From d52e57612942cbe0c6a0dd774fcc2caac8f439d5 Mon Sep 17 00:00:00 2001 From: Eric Hodel Date: Wed, 27 Dec 2023 06:15:48 -0800 Subject: feat: Add TLS to atuin-server (#1457) * Add TLS to atuin-server atuin as a project already includes most of the dependencies necessary for server-side TLS. This allows `atuin server start` to use a TLS certificate when self-hosting in order to avoid the complication of wrapping it in a TLS-aware proxy server. Configuration is handled similar to the metrics server with its own struct and currently accepts only the private key and certificate file paths. Starting a TLS server and a TCP server are divergent because the tests need to bind to an arbitrary port to avoid collisions across tests. The API to accomplish this for a TLS server is much more verbose. * Fix clippy, fmt * Add TLS section to self-hosting --- docs/docs/self-hosting/self-hosting.md | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'docs') diff --git a/docs/docs/self-hosting/self-hosting.md b/docs/docs/self-hosting/self-hosting.md index 8379f43f..621b00f3 100644 --- a/docs/docs/self-hosting/self-hosting.md +++ b/docs/docs/self-hosting/self-hosting.md @@ -39,3 +39,14 @@ ATUIN_DB_URI="postgres://user:password@hostname/database" | `db_uri` | A valid PostgreSQL URI, for saving history (default: false) | | `path` | A path to prepend to all routes of the server (default: false) | +### TLS + +The server supports TLS through the `[tls]` section: + +```toml +[tls] +enabled = true +cert_path = "/path/to/letsencrypt/live/fully.qualified.domain/fullchain.pem" +pkey_path = "/path/to/letsencrypt/live/fully.qualified.domain/privkey.pem" +``` + -- cgit v1.3.1