From d52e57612942cbe0c6a0dd774fcc2caac8f439d5 Mon Sep 17 00:00:00 2001
From: Eric Hodel <drbrain@segment7.net>
Date: Wed, 27 Dec 2023 06:15:48 -0800
Subject: feat: Add TLS to atuin-server (#1457)

* Add TLS to atuin-server

atuin as a project already includes most of the dependencies necessary
for server-side TLS.  This allows `atuin server start` to use a TLS
certificate when self-hosting in order to avoid the complication of
wrapping it in a TLS-aware proxy server.

Configuration is handled similar to the metrics server with its own
struct and currently accepts only the private key and certificate file
paths.

Starting a TLS server and a TCP server are divergent because the tests
need to bind to an arbitrary port to avoid collisions across tests.  The
API to accomplish this for a TLS server is much more verbose.

* Fix clippy, fmt

* Add TLS section to self-hosting
---
 atuin-server/Cargo.toml | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'atuin-server/Cargo.toml')

diff --git a/atuin-server/Cargo.toml b/atuin-server/Cargo.toml
index 445dfcb7..ecfef524 100644
--- a/atuin-server/Cargo.toml
+++ b/atuin-server/Cargo.toml
@@ -26,11 +26,16 @@ rand = { workspace = true }
 tokio = { workspace = true }
 async-trait = { workspace = true }
 axum = "0.6.4"
+axum-server = { version = "0.5.1", features = ["tls-rustls"] }
 http = "0.2"
+hyper = "0.14"
+hyper-rustls = "0.24"
 fs-err = { workspace = true }
 tower = "0.4"
 tower-http = { version = "0.4", features = ["trace"] }
 reqwest = { workspace = true }
+rustls = "0.21"
+rustls-pemfile = "1.0"
 argon2 = "0.5.0"
 semver = { workspace = true }
 metrics-exporter-prometheus = "0.12.1"
-- 
cgit v1.3.1