enable encryption with the '-tls' flag

* to enable https, start zfs-snap-diff per:

    zfs-snap-diff -tls -cert <CERT_FILE> -key <KEY_FILE> <ZFS_NAME>

* to create a self signed key / certificate use:

    openssl genrsa -out server.key 2048
    openssl req -new -x509 -sha256 -key server.key -out server.pem -days 3650

  and start zfs-snap-diff per:

    zfs-snap-diff -tls -cert server.pem -key server.key <ZFS_NAME>

Author: j-keck

main.go

@@ -24,8 +24,12 @@ var (
 	logError  *log.Logger
 )
 
-// FrontendConfig hold the configuration for the ui
-type FrontendConfig map[string]interface{}
+type webServerConfig struct {
+	useTLS   bool
+	certFile string
+	keyFile  string
+}
+type frontendConfig map[string]interface{}
 
 func main() {
 	// formate help
@@ -37,6 +41,9 @@ func main() {
 
 	// define flags / parse flags
 	portFlag := flag.Int("p", 12345, "web server port")
+	useTLSFlag := flag.Bool("tls", false, "use TLS - NOTE: -cert <CERT_FILE> -key <KEY_FILE> are mandatory")
+	certFileFlag := flag.String("cert", "", "certificate file for TLS")
+	keyFileFlag := flag.String("key", "", "private key file for TLS")
 	listenOnAllInterfacesFlag := flag.Bool("a", false, "listen on all interfaces")
 	printVersionFlag := flag.Bool("V", false, "print version and exit")
 	verboseLoggingFlag := flag.Bool("v", false, "verbose logging")
@@ -68,12 +75,31 @@ func main() {
 
 	// abort if zfs name is missing
 	if len(zfsName) == 0 {
-		fmt.Println("parameter <ZFS_NAME> missing")
+		fmt.Println("ABORT: parameter <ZFS_NAME> missing")
 		fmt.Println()
 		flag.Usage()
 		os.Exit(1)
 	}
 
+	// validate args for tls
+	if *useTLSFlag {
+		if len(*certFileFlag) == 0 || len(*keyFileFlag) == 0 {
+			fmt.Println("ABORT: parameter -cert <CERT_FILE> -key <KEY_FILE> are mandatory")
+			os.Exit(1)
+		}
+
+		if _, err := os.Stat(*certFileFlag); os.IsNotExist(err) {
+			fmt.Printf("ABORT: cert file '%s' not found\n", *certFileFlag)
+			os.Exit(1)
+		}
+
+		if _, err := os.Stat(*keyFileFlag); os.IsNotExist(err) {
+			fmt.Printf("ABORT: key file '%s' not found\n", *keyFileFlag)
+			os.Exit(1)
+		}
+	}
+	webServerCfg := webServerConfig{*useTLSFlag, *certFileFlag, *keyFileFlag}
+
 	// initialize zfs handler
 	var err error
 	zfs, err = NewZFS(zfsName, *useSudoFlag)
@@ -87,9 +113,12 @@ func main() {
 	var addr string
 	if *listenOnAllInterfacesFlag {
 		fmt.Println("")
-		fmt.Println("!! ** WARNING **                            !!")
-		fmt.Println("!! LISTEN ON ALL INTERFACES                 !!")
-		fmt.Println("!! CURRENTLY NO ENCRYPTION / AUTHENTICATION !!")
+		fmt.Println("!! ** WARNING **                !!")
+		fmt.Println("!! LISTEN ON ALL INTERFACES     !!")
+		fmt.Println("!! CURRENTLY NO AUTHENTICATION  !!")
+		if !*useTLSFlag {
+			fmt.Println("\nHINT: USE -tls -cert <CERT_FILE> -key <KEY_FILE> to enable encryption!")
+		}
 		fmt.Println("")
 		addr = fmt.Sprintf(":%d", *portFlag)
 	} else {
@@ -106,20 +135,19 @@ func main() {
 	}
 
 	// frontend-config
-	frontendConfig := FrontendConfig{
+	frontendCfg := frontendConfig{
 		"diffContextSize":   *diffContextSizeFlag,
 		"defaultFileAction": *defaultFileActionFlag,
 		"compareFileMethod": *compareFileMethodFlag,
 		"datasets":          zfs.Datasets,
 	}
 	if *scanSnapLimitFlag >= 0 {
 		// only add positive values - negative values: scan all snapshots
-		frontendConfig["scanSnapLimit"] = *scanSnapLimitFlag
+		frontendCfg["scanSnapLimit"] = *scanSnapLimitFlag
 	}
 
 	// startup web server
-	logInfo.Printf("start server and listen on: '%s'\n", addr)
-	listenAndServe(addr, frontendConfig)
+	listenAndServe(addr, webServerCfg, frontendCfg)
 }
 
 func initLogHandlers(debugHndl, infoHndl, noticeHndl, warnHndl, errorHndl io.Writer) {

web.go

@@ -19,8 +19,8 @@ var mimeTypes = map[string]string{
 }
 
 // registers response handlers and starts the web server
-func listenAndServe(addr string, frontendConfig FrontendConfig) {
-	http.HandleFunc("/config", configHndl(frontendConfig))
+func listenAndServe(addr string, webServerCfg webServerConfig, frontendCfg frontendConfig) {
+	http.HandleFunc("/config", configHndl(frontendCfg))
 	http.HandleFunc("/snapshots-for-dataset", snapshotsForDatasetHndl)
 	http.HandleFunc("/snapshots-for-file", snapshotsForFileHndl)
 	http.HandleFunc("/snapshot-diff", snapshotDiffHndl)
@@ -38,11 +38,18 @@ func listenAndServe(addr string, frontendConfig FrontendConfig) {
 	} else {
 		http.HandleFunc("/", serveStaticContentFromBinaryHndl)
 	}
-	logError.Println(http.ListenAndServe(addr, nil))
+
+	if webServerCfg.useTLS {
+		logInfo.Printf("start server and listen on: 'https://%s'\n", addr)
+		logError.Println(http.ListenAndServeTLS(addr, webServerCfg.certFile, webServerCfg.keyFile, nil))
+	} else {
+		logInfo.Printf("start server and listen on: 'http://%s'\n", addr)
+		logError.Println(http.ListenAndServe(addr, nil))
+	}
 }
 
 // frontend-config
-func configHndl(config FrontendConfig) http.HandlerFunc {
+func configHndl(config frontendConfig) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 
 		// marshal