Allow server to run on HTTPS with SSL certificates

thevickypedia · Feb 16, 2024 · 684303e · 684303e
1 parent 2708801
commit 684303e
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 5 deletions.
diff --git a/.gitignore b/.gitignore
@@ -15,3 +15,6 @@ Cargo.lock
 
 # Secrets mapping
 config.json
+
+# Certificates
+*.pem
diff --git a/Cargo.toml b/Cargo.toml
@@ -29,7 +29,7 @@ path = "src/main.rs"
 
 [dependencies]
 actix-rt = "2.9.0"
-actix-web = "4.5.1"
+actix-web = { version = "4.5.1", features = ["openssl"] }
 actix-files = "0.6.5"
 actix-cors = "0.7.0"
 serde = { version = "1.0.196", features = ["derive"] }

diff --git a/src/lib.rs b/src/lib.rs
@@ -5,6 +5,7 @@ use std::io;
 
 use actix_web::{App, HttpServer, middleware, web};
 use rand::prelude::SliceRandom;
+use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod};
 
 mod squire;
 mod template;
@@ -48,7 +49,7 @@ pub async fn start() -> io::Result<()> {
         The closure is defining the configuration for the Actix web server.
         The purpose of the closure is to configure the server before it starts listening for incoming requests.
      */
-    HttpServer::new(move || {
+    let application = move || {
         App::new()  // Creates a new Actix web application
             .wrap(squire::middleware::get_cors(config_clone.website.clone()))
             .app_data(web::Data::new(config_clone.clone()))
@@ -63,10 +64,24 @@ pub async fn start() -> io::Result<()> {
             .service(routes::video::stream)
             .service(routes::video::streaming_endpoint)
             .service(routes::images::image_endpoint)
-    })
+    };
+    let server = HttpServer::new(application)
         .workers(config.workers as usize)
-        .max_connections(config.max_connections as usize)
-        .bind(host)?
+        .max_connections(config.max_connections as usize);
+    // Reference: https://actix.rs/docs/http2/
+    if config.cert_file.exists() && config.key_file.exists() {
+        log::info!("Binding SSL certificate to serve over HTTPS");
+        let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
+        builder
+            .set_private_key_file(&config.key_file, SslFiletype::PEM)
+            .unwrap();
+        builder.set_certificate_chain_file(&config.cert_file).unwrap();
+        server.bind_openssl(host, builder)?
         .run()
         .await
+    } else {
+        server.bind(host)?
+        .run()
+        .await
+    }
 }
diff --git a/src/squire/settings.rs b/src/squire/settings.rs
@@ -34,8 +34,16 @@ pub struct Config {
     /// List of websites (supports regex) to add to CORS configuration.
     #[serde(default = "default_website")]
     pub website: Vec<String>,
+
+    // Certificate file
+    #[serde(default="default_ssl")]
+    pub cert_file: path::PathBuf,
+    pub key_file: path::PathBuf
 }
 
+/// Returns the default value for ssl files
+fn default_ssl() -> path::PathBuf { path::PathBuf::new() }
+
 /// Returns the default video host based on the local machine's IP address.
 fn default_video_host() -> String {
     let hostname = "localhost";