Adding HTTPS support for REST API interface

Dockerfile

@@ -21,12 +21,14 @@ RUN freshclam --quiet --no-dns --checks=2
 
 # Build go package
 ADD . /go/src/clamav-rest/
+ADD ./server.* /etc/ssl/clamav-rest/
 RUN cd /go/src/clamav-rest && go build -v
 
 COPY entrypoint.sh /usr/bin/
 RUN mv /go/src/clamav-rest/clamav-rest /usr/bin/ && rm -Rf /go/src/clamav-rest
 
 EXPOSE 9000
+EXPOSE 9443
 
 ENV MAX_SCAN_SIZE=100M
 ENV MAX_FILE_SIZE=25M

README.md

@@ -36,10 +36,12 @@ The following image tags are available:
 
 Run clamav-rest docker image:
 ```bash
-docker run -p 9000:9000 -itd --name clamav-rest ajilaag/clamav-rest
+docker run -p 9000:9000 -p 9443:9443 -itd --name clamav-rest ajilaag/clamav-rest
 ```
 
 Test that service detects common test virus signature:
+
+**HTTP**
 ```bash
 $ curl -i -F "file=@eicar.com.txt" http://localhost:9000/scan
 HTTP/1.1 100 Continue
@@ -52,7 +54,22 @@ Content-Length: 56
 { Status: "FOUND", Description: "Eicar-Test-Signature" }
 ```
 
+**HTTPS**
+```bash
+$ curl -i -k -F "file=@eicar.com.txt" https://localhost:9443/scan
+HTTP/1.1 100 Continue
+
+HTTP/1.1 406 Not Acceptable
+Content-Type: application/json; charset=utf-8
+Date: Mon, 28 Aug 2017 20:22:34 GMT
+Content-Length: 56
+
+{ Status: "FOUND", Description: "Eicar-Test-Signature" }
+```
+
 Test that service returns 200 for clean file:
+
+**HTTP**
 ```bash
 $ curl -i -F "file=@clamrest.go" http://localhost:9000/scan
 
@@ -65,6 +82,21 @@ Content-Length: 33
 
 { Status: "OK", Description: "" }
 ```
+**HTTPS**
+```bash
+$ curl -i -k -F "file=@clamrest.go" https://localhost:9443/scan
+
+HTTP/1.1 100 Continue
+
+HTTP/1.1 200 OK
+Content-Type: application/json; charset=utf-8
+Date: Mon, 28 Aug 2017 20:23:16 GMT
+Content-Length: 33
+
+{ Status: "OK", Description: "" }
+```
+
+
 
 ## Status Codes
 - 200 - clean file = no KNOWN infections
@@ -108,7 +140,7 @@ Below is the complete list of available options that can be used to customize yo
 For debugging and maintenance purposes you may want access the containers shell. 
 
 ```bash
-docker exec -it (whatever your container name is e.g. clamav) bash
+docker exec -it (whatever your container name is e.g. clamav-rest) /bin/sh
 ```
 
 # Developing
@@ -118,7 +150,7 @@ Build golang (linux) binary and docker image:
 ```bash
 # env GOOS=linux GOARCH=amd64 go build
 docker build . -t clamav-go-rest
-docker run -p 9000:9000 -itd --name clamav-rest clamav-go-rest
+docker run -p 9000:9000 -p 9443:9443 -itd --name clamav-rest clamav-go-rest
 ```
 
 # References

centos.Dockerfile

@@ -30,12 +30,14 @@ RUN sed -i 's/^Example$/# Example/g' /etc/clamd.d/scan.conf \
 
 # Build go package
 ADD . /go/src/clamav-rest/
+ADD ./server.* /etc/ssl/clamav-rest/
 RUN cd /go/src/clamav-rest/ && go build -v
 
 COPY entrypoint.sh /usr/bin/
 RUN mv /go/src/clamav-rest/clamav-rest /usr/bin/ && rm -Rf /go/src/clamav-rest
 
 EXPOSE 9000
+EXPOSE 9443
 
 RUN freshclam --quiet
 

clamrest.go

@@ -10,6 +10,7 @@ import (
 	"os"
 	"strings"
 	"time"
+
 	"github.com/dutchcoders/go-clamd"
 )
 
@@ -157,6 +158,11 @@ func waitForClamD(port string, times int) {
 
 func main() {
 
+	const (
+		PORT     = ":9000"
+		SSL_PORT = ":9443"
+	)
+
 	opts = make(map[string]string)
 
 	for _, e := range os.Environ() {
@@ -178,10 +184,9 @@ func main() {
 	http.HandleFunc("/scanPath", scanPathHandler)
 	http.HandleFunc("/", home)
 
-	//Listen on port PORT
+	// Start the HTTPS server in a goroutine
-	if opts["PORT"] == "" {
+	go http.ListenAndServeTLS(SSL_PORT, "/etc/ssl/clamav-rest/server.crt", "/etc/ssl/clamav-rest/server.key", nil)
-		opts["PORT"] = "9000"
+
-	}
+	// Start the HTTP server
-	fmt.Printf("Listening on port " + opts["PORT"])
+	http.ListenAndServe(PORT, nil)
-	http.ListenAndServe(":"+opts["PORT"], nil)
+}
-}

docker-compose.yml

@@ -5,4 +5,5 @@ services:
     mem_limit: 1048576000
     image: ajilaag/clamav-rest
     ports:
-      - "9000:9000"
+      - "9000:9000"
+      - "9443:9443"

server.crt

@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB2TCCAV8CCQDifaD7KfcXjzAKBggqhkjOPQQDBDBWMQswCQYDVQQGEwJDSDEQ
+MA4GA1UECAwHTHVjZXJuZTEPMA0GA1UEBwwGU3Vyc2VlMREwDwYDVQQKDAhhamls
+YSBBRzERMA8GA1UECwwIYWppbGEgQUcwHhcNMjAwMjA1MTI1MTQzWhcNMzAwMjAy
+MTI1MTQzWjBWMQswCQYDVQQGEwJDSDEQMA4GA1UECAwHTHVjZXJuZTEPMA0GA1UE
+BwwGU3Vyc2VlMREwDwYDVQQKDAhhamlsYSBBRzERMA8GA1UECwwIYWppbGEgQUcw
+djAQBgcqhkjOPQIBBgUrgQQAIgNiAARqaWNMhncO9fc3bhLHNvcpT+Oml4yXEMX3
+gUXb3SNeyW5dE74x6hxQQ04qIB/UmC5zi+USJmvrbUwm+nFehqBvn5S8aZgeXklL
+MpKFzXepzsgHIisYG3U943+7Fj6m67cwCgYIKoZIzj0EAwQDaAAwZQIxAKatG/Zw
+TR2yYRPExR8bFalQYle1JqNbHcfv8p2bqb9+ISqIaXmJde5S+5gvez0VOwIwKIpE
+gteclRk6IQy9NKxCsoflcMwXI4r45Tffi3PV7x2O4rMbPGVwyk4IGms9hb+S
+-----END CERTIFICATE-----

server.key

@@ -0,0 +1,9 @@
+-----BEGIN EC PARAMETERS-----
+BgUrgQQAIg==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDBZM2J/UKtGWJ5iu/VWRb5tUt2G41EcQKrgmrJT473hackaLP0C1peI
+ubjs6qbBmaigBwYFK4EEACKhZANiAARqaWNMhncO9fc3bhLHNvcpT+Oml4yXEMX3
+gUXb3SNeyW5dE74x6hxQQ04qIB/UmC5zi+USJmvrbUwm+nFehqBvn5S8aZgeXklL
+MpKFzXepzsgHIisYG3U943+7Fj6m67c=
+-----END EC PRIVATE KEY-----