dasha_uwu/conduwuit-nadeko
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
This repository has been archived on 2025-08-14. You can view files and clone it, but you cannot make any changes to it's state, such as pushing and creating new issues, pull requests or comments.
conduwuit-nadeko/src/router/serve/tls.rs
June Clementine Strawberry 8658a4c2d0
misc nix CI fixes that might speed it up a bit 
Signed-off-by: June Clementine Strawberry <strawberry@puppygock.gay>
Signed-off-by: strawberry <strawberry@puppygock.gay>
2025-01-29 17:04:49 -05:00

77 lines
2 KiB
Rust
Raw Blame History

use std::{net::SocketAddr, sync::Arc};
use axum::Router;
use axum_server::Handle as ServerHandle;
use axum_server_dual_protocol::{
axum_server::{bind_rustls, tls_rustls::RustlsConfig},
ServerExt,
};
use conduwuit::{err, Result, Server};
use tokio::task::JoinSet;
use tracing::{debug, info, warn};
pub(super) async fn serve(
server: &Arc<Server>,
app: Router,
handle: ServerHandle,
addrs: Vec<SocketAddr>,
) -> Result {
let tls = &server.config.tls;
let certs = tls
.certs
.as_ref()
.ok_or_else(|| err!(Config("tls.certs", "Missing required value in tls config section")))?;
let key = tls
.key
.as_ref()
.ok_or_else(|| err!(Config("tls.key", "Missing required value in tls config section")))?;
// we use ring for ruma and hashing state, but aws-lc-rs is the new default.
// without this, TLS mode will panic.
rustls::crypto::aws_lc_rs::default_provider()
.install_default()
.expect("failed to initialise aws-lc-rs rustls crypto provider");
debug!("Using direct TLS. Certificate path {certs} and certificate private key path {key}",);
info!(
"Note: It is strongly recommended that you use a reverse proxy instead of running \
conduwuit directly with TLS."
);
let conf = RustlsConfig::from_pem_file(certs, key).await?;
let mut join_set = JoinSet::new();
let app = app.into_make_service_with_connect_info::<SocketAddr>();
if tls.dual_protocol {
for addr in &addrs {
join_set.spawn_on(
axum_server_dual_protocol::bind_dual_protocol(*addr, conf.clone())
.set_upgrade(false)
.handle(handle.clone())
.serve(app.clone()),
server.runtime(),
);
}
} else {
for addr in &addrs {
join_set.spawn_on(
bind_rustls(*addr, conf.clone())
.handle(handle.clone())
.serve(app.clone()),
server.runtime(),
);
}
}
if tls.dual_protocol {
warn!(
"Listening on {addrs:?} with TLS certificate {certs} and supporting plain text \
(HTTP) connections too (insecure!)",
);
} else {
info!("Listening on {addrs:?} with TLS certificate {certs}");
}
while join_set.join_next().await.is_some() {}
Ok(())
}
Reference in a new issue View git blame Copy permalink