Merge pull request #192 from umccr/fix/http1

refactor: TLS config
umccr · Jul 11, 2023 · 5ca33fc · 5ca33fc
2 parents bb67712 + 6018004
commit 5ca33fc
Show file tree

Hide file tree

Showing 21 changed files with 1,045 additions and 523 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/htsget-actix/src/lib.rs b/htsget-actix/src/lib.rs
@@ -12,7 +12,6 @@ pub use htsget_config::config::{Config, DataServerConfig, ServiceInfo, TicketSer
 pub use htsget_config::storage::Storage;
 use htsget_search::htsget::from_storage::HtsGetFromStorage;
 use htsget_search::htsget::HtsGet;
-use htsget_search::storage::data_server::DataServer;
 use htsget_search::storage::local::LocalStorage;
 
 use crate::handlers::{get, post, reads_service_info, variants_service_info};
@@ -125,16 +124,14 @@ pub fn run_server<H: HtsGet + Clone + Send + Sync + 'static>(
       .wrap(TracingLogger::default())
   }));
 
-  let server = match config.tls() {
+  let server = match config.into_tls() {
     None => {
       info!("using non-TLS ticket server");
       server.bind(addr)?
     }
     Some(tls) => {
-      let tls_config = DataServer::rustls_server_config(tls.key(), tls.cert())?;
-
       info!("using TLS ticket server");
-      server.bind_rustls(addr, tls_config)?
+      server.bind_rustls(addr, tls.into_inner())?
     }
   };
 

diff --git a/htsget-config/Cargo.toml b/htsget-config/Cargo.toml
@@ -12,7 +12,7 @@ repository = "https://github.com/umccr/htsget-rs"
 
 [features]
 s3-storage = []
-url-storage = []
+url-storage = ["hyper"]
 default = []
 
 [dependencies]
@@ -30,8 +30,16 @@ tracing-subscriber = { version = "0.3", features = ["registry", "env-filter", "a
 toml = "0.7"
 http = "0.2"
 http-serde = "1.1"
+rustls-pemfile = "1.0"
+rustls = "0.20"
+rustls-native-certs = "0.6"
+hyper-rustls = { version = "0.23", features = ["rustls-native-certs", "http2", "http1"] }
+
+hyper = { version = "0.14", features = ["http1", "http2", "client"], optional = true }
 
 [dev-dependencies]
 serde_json = "1.0"
 figment = { version = "0.10", features = ["test"] }
 tokio = { version = "1.28", features = ["macros", "rt-multi-thread"] }
+tempfile = "3.6"
+rcgen = "0.11"
diff --git a/htsget-config/README.md b/htsget-config/README.md
diff --git a/htsget-config/examples/config-files/s3_storage.toml b/htsget-config/examples/config-files/s3_storage.toml
@@ -1,5 +1,5 @@
 # An example for a server which uses s3 storage with data located in "bucket".
-# Run with `cargo run -p htsget-actix --features s3-storage -- --config-file s3_storage.toml`
+# Run with `cargo run -p htsget-actix --features s3-storage -- --config htsget-config/examples/config-files/s3_storage.toml`
 
 ticket_server_cors_allow_headers = "All"
 ticket_server_cors_allow_methods = "All"

diff --git a/htsget-config/examples/config-files/tls_data_server.toml b/htsget-config/examples/config-files/tls_data_server.toml
@@ -1,11 +1,11 @@
 # An example config file for a TLS data server that uses a local storage backend.
-# Run with `cargo run -p htsget-actix -- --config-file tls_data_server.toml`
+# Run with `cargo run -p htsget-actix -- --config htsget-config/examples/config-files/tls_data_server.toml`
 
 ticket_server_addr = "0.0.0.0:8080"
 data_server_addr = "0.0.0.0:8081"
 data_server_cors_allow_origins = "All"
-data_server_cert = "cert.pem"
-data_server_key = "key.pem"
+data_server_tls.cert = "cert.pem"
+data_server_tls.key = "key.pem"
 
 [[resolvers]]
 regex = ".*"

diff --git a/htsget-config/examples/config-files/tls_ticket_server.toml b/htsget-config/examples/config-files/tls_ticket_server.toml
@@ -1,10 +1,10 @@
 # An example config file for a TLS ticket server that uses S3 as a storage backend.
-# Run with `cargo run -p htsget-actix --features s3-storage -- --config-file tls_ticket_server.toml`
+# Run with `cargo run -p htsget-actix --features s3-storage -- --config htsget-config/examples/config-files/tls_ticket_server.toml`
 
 ticket_server_addr = "0.0.0.0:8080"
 ticket_server_cors_allow_origins = "All"
-ticket_server_cert = "cert.pem"
-ticket_server_key = "key.pem"
+ticket_server_tls.cert = "cert.pem"
+ticket_server_tls.key = "key.pem"
 data_server_addr = "0.0.0.0:8081"
 
 [[resolvers]]

diff --git a/htsget-config/examples/config-files/url_storage.toml b/htsget-config/examples/config-files/url_storage.toml
@@ -19,3 +19,10 @@ substitution_string = "$0"
 url = "http://127.0.0.1:8081"
 response_scheme = "https"
 forward_headers = true
+
+# Set client authentication
+#tls.key = "key.pem"
+#tls.cert = "cert.pem"
+
+# Set root certificates
+#tls.root_store = "cert.pem"