tls-rustls
[package]
name = "example-tls-rustls"
version = "0.1.0"
edition = "2021"
publish = false
[dependencies]
axum = { path = "../../axum" }
axum-extra = { path = "../../axum-extra" }
axum-server = { version = "0.7", features = ["tls-rustls"] }
tokio = { version = "1", features = ["full"] }
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
//! Run with //! //! ```not_rust //! cargo run -p example-tls-rustls //! ``` #![allow(unused_imports)] use axum::{ handler::HandlerWithoutStateExt, http::{uri::Authority, StatusCode, Uri}, response::Redirect, routing::get, BoxError, Router, }; use axum_extra::extract::Host; use axum_server::tls_rustls::RustlsConfig; use std::{net::SocketAddr, path::PathBuf}; use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt}; #[allow(dead_code)] #[derive(Clone, Copy)] struct Ports { http: u16, https: u16, } #[tokio::main] async fn main() { tracing_subscriber::registry() .with( tracing_subscriber::EnvFilter::try_from_default_env() .unwrap_or_else(|_| format!("{}=debug", env!("CARGO_CRATE_NAME")).into()), ) .with(tracing_subscriber::fmt::layer()) .init(); let ports = Ports { http: 7878, https: 3000, }; // optional: spawn a second server to redirect http requests to this server tokio::spawn(redirect_http_to_https(ports)); // configure certificate and private key used by https let config = RustlsConfig::from_pem_file( PathBuf::from(env!("CARGO_MANIFEST_DIR")) .join("self_signed_certs") .join("cert.pem"), PathBuf::from(env!("CARGO_MANIFEST_DIR")) .join("self_signed_certs") .join("key.pem"), ) .await .unwrap(); let app = Router::new().route("/", get(handler)); // run https server let addr = SocketAddr::from(([127, 0, 0, 1], ports.https)); tracing::debug!("listening on {}", addr); axum_server::bind_rustls(addr, config) .serve(app.into_make_service()) .await .unwrap(); } #[allow(dead_code)] async fn handler() -> &'static str { "Hello, World!" } #[allow(dead_code)] async fn redirect_http_to_https(ports: Ports) { fn make_https(host: &str, uri: Uri, https_port: u16) -> Result<Uri, BoxError> { let mut parts = uri.into_parts(); parts.scheme = Some(axum::http::uri::Scheme::HTTPS); if parts.path_and_query.is_none() { parts.path_and_query = Some("/".parse().unwrap()); } let authority: Authority = host.parse()?; let bare_host = match authority.port() { Some(port_struct) => authority .as_str() .strip_suffix(port_struct.as_str()) .unwrap() .strip_suffix(':') .unwrap(), // if authority.port() is Some(port) then we can be sure authority ends with :{port} None => authority.as_str(), }; parts.authority = Some(format!("{bare_host}:{https_port}").parse()?); Ok(Uri::from_parts(parts)?) } let redirect = move |Host(host): Host, uri: Uri| async move { match make_https(&host, uri, ports.https) { Ok(uri) => Ok(Redirect::permanent(&uri.to_string())), Err(error) => { tracing::warn!(%error, "failed to convert URI to HTTPS"); Err(StatusCode::BAD_REQUEST) } } }; let addr = SocketAddr::from(([127, 0, 0, 1], ports.http)); let listener = tokio::net::TcpListener::bind(addr).await.unwrap(); tracing::debug!("listening on {}", listener.local_addr().unwrap()); axum::serve(listener, redirect.into_make_service()) .await .unwrap(); }
There are two more files: self_signed_certs/cert.pem self_signed_certs/key.pem