjNFBU994nfkyJ2EBTDhCqGr8CQFElCtEZ
-c32Y7bmb+IJw64RuvgwnD5UuvfeTri8yNR0W1KU6aVaV2HFCBMzLLEhIIGJOVLJB
-h2fuMCPMc3RNLck=
------END PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA6cUjNjA6DZvF952uSYlsEF/bPuDpfiTufqm525jgNvTzBFgK
+F9+1DxX0t9PFF4Zp4lkwhwkoyZJSJKb8T0eznZHbBKrdJc5iPjXbddQHu7vIrcGb
+qV0YiVikaB48zo7uQ7faWVE94whnOBnU1F6UOsoUn7/ruk322tXiwyOhXyxJQenW
+bDZ0CPYhXAJE606+Mxrha6pjRSw0PqfinlenqABgCL/Kd66tkvvIL2ID/NUAo3yx
+3E/hqGXBbRdtmpK/7VVgjeWZLYITVnarK9BEOoBu7/1b6648+hnsUoPw1NPdLPeI
+FSlSFQa5B+gbV4rG8yXmf6EKxyDF2jUC944zUwIDAQABAoIBAGQVLIAUoaYV3Omo
+Lmf5V7Si9WC0NgL1mM3NqG6lwsiEkk53yspx0jiFM+JH3ge2Wjq36JjHiRjTdiuO
++lKO5g091sDmzgtTkqgDstN9VVpAiSgqzZPy8YBL3QdeerYMZ2HCos6+g3phrJ9O
+H9pUK64HulCygB+hJWCHVbAp3vq5T5F80vAgQoivUXqnKqfIlxUsNGJCjFUr/1O5
+FaOoc5gaDjR0NV7Av+5IHUjvLTAcNes77aLOZD9BrXWNp4pa8+vpmd16WmIl7nqj
+Yx1D7jOty8+gTrXWQorRNftMXcifATB2b6JjQoI+hl8AxiMqgRX1NGc/5MwLKAnT
+JVOnkvECgYEA+xIFeLPs11v8popBdCLtJGkf/eAXFHjhP8EbLuJTZw2Ue70lZkh5
+wIY18TDUF4y5I9cm9/P+2k53jWMorfW1Dt4XgvIcoi7p6nkczJVBcS7HvxOtYq2c
+mH0MXyWKePH9po1VfonEq3Q8UqUp1zuQx2wJKjU7XlX/9hUR3e6xLcUCgYEA7lwo
+bUuANClH2mJJ/c9XMQelcBrLeC/VCE9qRirMgwVEJSAh/kLSeOR7IwYa1Tb/k/Uj
+e1QkqI58M7ekgZCD2sjdIq9vn9HUUTlNs0xQ2/2m/brO4oEVq/8uWpsm9/7lFk+1
+49+QCUflRgSqLtUv4ceLAR4bVMeM/AfSln4rxjcCgYAqgyWsB4NOAARqyrREjvlq
+leZV3ZDq5YD2g6MvsCEBLRp8TU284P7Eq7UMjwEKr8hVmkO97nGz01+I8EZeFmG/
+D7oZcReKGrl++1z2Azveh1ZJM3LDZ7RBWcMzhS7KRed2QS49y+QiR/9C2zaXfD2K
+lu+CVxsjYRqDN5Qb6SPVJQKBgQDbTF7Fb5lcZD5/Zb69jW2i5m4HXh+lTByrsKUO
+OYI/aTDxF0cvLzuFjnDcIFm/oQIzlm42oYu4qJ8M1gC8U8F8ISGTL+V7HQpCUH50
+X9plDFH/T0fYjPrra7OyGN0ZfaI3jM7EAIP8hfEjIleRDwMmrvfs504uCgpkNq5B
+V4PesQKBgQC4JhrE+y8pgt+FIvOVbwrAjOrm4MgJALpepHeJSquinSIyvxXIuPtZ
+egj2xEyV12YGAc9ZKfK6ny/1SXkgqtOXC3vPzomIRgUmNyosHK7FAqfSOd0oYW9+
+bUE1gej6asp/pJwPRJnB2S5mbHIcfZGo6f1tyrkjaigWmIVBd1pQUA==
+-----END RSA PRIVATE KEY-----

tty/Xtermjs.go

@@ -23,11 +23,13 @@ const (
 )
 
 type Options struct {
-	PermitWrite    bool
-	MaxConnections int64
-	CloseSignal    int
-	Audit          bool
-	Xsrf           bool
+	PermitWrite      bool
+	MaxConnections   int64
+	CloseSignal      int
+	Audit            bool
+	Xsrf             bool
+	EnableTLS        bool
+	CrtPath, KeyPath string
 }
 
 // 原本是命令端http server管理，这里后期可以改成gin server管理

tty/asset.go

@@ -195,10 +195,10 @@
 
       {{if .Reconnect}}
         console.log("Recoonect Mode")
-        ws = new ReconnectingWebSocket('ws://' + window.location.host + '/ws')
+        ws = new ReconnectingWebSocket('{{.Protocol}}://' + window.location.host + '/ws')
       {{- else}}
         console.log("Once Mode")
-        ws = new WebSocket('ws://' + window.location.host + '/ws')
+        ws = new WebSocket('{{.Protocol}}://' + window.location.host + '/ws')
       {{- end}}
 
       ws.onopen = () => {

tty/static/xterm3.html

@@ -14,6 +14,7 @@ import (
 	"time"
 
 	"github.com/DeanThompson/ginpprof"
+	"github.com/unrolled/secure"
 
 	"github.com/chenjiandongx/ginprom"
 	assetfs "github.com/elazarl/go-bindata-assetfs"
@@ -44,7 +45,7 @@ var upGrader = websocket.Upgrader{
 	},
 }
 
-func ServeGin(port, username, password string, cmds []string, isdebug, isReconnect, isPermitWrite, isAudit, isXsrf, isProf bool, MaxConnections int64) {
+func ServeGin(host, port, username, password, crtpath, keypath string, cmds []string, isdebug, isReconnect, isPermitWrite, isAudit, isXsrf, isProf, enabletls bool, MaxConnections int64) {
 	if isdebug {
 		// 设置日志级别为warn以上
 		log.SetLevel(log.DebugLevel)
@@ -65,6 +66,10 @@ func ServeGin(port, username, password string, cmds []string, isdebug, isReconne
 	// 使用 Recovery 中间件
 	router.Use(gin.Recovery())
 
+	if enabletls {
+		router.Use(TlsHandler(host, port))
+	}
+
 	// 判断cmds输入，为空默认设置为bash
 	if len(cmds) == 0 {
 		cmds = append(cmds, "bash")
@@ -79,6 +84,9 @@ func ServeGin(port, username, password string, cmds []string, isdebug, isReconne
 			MaxConnections: MaxConnections,
 			Audit:          isAudit,
 			Xsrf:           isXsrf,
+			EnableTLS:      enabletls,
+			CrtPath:        crtpath,
+			KeyPath:        keypath,
 		},
 		Title:       "Showme",
 		Connections: &connections,
@@ -208,6 +216,12 @@ func ServeGin(port, username, password string, cmds []string, isdebug, isReconne
 	indexhtml.Add("index", t)
 	router.HTMLRender = indexhtml
 	apiGroup.GET("/", func(c *gin.Context) {
+		var protocol string
+		if xterm.Options.EnableTLS && utils.IsPathExists(xterm.Options.CrtPath) && utils.IsPathExists(xterm.Options.KeyPath) {
+			protocol = "wss"
+		} else {
+			protocol = "ws"
+		}
 		newXsrf := utils.GetRandomSalt()
 		log.WithField("tty.go", "212").Debugf("%s xsrftoken %s", c.Request.RemoteAddr, newXsrf)
 		if !xterm.Options.Xsrf {
@@ -222,6 +236,7 @@ func ServeGin(port, username, password string, cmds []string, isdebug, isReconne
 			"Conn":      *xterm.Connections + 1,
 			"Cmd":       strings.Join(cmds, " "),
 			"Xsrf":      newXsrf,
+			"Protocol":  protocol,
 		})
 	})
 
@@ -232,7 +247,7 @@ func ServeGin(port, username, password string, cmds []string, isdebug, isReconne
 	}
 
 	server := &http.Server{
-		Addr:    fmt.Sprintf("0.0.0.0:%s", port),
+		Addr:    fmt.Sprintf("%s:%s", host, port),
 		Handler: router,
 	}
 
@@ -256,18 +271,53 @@ func ServeGin(port, username, password string, cmds []string, isdebug, isReconne
 		log.WithField("tty.go", "256").Println("Server exiting")
 	}()
 
-	ips := utils.GetIPs()
-	for _, ip := range ips {
-		log.WithField("tty.go", "261").Infof("Listening and serving HTTPS on %s:%s", ip, port)
+	if host == "0.0.0.0" {
+		ips := utils.GetIPs()
+		for _, ip := range ips {
+			log.WithField("tty.go", "261").Infof("Listening and serving HTTPS on %s:%s", ip, port)
+		}
+	} else {
+		log.WithField("tty.go", "261").Infof("Listening and serving HTTPS on %s:%s", host, port)
 	}
 
-	if err := server.ListenAndServe(); err != nil {
-		if err == http.ErrServerClosed {
-			log.WithField("tty.go", "266").Println("Server closed under request")
+	if xterm.Options.EnableTLS {
+		if utils.IsPathExists(xterm.Options.CrtPath) && utils.IsPathExists(xterm.Options.KeyPath) {
+			if err := server.ListenAndServeTLS(xterm.Options.CrtPath, xterm.Options.KeyPath); err != nil {
+				if err == http.ErrServerClosed {
+					log.WithField("tty.go", "266").Println("Server closed under request")
+				} else {
+					log.WithField("tty.go", "268").Fatal("Server closed unexpect", err.Error())
+				}
+			}
 		} else {
-			log.WithField("tty.go", "268").Fatal("Server closed unexpect", err.Error())
+			log.WithField("tty.go", "277").Error("EnableTLS is true,but crt or key path is not exists")
+		}
+	} else {
+		if err := server.ListenAndServe(); err != nil {
+			if err == http.ErrServerClosed {
+				log.WithField("tty.go", "266").Println("Server closed under request")
+			} else {
+				log.WithField("tty.go", "268").Fatal("Server closed unexpect", err.Error())
+			}
 		}
 	}
 
 	log.WithField("tty.go", "272").Println("Server exiting")
 }
+
+func TlsHandler(host, port string) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		secureMiddleware := secure.New(secure.Options{
+			SSLRedirect: true,
+			SSLHost:     fmt.Sprintf("%s:%s", host, port),
+		})
+		err := secureMiddleware.Process(c.Writer, c.Request)
+
+		// If there was an error, do not continue.
+		if err != nil {
+			return
+		}
+
+		c.Next()
+	}
+}

tty/tty.go

@@ -173,3 +173,14 @@ func GetIPs() (ips []string) {
 	}
 	return ips
 }
+
+func IsPathExists(path string) bool {
+	_, err := os.Stat(path)
+	if err == nil {
+		return true
+	}
+	if os.IsNotExist(err) {
+		return false
+	}
+	return false
+}