diff --git a/engine/main.cc b/engine/main.cc index 894e9d146..93aa3b8e7 100644 --- a/engine/main.cc +++ b/engine/main.cc @@ -219,6 +219,24 @@ void RunServer(std::optional port, bool ignore_cout) { resp->addHeader("Access-Control-Allow-Methods", "*"); }); + // ssl + auto ssl_cert_path = config.sslCertPath; + auto ssl_key_path = config.sslKeyPath; + + if (!ssl_cert_path.empty() && !ssl_key_path.empty()) { + CTL_INF("SSL cert path: " << ssl_cert_path); + CTL_INF("SSL key path: " << ssl_key_path); + + if (!std::filesystem::exists(ssl_cert_path) || + !std::filesystem::exists(ssl_key_path)) { + CTL_ERR("SSL cert or key file not exist at specified path! Ignore.."); + return; + } + + drogon::app().setSSLFiles(ssl_cert_path, ssl_key_path); + drogon::app().addListener(config.apiServerHost, 443, true); + } + drogon::app().run(); if (hw_service->ShouldRestart()) { CTL_INF("Restart to update hardware configuration"); diff --git a/engine/utils/config_yaml_utils.cc b/engine/utils/config_yaml_utils.cc index af671d9e6..ed6437256 100644 --- a/engine/utils/config_yaml_utils.cc +++ b/engine/utils/config_yaml_utils.cc @@ -47,6 +47,8 @@ cpp::result CortexConfigMgr::DumpYamlConfig( node["noProxy"] = config.noProxy; node["verifyPeerSsl"] = config.verifyPeerSsl; node["verifyHostSsl"] = config.verifyHostSsl; + node["sslCertPath"] = config.sslCertPath; + node["sslKeyPath"] = config.sslKeyPath; out_file << node; out_file.close(); @@ -81,7 +83,7 @@ CortexConfig CortexConfigMgr::FromYaml(const std::string& path, !node["proxyUsername"] || !node["proxyPassword"] || !node["verifyPeerSsl"] || !node["verifyHostSsl"] || !node["verifyProxySsl"] || !node["verifyProxyHostSsl"] || - !node["noProxy"]); + !node["sslCertPath"] || !node["sslKeyPath"] || !node["noProxy"]); CortexConfig config = { .logFolderPath = node["logFolderPath"] @@ -164,6 +166,11 @@ CortexConfig CortexConfigMgr::FromYaml(const std::string& path, .verifyHostSsl = node["verifyHostSsl"] ? node["verifyHostSsl"].as() : default_cfg.verifyHostSsl, + .sslCertPath = node["sslCertPath"] + ? node["sslCertPath"].as() + : default_cfg.sslCertPath, + .sslKeyPath = node["sslKeyPath"] ? node["sslKeyPath"].as() + : default_cfg.sslKeyPath, }; if (should_update_config) { l.unlock(); @@ -178,5 +185,4 @@ CortexConfig CortexConfigMgr::FromYaml(const std::string& path, throw; } } - } // namespace config_yaml_utils diff --git a/engine/utils/config_yaml_utils.h b/engine/utils/config_yaml_utils.h index ffb3a31fa..d36cc48e0 100644 --- a/engine/utils/config_yaml_utils.h +++ b/engine/utils/config_yaml_utils.h @@ -55,6 +55,8 @@ struct CortexConfig { bool verifyPeerSsl; bool verifyHostSsl; + std::string sslCertPath; + std::string sslKeyPath; }; class CortexConfigMgr { diff --git a/engine/utils/file_manager_utils.cc b/engine/utils/file_manager_utils.cc index 11128a275..ca3d0c07b 100644 --- a/engine/utils/file_manager_utils.cc +++ b/engine/utils/file_manager_utils.cc @@ -185,6 +185,8 @@ config_yaml_utils::CortexConfig GetDefaultConfig() { .noProxy = config_yaml_utils::kDefaultNoProxy, .verifyPeerSsl = true, .verifyHostSsl = true, + .sslCertPath = "", + .sslKeyPath = "", }; } @@ -369,4 +371,4 @@ std::filesystem::path ToAbsoluteCortexDataPath( const std::filesystem::path& path) { return GetAbsolutePath(GetCortexDataPath(), path); } -} // namespace file_manager_utils \ No newline at end of file +} // namespace file_manager_utils