diff --git a/server/control_server.cpp b/server/control_server.cpp index b28fce01..9f58a84f 100644 --- a/server/control_server.cpp +++ b/server/control_server.cpp @@ -40,15 +40,10 @@ static constexpr auto LOG_TAG = "ControlServer"; ControlServer::ControlServer(boost::asio::io_context& io_context, const ServerSettings& settings, ControlMessageReceiver* controlMessageReceiver) : io_context_(io_context), ssl_context_(boost::asio::ssl::context::sslv23), tcp_settings_(settings.tcp), http_settings_(settings.http), - controlMessageReceiver_(controlMessageReceiver), ssl_enabled_(true) + controlMessageReceiver_(controlMessageReceiver) { const ServerSettings::Ssl& ssl = settings.ssl; - if (ssl.certificate.empty() || ssl.private_key.empty()) - { - LOG(INFO, LOG_TAG) << "SSL disabled, to enable SSL, please configure a certificate and private key file in PEM format\n"; - ssl_enabled_ = false; - } - if (ssl_enabled_) + if (http_settings_.ssl_enabled) { ssl_context_.set_options(boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 | boost::asio::ssl::context::single_dh_use); @@ -192,23 +187,26 @@ void ControlServer::start() } } } - if (http_settings_.enabled) + if (http_settings_.enabled || http_settings_.ssl_enabled) { - for (const auto& address : http_settings_.bind_to_address) + if (http_settings_.enabled) { - try - { - LOG(INFO, LOG_TAG) << "Creating HTTP acceptor for address: " << address << ", port: " << http_settings_.port << "\n"; - acceptor_.emplace_back(make_unique(boost::asio::make_strand(io_context_.get_executor()), - tcp::endpoint(boost::asio::ip::address::from_string(address), http_settings_.port))); - } - catch (const boost::system::system_error& e) + for (const auto& address : http_settings_.bind_to_address) { - LOG(ERROR, LOG_TAG) << "error creating HTTP acceptor: " << e.what() << ", code: " << e.code() << "\n"; + try + { + LOG(INFO, LOG_TAG) << "Creating HTTP acceptor for address: " << address << ", port: " << http_settings_.port << "\n"; + acceptor_.emplace_back(make_unique(boost::asio::make_strand(io_context_.get_executor()), + tcp::endpoint(boost::asio::ip::address::from_string(address), http_settings_.port))); + } + catch (const boost::system::system_error& e) + { + LOG(ERROR, LOG_TAG) << "error creating HTTP acceptor: " << e.what() << ", code: " << e.code() << "\n"; + } } } - if (ssl_enabled_) + if (http_settings_.ssl_enabled) { for (const auto& address : http_settings_.ssl_bind_to_address) { diff --git a/server/control_server.hpp b/server/control_server.hpp index 7181798b..7e770f39 100644 --- a/server/control_server.hpp +++ b/server/control_server.hpp @@ -72,5 +72,4 @@ class ControlServer : public ControlMessageReceiver ServerSettings::Tcp tcp_settings_; ServerSettings::Http http_settings_; ControlMessageReceiver* controlMessageReceiver_; - bool ssl_enabled_; }; diff --git a/server/etc/snapserver.conf b/server/etc/snapserver.conf index 0223ea36..2061751a 100644 --- a/server/etc/snapserver.conf +++ b/server/etc/snapserver.conf @@ -52,9 +52,15 @@ [ssl] # https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/ # https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309 -certificate = certs/snapserver.crt -private_key = certs/snapserver.key -key_password = + +# Certificate file in PEM format +# certificate = + +# Private key file in PEM format +# private_key = + +# Password for decryption of the private_key (only needed for encrypted private_key file) +# key_password = # ############################################################################### @@ -76,10 +82,13 @@ key_password = # which port the server should listen to #port = 1780 -#ssl address for the server to listen on +# enable HTTPS Json RPC (HTTPS POST and ssl websockets) +# ssl_enabled = false + +# same as 'bind_to_address' but for SSL # ssl_bind_to_address = 0.0.0.0 -# which ssl port the server should listen to +# same as 'port' but for SSL # ssl_port = 1788 # serve a website from the doc_root location diff --git a/server/server_settings.hpp b/server/server_settings.hpp index 1d481953..f92d68a0 100644 --- a/server/server_settings.hpp +++ b/server/server_settings.hpp @@ -48,6 +48,7 @@ struct ServerSettings struct Http { bool enabled{true}; + bool ssl_enabled{false}; size_t port{1780}; size_t ssl_port{1788}; std::vector bind_to_address{{"0.0.0.0"}}; diff --git a/server/snapserver.cpp b/server/snapserver.cpp index e37b33d4..aa584e73 100644 --- a/server/snapserver.cpp +++ b/server/snapserver.cpp @@ -90,6 +90,8 @@ int main(int argc, char* argv[]) conf.add>("", "http.port", "which port the server should listen on", settings.http.port, &settings.http.port); auto http_bind_to_address = conf.add>("", "http.bind_to_address", "address for the server to listen on", settings.http.bind_to_address.front(), &settings.http.bind_to_address[0]); + conf.add>("", "http.ssl_enabled", "enable HTTPS Json RPC (HTTPS POST and ssl websockets)", settings.http.ssl_enabled, + &settings.http.ssl_enabled); conf.add>("", "http.ssl_port", "which ssl port the server should listen on", settings.http.ssl_port, &settings.http.ssl_port); auto http_ssl_bind_to_address = conf.add>("", "http.ssl_bind_to_address", "ssl address for the server to listen on", settings.http.ssl_bind_to_address.front(), &settings.http.ssl_bind_to_address[0]);