ws: make TLS optional, allow HTTP health checks without TLS only

2026-04-02 10:45:30 +00:00 · 2022-07-18 23:21:17 +02:00 · 2022-07-18 23:21:17 +02:00 · a16ce91d46
commit a16ce91d46
parent 018f32e9e9
5 changed files with 116 additions and 43 deletions
--- a/aquatic_ws/src/lib.rs
+++ b/aquatic_ws/src/lib.rs
@ -26,6 +26,12 @@ pub const APP_VERSION: &str = env!("CARGO_PKG_VERSION");
 pub const SHARED_IN_CHANNEL_SIZE: usize = 1024;

 pub fn run(config: Config) -> ::anyhow::Result<()> {
+    if config.network.enable_tls && config.network.enable_http_health_check {
+        return Err(anyhow::anyhow!(
+            "configuration: network.enable_tls and network.enable_http_health_check can't both be set to true"
+        ));
+    }
+
    let mut signals = Signals::new([SIGUSR1, SIGTERM])?;

    let state = State::default();
@ -41,10 +47,13 @@ pub fn run(config: Config) -> ::anyhow::Result<()> {
    let (sentinel_watcher, sentinel) = PanicSentinelWatcher::create_with_sentinel();
    let priv_dropper = PrivilegeDropper::new(config.privileges.clone(), config.socket_workers);

-    let tls_config = Arc::new(create_rustls_config(
-        &config.network.tls_certificate_path,
-        &config.network.tls_private_key_path,
-    )?);
+    let opt_tls_config = config
+        .network
+        .enable_tls
+        .then_some(Arc::new(create_rustls_config(
+            &config.network.tls_certificate_path,
+            &config.network.tls_private_key_path,
+        )?));

    let mut executors = Vec::new();

@ -52,7 +61,7 @@ pub fn run(config: Config) -> ::anyhow::Result<()> {
        let sentinel = sentinel.clone();
        let config = config.clone();
        let state = state.clone();
-        let tls_config = tls_config.clone();
+        let opt_tls_config = opt_tls_config.clone();
        let control_mesh_builder = control_mesh_builder.clone();
        let request_mesh_builder = request_mesh_builder.clone();
        let response_mesh_builder = response_mesh_builder.clone();
@ -72,7 +81,7 @@ pub fn run(config: Config) -> ::anyhow::Result<()> {
                    sentinel,
                    config,
                    state,
-                    tls_config,
+                    opt_tls_config,
                    control_mesh_builder,
                    request_mesh_builder,
                    response_mesh_builder,