From 408ddf0be1d10f5d0550b9217bf6ae9dccb3c90a Mon Sep 17 00:00:00 2001 From: Nikolay Kim Date: Wed, 13 Dec 2017 21:56:30 -0800 Subject: [PATCH] add ssl guide ref --- examples/tls/src/main.rs | 2 +- guide/src/qs_13.md | 6 +++--- guide/src/qs_3_5.md | 34 ++++++++++++++++++++++++++++++++++ src/server.rs | 2 +- 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/examples/tls/src/main.rs b/examples/tls/src/main.rs index 78720c0c9..2e0d55e3f 100644 --- a/examples/tls/src/main.rs +++ b/examples/tls/src/main.rs @@ -42,7 +42,7 @@ fn main() { .header("LOCATION", "/index.html") .body(Body::Empty) }))) - .serve_tls::<_, ()>("127.0.0.1:8443", &pkcs12).unwrap(); + .serve_ssl::<_, ()>("127.0.0.1:8443", &pkcs12).unwrap(); println!("Started http server: 127.0.0.1:8443"); let _ = sys.run(); diff --git a/guide/src/qs_13.md b/guide/src/qs_13.md index c3b0b0e72..a529fb9b2 100644 --- a/guide/src/qs_13.md +++ b/guide/src/qs_13.md @@ -26,9 +26,9 @@ fn main() { let pkcs12 = Pkcs12::from_der(&pkcs12).unwrap().parse("12345").unwrap(); HttpServer::new( - Application::new("/") - .resource("/index.html", |r| r.f(index)) - .serve_tls::<_, ()>("127.0.0.1:8080", pkcs12).unwrap(); + || Application::new() + .resource("/index.html", |r| r.f(index))) + .serve_ssl::<_, ()>("127.0.0.1:8080", pkcs12).unwrap(); } ``` diff --git a/guide/src/qs_3_5.md b/guide/src/qs_3_5.md index 2a7750b32..da21e3ce4 100644 --- a/guide/src/qs_3_5.md +++ b/guide/src/qs_3_5.md @@ -25,6 +25,40 @@ Server create separate application instance for each created worker. Application is not shared between threads, to share state `Arc` could be used. Application state does not need to be `Send` and `Sync` but application factory must be `Send` + `Sync`. +## SSL + +There are two `tls` and `alpn` features for ssl server. `tls` feature is for `native-tls` +integration and `alpn` is for `openssl`. + +```toml +[dependencies] +actix-web = { git = "https://github.com/actix/actix-web", features=["alpn"] } +``` + +```rust,ignore +use std::fs::File; +use actix_web::*; + +fn main() { + let mut file = File::open("identity.pfx").unwrap(); + let mut pkcs12 = vec![]; + file.read_to_end(&mut pkcs12).unwrap(); + let pkcs12 = Pkcs12::from_der(&pkcs12).unwrap().parse("12345").unwrap(); + + HttpServer::new( + || Application::new() + .resource("/index.html", |r| r.f(index))) + .serve_ssl::<_, ()>("127.0.0.1:8080", pkcs12).unwrap(); +} +``` + +Note on *HTTP/2* protocol over tls without prior knowlage, it requires +[tls alpn](https://tools.ietf.org/html/rfc7301). At the moment only +`openssl` has `alpn ` support. + +Please check [example](https://github.com/actix/actix-web/tree/master/examples/tls) +for concrete example. + ## Keep-Alive Actix can wait for requesta on a keep-alive connection. *Keep alive* diff --git a/src/server.rs b/src/server.rs index ee7ad90e4..24c8318f0 100644 --- a/src/server.rs +++ b/src/server.rs @@ -334,7 +334,7 @@ impl HttpServer, net::SocketAddr, H, /// /// This methods converts address to list of `SocketAddr` /// then binds to all available addresses. - pub fn serve_tls(mut self, addr: S, identity: &ParsedPkcs12) -> io::Result + pub fn serve_ssl(mut self, addr: S, identity: &ParsedPkcs12) -> io::Result where Self: ActorAddress, S: net::ToSocketAddrs, {