2024-05-30 22:38:39 +00:00
|
|
|
use std::{net::SocketAddr, sync::Arc};
|
|
|
|
|
|
2024-06-06 22:31:52 +00:00
|
|
|
use axum::Router;
|
2024-08-15 02:35:19 +00:00
|
|
|
use axum_server::Handle as ServerHandle;
|
|
|
|
|
use axum_server_dual_protocol::{
|
|
|
|
|
ServerExt,
|
2025-02-23 01:17:45 -05:00
|
|
|
axum_server::{bind_rustls, tls_rustls::RustlsConfig},
|
2024-08-15 02:35:19 +00:00
|
|
|
};
|
2025-02-23 01:17:45 -05:00
|
|
|
use conduwuit::{Result, Server, err};
|
2024-05-30 22:38:39 +00:00
|
|
|
use tokio::task::JoinSet;
|
|
|
|
|
use tracing::{debug, info, warn};
|
|
|
|
|
|
2024-12-15 00:05:47 -05:00
|
|
|
pub(super) async fn serve(
|
|
|
|
|
server: &Arc<Server>,
|
|
|
|
|
app: Router,
|
2026-04-24 09:34:16 +01:00
|
|
|
handle: ServerHandle<SocketAddr>,
|
2024-12-15 00:05:47 -05:00
|
|
|
addrs: Vec<SocketAddr>,
|
|
|
|
|
) -> Result {
|
2024-11-24 00:19:55 +00:00
|
|
|
let tls = &server.config.tls;
|
2025-02-06 18:07:49 -05:00
|
|
|
let certs = tls.certs.as_ref().ok_or_else(|| {
|
|
|
|
|
err!(Config("tls.certs", "Missing required value in tls config section"))
|
|
|
|
|
})?;
|
2024-11-24 00:19:55 +00:00
|
|
|
let key = tls
|
|
|
|
|
.key
|
|
|
|
|
.as_ref()
|
2025-02-06 18:07:49 -05:00
|
|
|
.ok_or_else(|| err!(Config("tls.key", "Missing required value in tls config section")))?;
|
2024-05-30 22:38:39 +00:00
|
|
|
|
2024-08-23 19:29:36 -04:00
|
|
|
// we use ring for ruma and hashing state, but aws-lc-rs is the new default.
|
|
|
|
|
// without this, TLS mode will panic.
|
2026-04-24 10:06:47 +01:00
|
|
|
rustls::crypto::ring::default_provider()
|
2024-10-10 16:23:38 -04:00
|
|
|
.install_default()
|
2026-04-24 10:06:47 +01:00
|
|
|
.expect("failed to initialise ring rustls crypto provider");
|
2024-08-23 19:29:36 -04:00
|
|
|
|
2024-05-30 22:38:39 +00:00
|
|
|
info!(
|
2024-12-15 00:05:47 -05:00
|
|
|
"Note: It is strongly recommended that you use a reverse proxy instead of running \
|
|
|
|
|
conduwuit directly with TLS."
|
2024-05-30 22:38:39 +00:00
|
|
|
);
|
2025-04-09 03:35:40 +00:00
|
|
|
debug!("Using direct TLS. Certificate path {certs} and certificate private key path {key}",);
|
|
|
|
|
let conf = RustlsConfig::from_pem_file(certs, key)
|
|
|
|
|
.await
|
|
|
|
|
.map_err(|e| err!(Config("tls", "Failed to load certificates or key: {e}")))?;
|
2024-05-30 22:38:39 +00:00
|
|
|
|
|
|
|
|
let mut join_set = JoinSet::new();
|
2024-06-06 22:31:52 +00:00
|
|
|
let app = app.into_make_service_with_connect_info::<SocketAddr>();
|
2024-08-15 02:35:19 +00:00
|
|
|
if tls.dual_protocol {
|
2024-05-30 22:38:39 +00:00
|
|
|
for addr in &addrs {
|
|
|
|
|
join_set.spawn_on(
|
|
|
|
|
axum_server_dual_protocol::bind_dual_protocol(*addr, conf.clone())
|
|
|
|
|
.set_upgrade(false)
|
|
|
|
|
.handle(handle.clone())
|
|
|
|
|
.serve(app.clone()),
|
|
|
|
|
server.runtime(),
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
for addr in &addrs {
|
|
|
|
|
join_set.spawn_on(
|
|
|
|
|
bind_rustls(*addr, conf.clone())
|
|
|
|
|
.handle(handle.clone())
|
|
|
|
|
.serve(app.clone()),
|
|
|
|
|
server.runtime(),
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-08-15 02:35:19 +00:00
|
|
|
if tls.dual_protocol {
|
2024-05-30 22:38:39 +00:00
|
|
|
warn!(
|
2024-12-15 00:05:47 -05:00
|
|
|
"Listening on {addrs:?} with TLS certificate {certs} and supporting plain text \
|
|
|
|
|
(HTTP) connections too (insecure!)",
|
2024-05-30 22:38:39 +00:00
|
|
|
);
|
|
|
|
|
} else {
|
2024-08-15 02:35:19 +00:00
|
|
|
info!("Listening on {addrs:?} with TLS certificate {certs}");
|
2024-05-30 22:38:39 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
while join_set.join_next().await.is_some() {}
|
|
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
|
}
|
