diff --git a/appmgr/src/net/nginx.rs b/appmgr/src/net/nginx.rs index b0725ad74..609e36782 100644 --- a/appmgr/src/net/nginx.rs +++ b/appmgr/src/net/nginx.rs @@ -9,6 +9,7 @@ use tokio::sync::Mutex; use super::interface::{InterfaceId, LanPortConfig}; use super::ssl::SslManager; +use crate::hostname::get_hostname; use crate::s9pk::manifest::PackageId; use crate::util::{Invoke, Port}; use crate::{Error, ErrorKind, ResultExt}; @@ -40,11 +41,27 @@ pub struct NginxControllerInner { } impl NginxControllerInner { async fn init(nginx_root: PathBuf, db: SqlitePool) -> Result { - Ok(NginxControllerInner { + let inner = NginxControllerInner { nginx_root, interfaces: BTreeMap::new(), ssl_manager: SslManager::init(db).await?, - }) + }; + let (key, cert) = inner + .ssl_manager + .certificate_for(&get_hostname().await?) + .await?; + let ssl_path_key = inner.nginx_root.join(format!("ssl/embassy_main.key.pem")); + let ssl_path_cert = inner.nginx_root.join(format!("ssl/embassy_main.cert.pem")); + futures::try_join!( + tokio::fs::write(&ssl_path_key, key.private_key_to_pem_pkcs8()?), + tokio::fs::write( + &ssl_path_cert, + cert.into_iter() + .flat_map(|c| c.to_pem().unwrap()) + .collect::>() + ) + )?; + Ok(inner) } async fn add>( &mut self, diff --git a/appmgr/src/nginx/main-ui.conf b/appmgr/src/nginx/main-ui.conf index be1c1cda9..27c2e5ecd 100644 --- a/appmgr/src/nginx/main-ui.conf +++ b/appmgr/src/nginx/main-ui.conf @@ -1,6 +1,8 @@ server { - listen 80 default_server; - listen [::]:80 default_server; + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + ssl_certificate /etc/nginx/ssl/embassy_main.cert.pem; + ssl_certificate_key /etc/nginx/ssl/embassy_main.key.pem; root /var/www/html/main; @@ -31,4 +33,10 @@ server { location / { try_files $uri $uri/ =404; } +} +server { + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + return 301 https://$host$request_uri; } \ No newline at end of file