actix-net/actix-tls/examples/accept-rustls.rs

//! No-Op TLS Acceptor Server
//!
//! Using either HTTPie (`http`) or cURL:
//!
//! This commands will produce errors in the server log:
//! ```sh
//! curl 127.0.0.1:8443
//! http 127.0.0.1:8443
//! ```
//!
//! These commands will show "empty reply" on the client but will debug print the TLS stream info
//! in the server log, indicating a successful TLS handshake:
//! ```sh
//! curl -k https://127.0.0.1:8443
//! http --verify=false https://127.0.0.1:8443
//! ```

// this `use` is only exists because of how we have organised the crate
// it is not necessary for your actual code; you should import from `rustls` normally
use std::{
    fs::File,
    io::{self, BufReader},
    path::PathBuf,
    sync::{
        atomic::{AtomicUsize, Ordering},
        Arc,
    },
};

use actix_rt::net::TcpStream;
use actix_server::Server;
use actix_service::ServiceFactoryExt as _;
use actix_tls::accept::rustls_0_23::{Acceptor as RustlsAcceptor, TlsStream};
use futures_util::future::ok;
use itertools::Itertools as _;
use rustls::server::ServerConfig;
use rustls_pemfile::{certs, rsa_private_keys};
use rustls_pki_types_1::PrivateKeyDer;
use tokio_rustls_026::rustls;
use tracing::info;

#[actix_rt::main]
async fn main() -> io::Result<()> {
    pretty_env_logger::formatted_timed_builder()
        .parse_env(pretty_env_logger::env_logger::Env::default().default_filter_or("info"));

    let root_path = env!("CARGO_MANIFEST_DIR")
        .parse::<PathBuf>()
        .unwrap()
        .join("examples");
    let cert_path = root_path.clone().join("cert.pem");
    let key_path = root_path.clone().join("key.pem");

    // Load TLS key and cert files
    let cert_file = &mut BufReader::new(File::open(cert_path).unwrap());
    let key_file = &mut BufReader::new(File::open(key_path).unwrap());

    let cert_chain = certs(cert_file);
    let mut keys = rsa_private_keys(key_file);

    let tls_config = ServerConfig::builder()
        .with_no_client_auth()
        .with_single_cert(
            cert_chain.try_collect::<_, Vec<_>, _>()?,
            PrivateKeyDer::Pkcs1(keys.next().unwrap()?),
        )
        .unwrap();

    let tls_acceptor = RustlsAcceptor::new(tls_config);

    let count = Arc::new(AtomicUsize::new(0));

    let addr = ("127.0.0.1", 8443);
    info!("starting server at: {addr:?}");

    Server::build()
        .bind("tls-example", addr, move || {
            let count = Arc::clone(&count);

            // Set up TLS service factory
            tls_acceptor
                .clone()
                .map_err(|err| println!("Rustls error: {:?}", err))
                .and_then(move |stream: TlsStream<TcpStream>| {
                    let num = count.fetch_add(1, Ordering::Relaxed);
                    info!("[{}] Got TLS connection: {:?}", num, &*stream);
                    ok(())
                })
        })?
        .workers(1)
        .run()
        .await
}
tls doc updates 2021-11-28 01:56:15 +01:00			`//! No-Op TLS Acceptor Server`
move and update server+tls examples (#190) 2020-09-13 11:12:07 +02:00			`//!`
			//! Using either HTTPie (`http`) or cURL:
			`//!`
			`//! This commands will produce errors in the server log:`
			//! ```sh
			`//! curl 127.0.0.1:8443`
			`//! http 127.0.0.1:8443`
			//! ```
			`//!`
			`//! These commands will show "empty reply" on the client but will debug print the TLS stream info`
			`//! in the server log, indicating a successful TLS handshake:`
			//! ```sh
			`//! curl -k https://127.0.0.1:8443`
			`//! http --verify=false https://127.0.0.1:8443`
			//! ```

fmt with import grouping 2022-04-10 03:48:53 +02:00			// this `use` is only exists because of how we have organised the crate
Rustls v0.21 support (#480) 2023-08-26 15:59:51 +02:00			// it is not necessary for your actual code; you should import from `rustls` normally
move and update server+tls examples (#190) 2020-09-13 11:12:07 +02:00			`use std::{`
			`fs::File,`
			`io::{self, BufReader},`
Rustls v0.21 support (#480) 2023-08-26 15:59:51 +02:00			`path::PathBuf,`
move and update server+tls examples (#190) 2020-09-13 11:12:07 +02:00			`sync::{`
			`atomic::{AtomicUsize, Ordering},`
			`Arc,`
			`},`
			`};`

add actix stream trait (#276) 2021-02-20 18:25:22 +01:00			`use actix_rt::net::TcpStream;`
clippy 2021-11-02 00:41:28 +01:00			`use actix_server::Server;`
remove pipeline from public api (#335) 2021-04-16 01:00:02 +02:00			`use actix_service::ServiceFactoryExt as _;`
feat(actix-tls): support for rustls 0.23 (#554) * Add feature for using rustls 0.23 * Fix mistake * Fix use of wrong tokio rustls package * Fix accept openssl test * Use rustls 0.23 for the example * Install nasm in CI step for windows * Change outdated step name * Fix CI mistake * test: install default crypto provider in tests * docs: update changelog --------- Co-authored-by: Rob Ede <robjtede@icloud.com> 2024-05-12 20:47:49 +02:00			`use actix_tls::accept::rustls_0_23::{Acceptor as RustlsAcceptor, TlsStream};`
move and update server+tls examples (#190) 2020-09-13 11:12:07 +02:00			`use futures_util::future::ok;`
feat(tls): add accept::rustls_0_22 module 2023-12-16 01:23:11 +01:00			`use itertools::Itertools as _;`
			`use rustls::server::ServerConfig;`
Use tokio-rustls 0.23 (#396) Co-authored-by: Rob Ede <robjtede@icloud.com> 2021-10-19 17:48:23 +02:00			`use rustls_pemfile::{certs, rsa_private_keys};`
feat(tls): add accept::rustls_0_22 module 2023-12-16 01:23:11 +01:00			`use rustls_pki_types_1::PrivateKeyDer;`
feat(actix-tls): support for rustls 0.23 (#554) * Add feature for using rustls 0.23 * Fix mistake * Fix use of wrong tokio rustls package * Fix accept openssl test * Use rustls 0.23 for the example * Install nasm in CI step for windows * Change outdated step name * Fix CI mistake * test: install default crypto provider in tests * docs: update changelog --------- Co-authored-by: Rob Ede <robjtede@icloud.com> 2024-05-12 20:47:49 +02:00			`use tokio_rustls_026::rustls;`
use tracing for logs (#451) 2022-03-15 20:37:08 +01:00			`use tracing::info;`
move and update server+tls examples (#190) 2020-09-13 11:12:07 +02:00
			`#[actix_rt::main]`
			`async fn main() -> io::Result<()> {`
chore: update env logger 2024-05-12 20:10:27 +02:00			`pretty_env_logger::formatted_timed_builder()`
			`.parse_env(pretty_env_logger::env_logger::Env::default().default_filter_or("info"));`
move and update server+tls examples (#190) 2020-09-13 11:12:07 +02:00
Rustls v0.21 support (#480) 2023-08-26 15:59:51 +02:00			`let root_path = env!("CARGO_MANIFEST_DIR")`
			`.parse::<PathBuf>()`
			`.unwrap()`
			`.join("examples");`
			`let cert_path = root_path.clone().join("cert.pem");`
			`let key_path = root_path.clone().join("key.pem");`

move and update server+tls examples (#190) 2020-09-13 11:12:07 +02:00			`// Load TLS key and cert files`
Rustls v0.21 support (#480) 2023-08-26 15:59:51 +02:00			`let cert_file = &mut BufReader::new(File::open(cert_path).unwrap());`
			`let key_file = &mut BufReader::new(File::open(key_path).unwrap());`
move and update server+tls examples (#190) 2020-09-13 11:12:07 +02:00
feat(tls): add accept::rustls_0_22 module 2023-12-16 01:23:11 +01:00			`let cert_chain = certs(cert_file);`
			`let mut keys = rsa_private_keys(key_file);`
Use tokio-rustls 0.23 (#396) Co-authored-by: Rob Ede <robjtede@icloud.com> 2021-10-19 17:48:23 +02:00
			`let tls_config = ServerConfig::builder()`
			`.with_no_client_auth()`
feat(tls): add accept::rustls_0_22 module 2023-12-16 01:23:11 +01:00			`.with_single_cert(`
			`cert_chain.try_collect::<_, Vec<_>, _>()?,`
			`PrivateKeyDer::Pkcs1(keys.next().unwrap()?),`
			`)`
move and update server+tls examples (#190) 2020-09-13 11:12:07 +02:00			`.unwrap();`

			`let tls_acceptor = RustlsAcceptor::new(tls_config);`

			`let count = Arc::new(AtomicUsize::new(0));`

			`let addr = ("127.0.0.1", 8443);`
Rustls v0.21 support (#480) 2023-08-26 15:59:51 +02:00			`info!("starting server at: {addr:?}");`
move and update server+tls examples (#190) 2020-09-13 11:12:07 +02:00
			`Server::build()`
			`.bind("tls-example", addr, move \|\| {`
			`let count = Arc::clone(&count);`

			`// Set up TLS service factory`
remove pipeline from public api (#335) 2021-04-16 01:00:02 +02:00			`tls_acceptor`
			`.clone()`
move and update server+tls examples (#190) 2020-09-13 11:12:07 +02:00			`.map_err(\|err\| println!("Rustls error: {:?}", err))`
add actix stream trait (#276) 2021-02-20 18:25:22 +01:00			`.and_then(move \|stream: TlsStream<TcpStream>\| {`
move and update server+tls examples (#190) 2020-09-13 11:12:07 +02:00			`let num = count.fetch_add(1, Ordering::Relaxed);`
add actix stream trait (#276) 2021-02-20 18:25:22 +01:00			`info!("[{}] Got TLS connection: {:?}", num, &*stream);`
move and update server+tls examples (#190) 2020-09-13 11:12:07 +02:00			`ok(())`
			`})`
			`})?`
			`.workers(1)`
			`.run()`
			`.await`
			`}`