feat: added TLS encryption support to API calls (HTTPS)

[eravellaSC]

Solving #2491, I added support for TLS-encryption for the HTTP API calls. The gin server was already set up to do so, the only thing missing were the conf paths.

[codecov]

Codecov Report

Merging #2658 (062e3a2) into main (5dae270) will decrease coverage by 0.10%.
Report is 1 commits behind head on main.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main    #2658      +/-   ##
==========================================
- Coverage   59.41%   59.31%   -0.10%     
==========================================
  Files         144      144              
  Lines       15238    15238              
==========================================
- Hits         9053     9038      -15     
- Misses       5549     5560      +11     
- Partials      636      640       +4     

Files	Coverage Δ
internal/conf/conf.go	65.17% <ø> (ø)
internal/core/api.go	66.29% <100.00%> (ø)

... and 5 files with indirect coverage changes

📣 Codecov offers a browser extension for seamless coverage viewing on GitHub. Try it in Chrome or Firefox today!

[eravellaSC]

I double checked the failing tests and coverage reports and they mention files and checks that I have not touched. It's a very small modification, and the codebase was already ready to accomodate this simple addon. Is the coverage slowing down the review process? I can dig deeper if it's needed.

[eravellaSC]

I am sorry to bother directly, @aler9, but I'd like to know if there is interest in adding this feature. If not I can close the PR.

[aler9]

Hello @eravellaSC, of course there's interest, but the problem is that currently the API is missing a strong authentication system, therefore it's meant to be used either in a closed environment or behind a reverse proxy which provides authentication and TLS termination.

If i merge this feature without providing authentication, there's risk of giving the impression that the API is safe to use.

Furthermore, nowadays valid TLS certificates are generated by authorities that periodically query the corresponding domain through HTTP, and that would mean that some users may try to expose the API publicly. Since it's easy to scan the internet and detect running instances of MediaMTX, this would mean creating a Botnet.

Anyway, the authentication issue will be solved soon.

[eravellaSC]

@aler9 Thanks for the update, I didn't think of that in that way. I'll wait for the auth to be merged then.

[aler9]

replaced by #3280

[github-actions]

This issue is mentioned in release v1.8.0 🚀
Check out the entire changelog by clicking here