Add 'ssl_enabled' config parameter

badaix · Jun 1, 2024 · 9519a16 · 9519a16
1 parent fb8aa42
commit 9519a16
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 24 deletions.
diff --git a/server/control_server.cpp b/server/control_server.cpp
@@ -40,15 +40,10 @@ static constexpr auto LOG_TAG = "ControlServer";
 
 ControlServer::ControlServer(boost::asio::io_context& io_context, const ServerSettings& settings, ControlMessageReceiver* controlMessageReceiver)
     : io_context_(io_context), ssl_context_(boost::asio::ssl::context::sslv23), tcp_settings_(settings.tcp), http_settings_(settings.http),
-      controlMessageReceiver_(controlMessageReceiver), ssl_enabled_(true)
+      controlMessageReceiver_(controlMessageReceiver)
 {
     const ServerSettings::Ssl& ssl = settings.ssl;
-    if (ssl.certificate.empty() || ssl.private_key.empty())
-    {
-        LOG(INFO, LOG_TAG) << "SSL disabled, to enable SSL, please configure a certificate and private key file in PEM format\n";
-        ssl_enabled_ = false;
-    }
-    if (ssl_enabled_)
+    if (http_settings_.ssl_enabled)
     {
         ssl_context_.set_options(boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 |
                                  boost::asio::ssl::context::single_dh_use);
@@ -192,23 +187,26 @@ void ControlServer::start()
             }
         }
     }
-    if (http_settings_.enabled)
+    if (http_settings_.enabled || http_settings_.ssl_enabled)
     {
-        for (const auto& address : http_settings_.bind_to_address)
+        if (http_settings_.enabled)
         {
-            try
-            {
-                LOG(INFO, LOG_TAG) << "Creating HTTP acceptor for address: " << address << ", port: " << http_settings_.port << "\n";
-                acceptor_.emplace_back(make_unique<tcp::acceptor>(boost::asio::make_strand(io_context_.get_executor()),
-                                                                  tcp::endpoint(boost::asio::ip::address::from_string(address), http_settings_.port)));
-            }
-            catch (const boost::system::system_error& e)
+            for (const auto& address : http_settings_.bind_to_address)
             {
-                LOG(ERROR, LOG_TAG) << "error creating HTTP acceptor: " << e.what() << ", code: " << e.code() << "\n";
+                try
+                {
+                    LOG(INFO, LOG_TAG) << "Creating HTTP acceptor for address: " << address << ", port: " << http_settings_.port << "\n";
+                    acceptor_.emplace_back(make_unique<tcp::acceptor>(boost::asio::make_strand(io_context_.get_executor()),
+                                                                      tcp::endpoint(boost::asio::ip::address::from_string(address), http_settings_.port)));
+                }
+                catch (const boost::system::system_error& e)
+                {
+                    LOG(ERROR, LOG_TAG) << "error creating HTTP acceptor: " << e.what() << ", code: " << e.code() << "\n";
+                }
             }
         }
 
-        if (ssl_enabled_)
+        if (http_settings_.ssl_enabled)
         {
             for (const auto& address : http_settings_.ssl_bind_to_address)
             {

diff --git a/server/control_server.hpp b/server/control_server.hpp
@@ -72,5 +72,4 @@ class ControlServer : public ControlMessageReceiver
     ServerSettings::Tcp tcp_settings_;
     ServerSettings::Http http_settings_;
     ControlMessageReceiver* controlMessageReceiver_;
-    bool ssl_enabled_;
 };
diff --git a/server/etc/snapserver.conf b/server/etc/snapserver.conf
@@ -52,9 +52,15 @@
 [ssl]
 # https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/
 # https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309
-certificate = certs/snapserver.crt
-private_key = certs/snapserver.key
-key_password =
+
+# Certificate file in PEM format
+# certificate = 
+
+# Private key file in PEM format
+# private_key = 
+
+# Password for decryption of the private_key (only needed for encrypted private_key file)
+# key_password =
 
 #
 ###############################################################################
@@ -76,10 +82,13 @@ key_password =
 # which port the server should listen to
 #port = 1780
 
-#ssl address for the server to listen on
+# enable HTTPS Json RPC (HTTPS POST and ssl websockets)
+# ssl_enabled = false
+
+# same as 'bind_to_address' but for SSL
 # ssl_bind_to_address = 0.0.0.0
 
-# which ssl port the server should listen to
+# same as 'port' but for SSL
 # ssl_port = 1788
 
 # serve a website from the doc_root location

diff --git a/server/server_settings.hpp b/server/server_settings.hpp
@@ -48,6 +48,7 @@ struct ServerSettings
     struct Http
     {
         bool enabled{true};
+        bool ssl_enabled{false};
         size_t port{1780};
         size_t ssl_port{1788};
         std::vector<std::string> bind_to_address{{"0.0.0.0"}};

diff --git a/server/snapserver.cpp b/server/snapserver.cpp
@@ -90,6 +90,8 @@ int main(int argc, char* argv[])
         conf.add<Value<size_t>>("", "http.port", "which port the server should listen on", settings.http.port, &settings.http.port);
         auto http_bind_to_address = conf.add<Value<string>>("", "http.bind_to_address", "address for the server to listen on",
                                                             settings.http.bind_to_address.front(), &settings.http.bind_to_address[0]);
+        conf.add<Value<bool>>("", "http.ssl_enabled", "enable HTTPS Json RPC (HTTPS POST and ssl websockets)", settings.http.ssl_enabled,
+                              &settings.http.ssl_enabled);
         conf.add<Value<size_t>>("", "http.ssl_port", "which ssl port the server should listen on", settings.http.ssl_port, &settings.http.ssl_port);
         auto http_ssl_bind_to_address = conf.add<Value<string>>("", "http.ssl_bind_to_address", "ssl address for the server to listen on",
                                                                 settings.http.ssl_bind_to_address.front(), &settings.http.ssl_bind_to_address[0]);