Enable SSL and HTTP/2

2025-01-26 01:16:58 -06:00 · 2025-01-26 01:16:58 -06:00 · fddc635957
commit fddc635957
parent f3bd66b872
2 changed files with 27 additions and 6 deletions
--- a/cpp/web_server.cpp
+++ b/cpp/web_server.cpp
@ -23,16 +23,18 @@
 #include <QtHttpServer/QHttpServer>
 #include <QtHttpServer/QHttpServerRequest>
 #include <QtHttpServer/QHttpServerResponse>
-#include <QTcpServer>
+#include <QSslServer>
 #include <QDir>
 #include <QFile>
 #include <QDateTime>
 #include <QJsonArray>
 #include <QDebug>
 #include <QtConcurrent/QtConcurrent>
+#include <QFile>
 #include <QFuture>
 #include <QSqlQuery>
 #include <QSqlError>
+#include <QSslKey>

 // C++ includes
 #include <iostream>
@ -965,13 +967,32 @@ bool WebServer::start_server(quint16 port) {
        });
    });

-    // Attempt to listen on `port`
-    if (!tcp_server_.listen(QHostAddress::Any, port) || !http_server_.bind(&tcp_server_)) {
+    {
+        QSslConfiguration ssl_config = QSslConfiguration::defaultConfiguration();
+        QFile cert_file("/srv/lubuntu-ci/repos/ci-tools/server.crt");
+        cert_file.open(QIODevice::ReadOnly);
+        ssl_config.setLocalCertificate(QSslCertificate(&cert_file, QSsl::Pem));
+        cert_file.close();
+        QFile key_file("/srv/lubuntu-ci/repos/ci-tools/server.key");
+        key_file.open(QIODevice::ReadOnly);
+        ssl_config.setPrivateKey(QSslKey(&key_file, QSsl::Rsa, QSsl::Pem));
+        key_file.close();
+
+        ssl_config.setPeerVerifyMode(QSslSocket::VerifyNone);
+        ssl_config.setProtocol(QSsl::TlsV1_3);
+        ssl_server_.setSslConfiguration(ssl_config);
+
+        QHttp2Configuration Http2Conf = QHttp2Configuration();
+        Http2Conf.setServerPushEnabled(true);
+        http_server_.setHttp2Configuration(Http2Conf);
+    }
+
+    if (!ssl_server_.listen(QHostAddress::Any, port) || !http_server_.bind(&ssl_server_)) {
        std::cerr << timestamp_now() << " [ERROR] Could not bind to port " << port << std::endl;
        return false;
    }

    std::cout << timestamp_now() << " [INFO] Web server running on port "
-              << tcp_server_.serverPort() << std::endl;
+              << ssl_server_.serverPort() << std::endl;
    return true;
 }
--- a/cpp/web_server.h
+++ b/cpp/web_server.h
@ -25,7 +25,7 @@
 #include <QMap>
 #include <QSqlDatabase>
 #include <QString>
-#include <QTcpServer>
+#include <QSslServer>
 #include <string>

 class WebServer : public QObject {
@ -41,7 +41,7 @@ private:
    void load_tokens(QSqlDatabase& p_db);

    QHttpServer http_server_;
-    QTcpServer tcp_server_;
+    QSslServer ssl_server_;
    std::unique_ptr<TaskQueue> task_queue;
    std::jthread expire_tokens_thread_;
    std::jthread process_sources_thread_;