4 files changed, 10 insertions, 73 deletions

diff --git a/crates/atuin-server/Cargo.toml b/crates/atuin-server/Cargo.toml
index 190fd1fb..915ceb14 100644
--- a/crates/atuin-server/Cargo.toml
+++ b/crates/atuin-server/Cargo.toml
@@ -24,14 +24,12 @@ rand = { workspace = true }
 tokio = { workspace = true }
 async-trait = { workspace = true }
 axum = "0.7"
-axum-server = { version = "0.7", features = ["tls-rustls"] }
 fs-err = { workspace = true }
 tower = { workspace = true }
 tower-http = { version = "0.6", features = ["trace"] }
 reqwest = { workspace = true }
-rustls = { version = "0.23"}
 argon2 = "0.5"
 semver = { workspace = true }
-metrics-exporter-prometheus = "0.17"
+metrics-exporter-prometheus = "0.18"
 metrics = "0.24"
 postmark = {version= "0.11", features=["reqwest", "reqwest-rustls-tls"]}
diff --git a/crates/atuin-server/server.toml b/crates/atuin-server/server.toml
index f02372d0..9ff95890 100644
--- a/crates/atuin-server/server.toml
+++ b/crates/atuin-server/server.toml
@@ -33,11 +33,6 @@
 # host = 127.0.0.1
 # port = 9001
 
-# [tls]
-# enable = false
-# cert_path = ""
-# pkey_path = ""
-
 ## Enable legacy sync v1 routes (history-based sync)
 ## Set to false to disable and use only the newer record-based sync
 # sync_v1_enabled = true
diff --git a/crates/atuin-server/src/lib.rs b/crates/atuin-server/src/lib.rs
index f1d616f2..fcf5dde6 100644
--- a/crates/atuin-server/src/lib.rs
+++ b/crates/atuin-server/src/lib.rs
@@ -5,9 +5,7 @@ use std::net::SocketAddr;
 
 use atuin_server_database::Database;
 use axum::{Router, serve};
-use axum_server::Handle;
-use axum_server::tls_rustls::RustlsConfig;
-use eyre::{Context, Result, eyre};
+use eyre::{Context, Result};
 
 mod handlers;
 mod metrics;
@@ -46,18 +44,14 @@ async fn shutdown_signal() {
 }
 
 pub async fn launch<Db: Database>(settings: Settings, addr: SocketAddr) -> Result<()> {
-    if settings.tls.enable {
-        launch_with_tls::<Db>(settings, addr, shutdown_signal()).await
-    } else {
-        launch_with_tcp_listener::<Db>(
-            settings,
-            TcpListener::bind(addr)
-                .await
-                .context("could not connect to socket")?,
-            shutdown_signal(),
-        )
-        .await
-    }
+    launch_with_tcp_listener::<Db>(
+        settings,
+        TcpListener::bind(addr)
+            .await
+            .context("could not connect to socket")?,
+        shutdown_signal(),
+    )
+    .await
 }
 
 pub async fn launch_with_tcp_listener<Db: Database>(
@@ -74,43 +68,6 @@ pub async fn launch_with_tcp_listener<Db: Database>(
     Ok(())
 }
 
-async fn launch_with_tls<Db: Database>(
-    settings: Settings,
-    addr: SocketAddr,
-    shutdown: impl Future<Output = ()>,
-) -> Result<()> {
-    let crypto_provider = rustls::crypto::ring::default_provider().install_default();
-    if crypto_provider.is_err() {
-        return Err(eyre!("Failed to install default crypto provider"));
-    }
-    let rustls_config = RustlsConfig::from_pem_file(
-        settings.tls.cert_path.clone(),
-        settings.tls.pkey_path.clone(),
-    )
-    .await;
-    if rustls_config.is_err() {
-        return Err(eyre!("Failed to load TLS key and/or certificate"));
-    }
-    let rustls_config = rustls_config.unwrap();
-
-    let r = make_router::<Db>(settings).await?;
-
-    let handle = Handle::new();
-
-    let server = axum_server::bind_rustls(addr, rustls_config)
-        .handle(handle.clone())
-        .serve(r.into_make_service());
-
-    tokio::select! {
-        _ = server => {}
-        _ = shutdown => {
-            handle.graceful_shutdown(None);
-        }
-    }
-
-    Ok(())
-}
-
 // The separate listener means it's much easier to ensure metrics are not accidentally exposed to
 // the public.
 pub async fn launch_metrics_server(host: String, port: u16) -> Result<()> {
diff --git a/crates/atuin-server/src/settings.rs b/crates/atuin-server/src/settings.rs
index 2c02bcbe..98d1d69f 100644
--- a/crates/atuin-server/src/settings.rs
+++ b/crates/atuin-server/src/settings.rs
@@ -65,7 +65,6 @@ pub struct Settings {
     pub register_webhook_url: Option<String>,
     pub register_webhook_username: String,
     pub metrics: Metrics,
-    pub tls: Tls,
     pub mail: Mail,
 
     /// Enable legacy sync v1 routes (history-based sync)
@@ -110,9 +109,6 @@ impl Settings {
             .set_default("metrics.host", "127.0.0.1")?
             .set_default("metrics.port", 9001)?
             .set_default("mail.enable", false)?
-            .set_default("tls.enable", false)?
-            .set_default("tls.cert_path", "")?
-            .set_default("tls.pkey_path", "")?
             .set_default("sync_v1_enabled", true)?
             .add_source(
                 Environment::with_prefix("atuin")
@@ -144,12 +140,3 @@ impl Settings {
 pub fn example_config() -> &'static str {
     EXAMPLE_CONFIG
 }
-
-#[derive(Clone, Debug, Default, Deserialize, Serialize)]
-pub struct Tls {
-    #[serde(alias = "enabled")]
-    pub enable: bool,
-
-    pub cert_path: PathBuf,
-    pub pkey_path: PathBuf,
-}