Enable TLS support

2025-08-31 00:50:21 +02:00 · 2018-07-08 21:33:57 +02:00
parent fcc4a282c7
commit c50bcb38d7
4 changed files with 57 additions and 6 deletions
--- a/server/src/cli.rs
+++ b/server/src/cli.rs
@@ -49,5 +49,7 @@ pub fn parse_args() -> ::clap::ArgMatches<'static> {
        (@arg PORT: -p --port +takes_value "Port to listen on (Defaults to 8000)")
        (@arg HOST: -h --host +takes_value "Host to listen on (Defaults to 0.0.0.0)")
        (@arg SERVER: -s --server +takes_value "Bind server (Defaults to 127.0.0.1)")
+        (@arg CERT: -c --cert +takes_value "TLS certificate chain file")
+        (@arg KEY: -k --key +takes_value "TLS key file")
    ).get_matches()
 }
--- a/server/src/main.rs
+++ b/server/src/main.rs
@@ -47,6 +47,7 @@ extern crate failure;
 extern crate futures;
 #[macro_use]
 extern crate log;
+extern crate openssl;
 extern crate pretty_env_logger;
 extern crate serde;
 extern crate serde_json;
@@ -59,6 +60,7 @@ use actix_web::{
 };
 use data::{Delete, Update};
 use failure::Error;
+use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod};
 use std::{
    io::Write, process::{Command, Stdio}, sync::Arc,
 };
@@ -147,12 +149,31 @@ fn main() {
        .expect("Cannot parse port");
    let host = matches.value_of("HOST").unwrap_or("0.0.0.0");
    let host = format!("{}:{}", host, port);
-    server::new(move || {
+    let key = matches.value_of("KEY");
+    let cert = matches.value_of("CERT");
+    let server = server::new(move || {
        App::with_state(config.clone())
            .middleware(Logger::default())
            .route("/record", http::Method::POST, update)
            .route("/record", http::Method::DELETE, delete)
-    }).bind(host)
-        .unwrap()
-        .run();
+    });
+    match (key, cert) {
+        (Some(k), Some(c)) => {
+            let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
+            builder.set_private_key_file(k, SslFiletype::PEM).unwrap();
+            builder.set_certificate_chain_file(c).unwrap();
+            server.bind_ssl(host, builder)
+        },
+        (None, None) => server.bind(host),
+        (_, _) => panic!("When using TLS, the --cert and --key parameter must be set"),
+    }.unwrap()
+        .run()
+    // server::new(move || {
+    //     App::with_state(config.clone())
+    //         .middleware(Logger::default())
+    //         .route("/record", http::Method::POST, update)
+    //         .route("/record", http::Method::DELETE, delete)
+    // }).bind(host)
+    // .unwrap()
+    // .run();
 }