split router::serve units.
Signed-off-by: Jason Volk <jason@zemos.net>
This commit is contained in:
Jason Volk
June 🍓🦴
parent
0baa57f5d9
commit
2e45cb281a
7 changed files with 245 additions and 218 deletions
68
src/router/serve/tls.rs
Normal file
68
src/router/serve/tls.rs
Normal file
|
|
@ -0,0 +1,68 @@
|
|||
use std::{net::SocketAddr, sync::Arc};
|
||||
|
||||
use axum::{routing::IntoMakeService, Router};
|
||||
use axum_server::{bind_rustls, tls_rustls::RustlsConfig, Handle as ServerHandle};
|
||||
#[cfg(feature = "axum_dual_protocol")]
|
||||
use axum_server_dual_protocol::ServerExt;
|
||||
use conduit::{Result, Server};
|
||||
use tokio::task::JoinSet;
|
||||
use tracing::{debug, info, warn};
|
||||
|
||||
pub(super) async fn serve(
|
||||
server: &Arc<Server>, app: IntoMakeService<Router>, handle: ServerHandle, addrs: Vec<SocketAddr>,
|
||||
) -> Result<()> {
|
||||
let config = &server.config;
|
||||
let tls = config.tls.as_ref().expect("TLS configuration");
|
||||
|
||||
debug!(
|
||||
"Using direct TLS. Certificate path {} and certificate private key path {}",
|
||||
&tls.certs, &tls.key
|
||||
);
|
||||
info!(
|
||||
"Note: It is strongly recommended that you use a reverse proxy instead of running conduwuit directly with TLS."
|
||||
);
|
||||
let conf = RustlsConfig::from_pem_file(&tls.certs, &tls.key).await?;
|
||||
|
||||
if cfg!(feature = "axum_dual_protocol") {
|
||||
info!(
|
||||
"conduwuit was built with axum_dual_protocol feature to listen on both HTTP and HTTPS. This will only \
|
||||
take effect if `dual_protocol` is enabled in `[global.tls]`"
|
||||
);
|
||||
}
|
||||
|
||||
let mut join_set = JoinSet::new();
|
||||
if cfg!(feature = "axum_dual_protocol") && tls.dual_protocol {
|
||||
#[cfg(feature = "axum_dual_protocol")]
|
||||
for addr in &addrs {
|
||||
join_set.spawn_on(
|
||||
axum_server_dual_protocol::bind_dual_protocol(*addr, conf.clone())
|
||||
.set_upgrade(false)
|
||||
.handle(handle.clone())
|
||||
.serve(app.clone()),
|
||||
server.runtime(),
|
||||
);
|
||||
}
|
||||
} else {
|
||||
for addr in &addrs {
|
||||
join_set.spawn_on(
|
||||
bind_rustls(*addr, conf.clone())
|
||||
.handle(handle.clone())
|
||||
.serve(app.clone()),
|
||||
server.runtime(),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
if cfg!(feature = "axum_dual_protocol") && tls.dual_protocol {
|
||||
warn!(
|
||||
"Listening on {:?} with TLS certificate {} and supporting plain text (HTTP) connections too (insecure!)",
|
||||
addrs, &tls.certs
|
||||
);
|
||||
} else {
|
||||
info!("Listening on {:?} with TLS certificate {}", addrs, &tls.certs);
|
||||
}
|
||||
|
||||
while join_set.join_next().await.is_some() {}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue