use std::{fs::File, io::BufReader}; use actix_files::Files; use actix_web::{ http::header::ContentType, middleware, web, App, HttpRequest, HttpResponse, HttpServer, }; use log::debug; use rustls::{pki_types::PrivateKeyDer, ServerConfig}; use rustls_pemfile::{certs, pkcs8_private_keys}; /// simple handle async fn index(req: HttpRequest) -> HttpResponse { debug!("{req:?}"); HttpResponse::Ok().content_type(ContentType::html()).body( "\

Welcome to your TLS-secured homepage!

\ ", ) } #[actix_web::main] async fn main() -> std::io::Result<()> { env_logger::init_from_env(env_logger::Env::default().default_filter_or("info")); let config = load_rustls_config(); log::info!("starting HTTPS server at https://localhost:8443"); HttpServer::new(|| { App::new() // enable logger .wrap(middleware::Logger::default()) // register simple handler, handle all methods .service(web::resource("/index.html").to(index)) .service(web::redirect("/", "/index.html")) .service(Files::new("/static", "static")) }) .bind_rustls_0_23("127.0.0.1:8443", config)? .run() .await } fn load_rustls_config() -> rustls::ServerConfig { rustls::crypto::aws_lc_rs::default_provider() .install_default() .unwrap(); // init server config builder with safe defaults let config = ServerConfig::builder().with_no_client_auth(); // load TLS key/cert files let cert_file = &mut BufReader::new(File::open("cert.pem").unwrap()); let key_file = &mut BufReader::new(File::open("key.pem").unwrap()); // convert files to key/cert objects let cert_chain = certs(cert_file).collect::, _>>().unwrap(); let mut keys = pkcs8_private_keys(key_file) .map(|key| key.map(PrivateKeyDer::Pkcs8)) .collect::, _>>() .unwrap(); // exit if no keys could be parsed if keys.is_empty() { eprintln!("Could not locate PKCS 8 private keys."); std::process::exit(1); } config.with_single_cert(cert_chain, keys.remove(0)).unwrap() }