add https as optional for server api (#2310)

* add tls as optional config for server api * add error log if start_rest_apis fail
2025-01-20 19:11:08 +03:00 · 2019-01-08 03:42:11 +08:00 · 2019-01-08 03:42:11 +08:00 · c5efb715a5
commit c5efb715a5
parent 2c5ba853f7
4 changed files with 39 additions and 2 deletions
--- a/api/src/handlers.rs
+++ b/api/src/handlers.rs
@ -86,7 +86,14 @@ pub fn start_rest_apis(

 	info!("Starting HTTP API server at {}.", addr);
 	let socket_addr: SocketAddr = addr.parse().expect("unable to parse socket address");
-	apis.start(socket_addr, router, tls_config).is_ok()
+	let res = apis.start(socket_addr, router, tls_config);
+	match res {
+		Ok(_) => true,
+		Err(e) => {
+			error!("HTTP API server failed to start. Err: {}", e);
+			false
+		}
+	}
 }

 pub fn build_router(
--- a/config/src/comments.rs
+++ b/config/src/comments.rs
@ -43,6 +43,11 @@ fn comments() -> HashMap<String, String> {
 	retval.insert(
 		"api_http_addr".to_string(),
 		"
+#path of TLS certificate file, self-signed certificates are not supported
+#tls_certificate_file = \"\"
+#private key for the TLS certificate
+#tls_certificate_key = \"\"
+
 #the address on which services will listen, e.g. Transaction Pool
 "
 		.to_string(),
--- a/servers/src/common/types.rs
+++ b/servers/src/common/types.rs
@ -46,6 +46,8 @@ pub enum Error {
 	Cuckoo(pow::Error),
 	/// Error originating from the transaction pool.
 	Pool(pool::PoolError),
+	/// Invalid Arguments.
+	ArgumentError(String),
 }

 impl From<core::block::Error> for Error {
@ -124,6 +126,11 @@ pub struct ServerConfig {
 	/// Location of secret for basic auth on Rest API HTTP server.
 	pub api_secret_path: Option<String>,

+	/// TLS certificate file
+	pub tls_certificate_file: Option<String>,
+	/// TLS certificate private key file
+	pub tls_certificate_key: Option<String>,
+
 	/// Setup the server for tests, testnet or mainnet
 	#[serde(default)]
 	pub chain_type: ChainTypes,
@ -174,6 +181,8 @@ impl Default for ServerConfig {
 			db_root: "grin_chain".to_string(),
 			api_http_addr: "127.0.0.1:3413".to_string(),
 			api_secret_path: Some(".api_secret".to_string()),
+			tls_certificate_file: None,
+			tls_certificate_key: None,
 			p2p_config: p2p::P2PConfig::default(),
 			dandelion_config: pool::DandelionConfig::default(),
 			stratum_mining_config: Some(StratumServerConfig::default()),
--- a/servers/src/grin/server.rs
+++ b/servers/src/grin/server.rs
@ -21,6 +21,7 @@ use std::sync::Arc;
 use std::{thread, time};

 use crate::api;
+use crate::api::TLSConfig;
 use crate::chain;
 use crate::common::adapters::{
 	ChainToPoolAndNetAdapter, NetToChainAdapter, PoolToChainAdapter, PoolToNetAdapter,
@ -223,13 +224,28 @@ impl Server {

 		info!("Starting rest apis at: {}", &config.api_http_addr);
 		let api_secret = get_first_line(config.api_secret_path.clone());
+
+		let tls_conf = match config.tls_certificate_file.clone() {
+			None => None,
+			Some(file) => {
+				let key = match config.tls_certificate_key.clone() {
+					Some(k) => k,
+					None => {
+						let msg = format!("Private key for certificate is not set");
+						return Err(Error::ArgumentError(msg));
+					}
+				};
+				Some(TLSConfig::new(file, key))
+			}
+		};
+
 		api::start_rest_apis(
 			config.api_http_addr.clone(),
 			shared_chain.clone(),
 			tx_pool.clone(),
 			p2p_server.peers.clone(),
 			api_secret,
-			None,
+			tls_conf,
 		);

 		info!("Starting dandelion monitor: {}", &config.api_http_addr);