optional https port for s3 (#4482)

Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co>

weed/command/filer.go

@@ -95,6 +95,7 @@ func init() {
 	// start s3 on filer
 	filerStartS3 = cmdFiler.Flag.Bool("s3", false, "whether to start S3 gateway")
 	filerS3Options.port = cmdFiler.Flag.Int("s3.port", 8333, "s3 server http listen port")
+	filerS3Options.portHttps = cmdFiler.Flag.Int("s3.port.https", 0, "s3 server https listen port")
 	filerS3Options.portGrpc = cmdFiler.Flag.Int("s3.port.grpc", 0, "s3 server grpc listen port")
 	filerS3Options.domainName = cmdFiler.Flag.String("s3.domainName", "", "suffix of the host name in comma separated list, {bucket}.{domainName}")
 	filerS3Options.dataCenter = cmdFiler.Flag.String("s3.dataCenter", "", "prefer to read and write to volumes in this data center")

weed/command/s3.go

@@ -32,6 +32,7 @@ type S3Options struct {
 	filer                     *string
 	bindIp                    *string
 	port                      *int
+	portHttps                 *int
 	portGrpc                  *int
 	config                    *string
 	domainName                *string
@@ -51,6 +52,7 @@ func init() {
 	s3StandaloneOptions.filer = cmdS3.Flag.String("filer", "localhost:8888", "filer server address")
 	s3StandaloneOptions.bindIp = cmdS3.Flag.String("ip.bind", "", "ip address to bind to. Default to localhost.")
 	s3StandaloneOptions.port = cmdS3.Flag.Int("port", 8333, "s3 server http listen port")
+	s3StandaloneOptions.portHttps = cmdS3.Flag.Int("port.https", 0, "s3 server https listen port")
 	s3StandaloneOptions.portGrpc = cmdS3.Flag.Int("port.grpc", 0, "s3 server grpc listen port")
 	s3StandaloneOptions.domainName = cmdS3.Flag.String("domainName", "", "suffix of the host name in comma separated list, {bucket}.{domainName}")
 	s3StandaloneOptions.dataCenter = cmdS3.Flag.String("dataCenter", "", "prefer to read and write to volumes in this data center")
@@ -264,18 +266,37 @@ func (s3opt *S3Options) startS3Server() bool {
 			glog.Fatalf("pemfile.NewProvider(%v) failed: %v", pemfileOptions, err)
 		}
 		httpS.TLSConfig = &tls.Config{GetCertificate: s3opt.GetCertificateWithUpdate}
-		glog.V(0).Infof("Start Seaweed S3 API Server %s at https port %d", util.Version(), *s3opt.port)
+		if *s3opt.portHttps == 0 {
-		if s3ApiLocalListener != nil {
+			glog.V(0).Infof("Start Seaweed S3 API Server %s at https port %d", util.Version(), *s3opt.port)
+			if s3ApiLocalListener != nil {
+				go func() {
+					if err = httpS.ServeTLS(s3ApiLocalListener, "", ""); err != nil {
+						glog.Fatalf("S3 API Server Fail to serve: %v", err)
+					}
+				}()
+			}
+			if err = httpS.ServeTLS(s3ApiListener, "", ""); err != nil {
+				glog.Fatalf("S3 API Server Fail to serve: %v", err)
+			}
+		} else {
+			glog.V(0).Infof("Start Seaweed S3 API Server %s at https port %d", util.Version(), *s3opt.portHttps)
+			s3ApiListenerHttps, s3ApiLocalListenerHttps, _ := util.NewIpAndLocalListeners(
+				*s3opt.bindIp, *s3opt.portHttps, time.Duration(10)*time.Second)
+			if s3ApiLocalListenerHttps != nil {
+				go func() {
+					if err = httpS.ServeTLS(s3ApiLocalListenerHttps, "", ""); err != nil {
+						glog.Fatalf("S3 API Server Fail to serve: %v", err)
+					}
+				}()
+			}
 			go func() {
-				if err = httpS.ServeTLS(s3ApiLocalListener, "", ""); err != nil {
+				if err = httpS.ServeTLS(s3ApiListenerHttps, "", ""); err != nil {
 					glog.Fatalf("S3 API Server Fail to serve: %v", err)
 				}
 			}()
 		}
-		if err = httpS.ServeTLS(s3ApiListener, "", ""); err != nil {
+	}
-			glog.Fatalf("S3 API Server Fail to serve: %v", err)
+	if *s3opt.tlsPrivateKey == "" || *s3opt.portHttps > 0 {
-		}
-	} else {
 		glog.V(0).Infof("Start Seaweed S3 API Server %s at http port %d", util.Version(), *s3opt.port)
 		if s3ApiLocalListener != nil {
 			go func() {