Add 'ssl_enabled' config parameter

2025-05-20 20:46:16 +02:00 · 2024-05-11 13:23:14 +02:00 · 2024-05-11 13:23:14 +02:00 · 97739a460e
commit 97739a460e
parent c2528623cd
5 changed files with 33 additions and 24 deletions
--- a/server/control_server.cpp
+++ b/server/control_server.cpp
@ -40,15 +40,10 @@ static constexpr auto LOG_TAG = "ControlServer";

 ControlServer::ControlServer(boost::asio::io_context& io_context, const ServerSettings& settings, ControlMessageReceiver* controlMessageReceiver)
    : io_context_(io_context), ssl_context_(boost::asio::ssl::context::sslv23), tcp_settings_(settings.tcp), http_settings_(settings.http),
-      controlMessageReceiver_(controlMessageReceiver), ssl_enabled_(true)
+      controlMessageReceiver_(controlMessageReceiver)
 {
    const ServerSettings::Ssl& ssl = settings.ssl;
-    if (ssl.certificate.empty() || ssl.private_key.empty())
-    {
-        LOG(INFO, LOG_TAG) << "SSL disabled, to enable SSL, please configure a certificate and private key file in PEM format\n";
-        ssl_enabled_ = false;
-    }
-    if (ssl_enabled_)
+    if (http_settings_.ssl_enabled)
    {
        ssl_context_.set_options(boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 |
                                 boost::asio::ssl::context::single_dh_use);
@ -192,23 +187,26 @@ void ControlServer::start()
            }
        }
    }
-    if (http_settings_.enabled)
+    if (http_settings_.enabled || http_settings_.ssl_enabled)
    {
-        for (const auto& address : http_settings_.bind_to_address)
+        if (http_settings_.enabled)
        {
-            try
+            for (const auto& address : http_settings_.bind_to_address)
            {
-                LOG(INFO, LOG_TAG) << "Creating HTTP acceptor for address: " << address << ", port: " << http_settings_.port << "\n";
-                acceptor_.emplace_back(make_unique<tcp::acceptor>(boost::asio::make_strand(io_context_.get_executor()),
-                                                                  tcp::endpoint(boost::asio::ip::address::from_string(address), http_settings_.port)));
-            }
-            catch (const boost::system::system_error& e)
-            {
-                LOG(ERROR, LOG_TAG) << "error creating HTTP acceptor: " << e.what() << ", code: " << e.code() << "\n";
+                try
+                {
+                    LOG(INFO, LOG_TAG) << "Creating HTTP acceptor for address: " << address << ", port: " << http_settings_.port << "\n";
+                    acceptor_.emplace_back(make_unique<tcp::acceptor>(boost::asio::make_strand(io_context_.get_executor()),
+                                                                      tcp::endpoint(boost::asio::ip::address::from_string(address), http_settings_.port)));
+                }
+                catch (const boost::system::system_error& e)
+                {
+                    LOG(ERROR, LOG_TAG) << "error creating HTTP acceptor: " << e.what() << ", code: " << e.code() << "\n";
+                }
            }
        }

-        if (ssl_enabled_)
+        if (http_settings_.ssl_enabled)
        {
            for (const auto& address : http_settings_.ssl_bind_to_address)
            {
--- a/server/control_server.hpp
+++ b/server/control_server.hpp
@ -72,5 +72,4 @@ private:
    ServerSettings::Tcp tcp_settings_;
    ServerSettings::Http http_settings_;
    ControlMessageReceiver* controlMessageReceiver_;
-    bool ssl_enabled_;
 };
--- a/server/etc/snapserver.conf
+++ b/server/etc/snapserver.conf
@ -52,9 +52,15 @@
 [ssl]
 # https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/
 # https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309
-certificate = certs/snapserver.crt
-private_key = certs/snapserver.key
-key_password =
+
+# Certificate file in PEM format
+# certificate = 
+
+# Private key file in PEM format
+# private_key = 
+
+# Password for decryption of the private_key (only needed for encrypted private_key file)
+# key_password =

 #
 ###############################################################################
@ -76,10 +82,13 @@ key_password =
 # which port the server should listen to
 #port = 1780

-#ssl address for the server to listen on
+# enable HTTPS Json RPC (HTTPS POST and ssl websockets)
+# ssl_enabled = false
+
+# same as 'bind_to_address' but for SSL
 # ssl_bind_to_address = 0.0.0.0

-# which ssl port the server should listen to
+# same as 'port' but for SSL
 # ssl_port = 1788

 # serve a website from the doc_root location
--- a/server/server_settings.hpp
+++ b/server/server_settings.hpp
@ -48,6 +48,7 @@ struct ServerSettings
    struct Http
    {
        bool enabled{true};
+        bool ssl_enabled{false};
        size_t port{1780};
        size_t ssl_port{1788};
        std::vector<std::string> bind_to_address{{"0.0.0.0"}};
--- a/server/snapserver.cpp
+++ b/server/snapserver.cpp
@ -90,6 +90,8 @@ int main(int argc, char* argv[])
        conf.add<Value<size_t>>("", "http.port", "which port the server should listen on", settings.http.port, &settings.http.port);
        auto http_bind_to_address = conf.add<Value<string>>("", "http.bind_to_address", "address for the server to listen on",
                                                            settings.http.bind_to_address.front(), &settings.http.bind_to_address[0]);
+        conf.add<Value<bool>>("", "http.ssl_enabled", "enable HTTPS Json RPC (HTTPS POST and ssl websockets)", settings.http.ssl_enabled,
+                              &settings.http.ssl_enabled);
        conf.add<Value<size_t>>("", "http.ssl_port", "which ssl port the server should listen on", settings.http.ssl_port, &settings.http.ssl_port);
        auto http_ssl_bind_to_address = conf.add<Value<string>>("", "http.ssl_bind_to_address", "ssl address for the server to listen on",
                                                                settings.http.ssl_bind_to_address.front(), &settings.http.ssl_bind_to_address[0]);