Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
use rustls::{
internal::pemfile::{certs, pkcs8_private_keys},
NoClientAuth, ServerConfig,
};
use std::{env::var as env_var, fs::File, io::BufReader};
/// Parse the TLS certificates presents in ./certs/live/${SERVER_HOST} and returns a rustls::ServerConfig that can be passed to
/// the actix_web::HttpServer instance:
/// ```
/// HttpServer::new(move || {
/// App::new()
/// })
/// .bind_rustls(
/// "0.0.0.0:8080",
/// get_tls_config(),
/// )?
/// .run()
/// .await
/// ```
pub fn get_tls_config() -> ServerConfig {
let host = env_var("SERVER_HOST").expect("SERVER_HOST is not defined.");
let mut config = ServerConfig::new(NoClientAuth::new());
let certs_dir = std::path::PathBuf::from(
env_var("RESOURCES_DIR").expect("RESOURCES_DIR is not defined"),
)
.join("certs")
.join("live")
.join(&host);
let cert_file = File::open(certs_dir.join("fullchain.pem")).unwrap();
let key_file = File::open(certs_dir.join("privkey.pem")).unwrap();
let cert_file = &mut BufReader::new(cert_file);
let key_file = &mut BufReader::new(key_file);
let cert_chain = certs(cert_file).unwrap();
let mut keys = pkcs8_private_keys(key_file).unwrap();
config.set_single_cert(cert_chain, keys.remove(0)).unwrap();
config
}