Remove TLS handling

2025-07-31 13:07:46 +00:00 · 2024-01-10 09:33:30 +03:00 · 2024-01-10 09:33:30 +03:00 · f588299cf8
commit f588299cf8
parent 776f08f610
5 changed files with 20 additions and 263 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -116,12 +116,6 @@ version = "1.0.79"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "080e9890a082662b09c1ad45f567faeeb47f22b5fb23895fbe1e651e718e25ca"

-[[package]]
-name = "arc-swap"
-version = "1.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bddcadddf5e9015d310179a59bb28c4d4b9920ad0f11e8e14dbadf654890c9a6"
-
 [[package]]
 name = "async-trait"
 version = "0.1.77"
@ -213,7 +207,6 @@ version = "0.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c1ad46c3ec4e12f4a4b6835e173ba21c25e484c9d02b49770bf006ce5367c036"
 dependencies = [
- "arc-swap",
 "bytes",
 "futures-util",
 "http",
@ -222,10 +215,7 @@ dependencies = [
 "hyper",
 "hyper-util",
 "pin-project-lite",
- "rustls",
- "rustls-pemfile",
 "tokio",
- "tokio-rustls",
 "tower",
 "tower-service",
 ]
@ -245,12 +235,6 @@ dependencies = [
 "rustc-demangle",
 ]

-[[package]]
-name = "base64"
-version = "0.21.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c79fed4cdb43e993fcdadc7e58a09fd0e3e649c4436fa11da71c9f1f3ee7feb9"
-
 [[package]]
 name = "bitflags"
 version = "1.3.2"
@ -483,17 +467,6 @@ dependencies = [
 "unicode-width",
 ]

-[[package]]
-name = "getrandom"
-version = "0.2.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f"
-dependencies = [
- "cfg-if",
- "libc",
- "wasi",
-]
-
 [[package]]
 name = "gimli"
 version = "0.28.1"
@ -1020,20 +993,6 @@ version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f"

-[[package]]
-name = "ring"
-version = "0.17.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74"
-dependencies = [
- "cc",
- "getrandom",
- "libc",
- "spin",
- "untrusted",
- "windows-sys 0.48.0",
-]
-
 [[package]]
 name = "rustc-demangle"
 version = "0.1.23"
@ -1053,44 +1012,6 @@ dependencies = [
 "windows-sys 0.52.0",
 ]

-[[package]]
-name = "rustls"
-version = "0.21.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba"
-dependencies = [
- "log",
- "ring",
- "rustls-webpki",
- "sct",
-]
-
-[[package]]
-name = "rustls-pemfile"
-version = "2.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "35e4980fa29e4c4b212ffb3db068a564cbf560e51d3944b7c88bd8bf5bec64f4"
-dependencies = [
- "base64",
- "rustls-pki-types",
-]
-
-[[package]]
-name = "rustls-pki-types"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e9d979b3ce68192e42760c7810125eb6cf2ea10efae545a156063e61f314e2a"
-
-[[package]]
-name = "rustls-webpki"
-version = "0.101.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
-dependencies = [
- "ring",
- "untrusted",
-]
-
 [[package]]
 name = "rustversion"
 version = "1.0.14"
@ -1109,16 +1030,6 @@ version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"

-[[package]]
-name = "sct"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
-dependencies = [
- "ring",
- "untrusted",
-]
-
 [[package]]
 name = "serde"
 version = "1.0.195"
@ -1255,12 +1166,6 @@ dependencies = [
 "windows-sys 0.48.0",
 ]

-[[package]]
-name = "spin"
-version = "0.9.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
-
 [[package]]
 name = "strsim"
 version = "0.10.0"
@ -1323,16 +1228,6 @@ dependencies = [
 "syn",
 ]

-[[package]]
-name = "tokio-rustls"
-version = "0.24.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
-dependencies = [
- "rustls",
- "tokio",
-]
-
 [[package]]
 name = "tokio-util"
 version = "0.7.10"
@ -1474,12 +1369,6 @@ version = "0.2.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ab4c90930b95a82d00dc9e9ac071b4991924390d46cbd0dfe566148667605e4b"

-[[package]]
-name = "untrusted"
-version = "0.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
-
 [[package]]
 name = "utf8parse"
 version = "0.2.1"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -11,7 +11,7 @@ edition     = "2021"
 [dependencies]
 anyhow         = "1.0.77"
 axum           = { version = "0.7.3", features = [ "macros" ] }
-axum-server    = { version = "0.6.0", features = [ "tls-rustls" ] }
+axum-server    = { version = "0.6.0" }
 bytes          = "1.5.0"
 cargo_toml     = "0.17.2"
 chrono         = { version = "0.4.31", features = [ "serde" ] }
--- a/README.md
+++ b/README.md
@ -18,30 +18,12 @@ Enables the site service.

 Default: false.

-### `services.site.certificate`
+### `services.site.port`

-The path to the SSL certificate the site will use.
-
-Default: null.
-
-### `services.site.key`
-
-The path to the SSL key the site will use.
-
-Default: null.
-
-### `services.site.httpPort`
-
-Specifies on which port the site service listens for HTTP connections.
+Specifies on which port the site service listens for connections.

 Default: 8080.

-### `services.site.httpsPort`
-
-Specifies on which port the site service listens for HTTPS connections.
-
-Default: 8443.
-
 ### `services.site.logLevel`

 Specifies the log level that the site service will log stuff with.
--- a/flake.nix
+++ b/flake.nix
@ -109,39 +109,12 @@
        services.site = {
          enable = mkEnableOption (mdDoc "site service");

-          certificate = mkOption {
-            type        = types.nullOr types.path;
-            default     = null;
-            example     = "/path/to/cert.pem";
-            description = mdDoc ''
-              The path to the SSL certificate the site will use.
-            '';
-          };
-
-          key = mkOption {
-            type        = types.nullOr types.path;
-            default     = null;
-            example     = "/path/to/key.pem";
-            description = mdDoc ''
-              The path to the SSL key the site will use.
-            '';
-          };
-
-          httpPort = mkOption {
+          port = mkOption {
            type        = types.port;
            default     = 8080;
            example     = 80;
            description = mdDoc ''
-              Specifies on which port the site service listens for HTTP connections.
-            '';
-          };
-
-          httpsPort = mkOption {
-            type        = types.port;
-            default     = 8443;
-            example     = 80;
-            description = mdDoc ''
-              Specifies on which port the site service listens for HTTPS connections.
+              Specifies on which port the site service listens for connections.
            '';
          };

@ -171,20 +144,11 @@
          wantedBy    = [ "multi-user.target" ];

          serviceConfig = let
-            arguments = [
-              "--http-port" (toString cfg.httpPort)
-              "--https-port" (toString cfg.httpsPort)
-              "--log-level" cfg.logLevel
-            ] ++ (optionals (cfg.certificate != null) [
-              "--certificate" cfg.certificate
-            ]) ++ (optionals (cfg.key != null) [
-              "--key" cfg.key
-            ]);
-            needsPrivilidges = cfg.httpPort < 1024 || cfg.httpsPort < 1024;
+            needsPrivilidges = cfg.port < 1024;
            capabilities     = [ "" ] ++ optionals needsPrivilidges [ "CAP_NET_BIND_SERVICE" ];
            rootDirectory    = "/run/site";
          in {
-            ExecStart               = "${self.packages.${pkgs.system}.site}/bin/site " + (concatStringsSep " " arguments);
+            ExecStart               = "${self.packages.${pkgs.system}.site}/bin/site --port ${cfg.port} --log-level ${cfg.logLevel}";
            Restart                 = "always";
            DynamicUser             = true;
            RootDirectory           = rootDirectory;
@ -222,7 +186,7 @@
        };

        networking.firewall.allowedTCPPorts =
-          optionals cfg.openFirewall [ cfg.httpPort cfg.httpsPort ];
+          optionals cfg.openFirewall [ cfg.port ];
      };
    };
  });
--- a/src/main.rs
+++ b/src/main.rs
@ -7,87 +7,22 @@ mod minify;
 mod page;
 mod routes;

-use std::{
-    net::SocketAddr,
-    path::PathBuf,
-};
+use std::net::SocketAddr;

 use anyhow::Context;
-use axum::{
-    extract::Host,
-    handler::HandlerWithoutStateExt,
-    http::{
-        uri::Scheme,
-        StatusCode,
-        Uri,
-    },
-    response::Redirect,
-    BoxError,
-    Router,
-};
-use axum_server::tls_rustls::RustlsConfig;
+use axum::Router;
 use clap::Parser;
 use tower_http::trace::TraceLayer;

 #[derive(Parser, Clone)]
 #[command(author, version, about)]
 struct Cli {
-    /// The HTTP port to listen for connections on
+    /// The port to listen for connections on
    #[arg(long, default_value = "8080")]
-    http_port: u16,
-    /// The HTTPS port to listen for connections on
-    #[arg(long, default_value = "8443")]
-    https_port: u16,
+    port: u16,
    /// The log level to log stuff with
    #[arg(long, default_value = "info")]
    log_level: log::LevelFilter,
-
-    /// The path to the certificate file
-    #[arg(long)]
-    certificate: Option<PathBuf>,
-    /// The path to the key file
-    #[arg(long)]
-    key: Option<PathBuf>,
-}
-
-async fn redirect_http(args: Cli) {
-    let http_port = args.http_port.to_string();
-    let https_port = args.https_port.to_string();
-
-    let make_https = move |host: String, uri: Uri| -> Result<Uri, BoxError> {
-        let mut parts = uri.into_parts();
-
-        parts.scheme = Some(Scheme::HTTPS);
-
-        if parts.path_and_query.is_none() {
-            parts.path_and_query = Some("/".parse().unwrap());
-        }
-
-        let https_host = host.replace(&http_port, &https_port);
-        parts.authority = Some(https_host.parse()?);
-
-        Ok(Uri::from_parts(parts)?)
-    };
-
-    let redirect = move |Host(host): Host, uri: Uri| {
-        async move {
-            match make_https(host, uri) {
-                Ok(uri) => Ok(Redirect::permanent(&uri.to_string())),
-                Err(error) => {
-                    log::warn!("Failed to convert URI to HTTPS: {error}");
-                    Err(StatusCode::BAD_REQUEST)
-                },
-            }
-        }
-    };
-
-    let address = SocketAddr::from(([0, 0, 0, 0], args.http_port));
-
-    axum_server::bind(address)
-        .serve(redirect.into_make_service())
-        .await
-        .with_context(|| "Failed to run redirect server")
-        .unwrap();
 }

 #[tokio::main]
@ -100,28 +35,15 @@ async fn main() -> anyhow::Result<()> {
        .format_timestamp(None)
        .init();

-    let app = Router::new()
+    let address = SocketAddr::from(([0, 0, 0, 0], args.port));
+
+    let router = Router::new()
        .merge(routes::router())
        .merge(errors::router())
-        .layer(TraceLayer::new_for_http())
-        .into_make_service();
+        .layer(TraceLayer::new_for_http());

-    if let (Some(certificate_path), Some(key_path)) = (&args.certificate, &args.key) {
-        tokio::spawn(redirect_http(args.clone()));
-
-        let config = RustlsConfig::from_pem_file(certificate_path, key_path)
-            .await
-            .with_context(|| "Failed to create TLS configuration from PEM files")?;
-
-        let address = SocketAddr::from(([0, 0, 0, 0], args.https_port));
-
-        axum_server::bind_rustls(address, config).serve(app).await
-    } else {
-        let address = SocketAddr::from(([0, 0, 0, 0], args.http_port));
-
-        axum_server::bind(address).serve(app).await
-    }
-    .with_context(|| "Failed to run main server")?;
-
-    Ok(())
+    axum_server::bind(address)
+        .serve(router.into_make_service())
+        .await
+        .with_context(|| "Failed to run server")
 }