Added UseTLS config option for both Admin and Phish servers

config.json

@@ -1,10 +1,20 @@
 {
-	"admin_url" : "127.0.0.1:3333",
-	"phish_url" : "0.0.0.0:80",
+	"admin_server" : {
+		"listen_url" : "127.0.0.1:3333",
+		"use_tls" : false,
+		"cert_path" : "example.crt",
+		"key_path" : "example.key"
+	},
+	"phish_server" : {
+		"listen_url" : "0.0.0.0:80",
+		"use_tls" : false,
+		"cert_path" : "example.crt",
+		"key_path": "example.key"
+	},
 	"smtp" : {
 		"host" : "smtp.example.com:25",
 		"user" : "username",
 		"pass" : "password"
 	},
-	"dbpath" : "gophish.db"
-}
+	"db_path" : "gophish.db"
+}

config/config.go

@@ -13,12 +13,28 @@ type SMTPServer struct {
 	Password string `json:"password"`
 }
 
+// AdminServer represents the Admin server configuration details
+type AdminServer struct {
+	ListenURL string `json:"listen_url"`
+	UseTLS    bool   `json:"use_tls"`
+	CertPath  string `json:"cert_path"`
+	KeyPath   string `json:"key_path"`
+}
+
+// PhishServer represents the Phish server configuration details
+type PhishServer struct {
+	ListenURL string `json:"listen_url"`
+	UseTLS    bool   `json:"use_tls"`
+	CertPath  string `json:"cert_path"`
+	KeyPath   string `json:"key_path"`
+}
+
 // Config represents the configuration information.
 type Config struct {
-	AdminURL string     `json:"admin_url"`
-	PhishURL string     `json:"phish_url"`
-	SMTP     SMTPServer `json:"smtp"`
-	DBPath   string     `json:"dbpath"`
+	AdminConf AdminServer `json:"admin_server"`
+	PhishConf PhishServer `json:"phish_server"`
+	SMTPConf  SMTPServer  `json:"smtp"`
+	DBPath    string      `json:"db_path"`
 }
 
 var Conf Config

controllers/api_test.go

@@ -32,7 +32,7 @@ func (s *ControllersSuite) SetupSuite() {
 	}
 	s.Nil(err)
 	// Setup the admin server for use in testing
-	as.Config.Addr = config.Conf.AdminURL
+	as.Config.Addr = config.Conf.AdminConf.ListenURL
 	as.Start()
 	// Get the API key to use for these tests
 	u, err := models.GetUser(1)

gophish.go

@@ -51,14 +51,26 @@ func main() {
 	// Start the web servers
 	go func() {
 		defer wg.Done()
-		Logger.Printf("Starting admin server at http://%s\n", config.Conf.AdminURL)
-		Logger.Fatal(http.ListenAndServe(config.Conf.AdminURL, handlers.CombinedLoggingHandler(os.Stdout, controllers.CreateAdminRouter())))
+		if config.Conf.AdminConf.UseTLS { // use TLS for Admin web server if available
+			Logger.Printf("Starting admin server at https://%s\n", config.Conf.AdminConf.ListenURL)
+			Logger.Fatal(http.ListenAndServeTLS(config.Conf.AdminConf.ListenURL, config.Conf.AdminConf.CertPath, config.Conf.AdminConf.KeyPath,
+				handlers.CombinedLoggingHandler(os.Stdout, controllers.CreateAdminRouter())))
+		} else {
+			Logger.Printf("Starting admin server at http://%s\n", config.Conf.AdminConf.ListenURL)
+			Logger.Fatal(http.ListenAndServe(config.Conf.AdminConf.ListenURL, handlers.CombinedLoggingHandler(os.Stdout, controllers.CreateAdminRouter())))
+		}
 	}()
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		Logger.Printf("Starting phishing server at http://%s\n", config.Conf.PhishURL)
-		Logger.Fatal(http.ListenAndServe(config.Conf.PhishURL, handlers.CombinedLoggingHandler(os.Stdout, controllers.CreatePhishingRouter())))
+		if config.Conf.PhishConf.UseTLS { // use TLS for Phish web server if available
+			Logger.Printf("Starting phishing server at https://%s\n", config.Conf.PhishConf.ListenURL)
+			Logger.Fatal(http.ListenAndServeTLS(config.Conf.PhishConf.ListenURL, config.Conf.PhishConf.CertPath, config.Conf.PhishConf.KeyPath,
+				handlers.CombinedLoggingHandler(os.Stdout, controllers.CreatePhishingRouter())))
+		} else {
+			Logger.Printf("Starting phishing server at http://%s\n", config.Conf.PhishConf.ListenURL)
+			Logger.Fatal(http.ListenAndServe(config.Conf.PhishConf.ListenURL, handlers.CombinedLoggingHandler(os.Stdout, controllers.CreatePhishingRouter())))
+		}
 	}()
 	wg.Wait()
 }