Fix serving backend interfaces using TLS.

2025-01-18 18:46:24 +00:00 · 2022-07-13 12:15:38 +01:00 · 2022-07-13 12:15:38 +01:00 · e1da9f75ae
commit e1da9f75ae
parent 4131ed38ec
3 changed files with 20 additions and 2 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -4684,6 +4684,7 @@ dependencies = [
 "serde_json",
 "serde_urlencoded",
 "tokio",
+ "tokio-rustls 0.22.0",
 "tokio-stream",
 "tokio-tungstenite",
 "tokio-util 0.6.9",
--- a/chirpstack/Cargo.toml
+++ b/chirpstack/Cargo.toml
@ -67,7 +67,7 @@ prost = "0.10"
 pbjson-types = "0.3"

 # gRPC and HTTP multiplexing
-warp = { version = "0.3" }
+warp = { version = "0.3", features = ["tls"] }
 hyper = "0.14"
 tower = "0.4"
 futures = "0.3"
--- a/chirpstack/src/api/backend/mod.rs
+++ b/chirpstack/src/api/backend/mod.rs
@ -38,7 +38,24 @@ pub async fn setup() -> Result<()> {
        .and(warp::body::aggregate())
        .then(handle_request);

-    warp::serve(routes).run(addr).await;
+    if !conf.backend_interfaces.ca_cert.is_empty()
+        || !conf.backend_interfaces.tls_cert.is_empty()
+        || !conf.backend_interfaces.tls_key.is_empty()
+    {
+        let mut w = warp::serve(routes).tls();
+        if !conf.backend_interfaces.ca_cert.is_empty() {
+            w = w.client_auth_required_path(&conf.backend_interfaces.ca_cert);
+        }
+        if !conf.backend_interfaces.tls_cert.is_empty() {
+            w = w.cert_path(&conf.backend_interfaces.tls_cert);
+        }
+        if !conf.backend_interfaces.tls_key.is_empty() {
+            w = w.key_path(&conf.backend_interfaces.tls_key);
+        }
+        w.run(addr).await;
+    } else {
+        warp::serve(routes).run(addr).await;
+    }

    Ok(())
 }