Skip to content
Let's Encrypt SSL support for Actix web applications using acme-client
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src
.gitignore
Cargo.toml
README.md

README.md

actix-web-lets-encrypt

This software makes it fairly easy to use Lets Encrypt with Actix web.

Proof-of-concept

The code in this repository has been lightly tested, but I am unhappy with the API I've constructed. I especially dislike the split between the app_encryption_enabler and the server_encryption_enabler. I'm new to Rust and wanted to write something and then ask for suggestions for a better API.

I haven't yet written documentation for the public functions because I think it's likely they'll change. However, if the example below isn't sufficient to illustrate the sort of behavior I'm trying to make available I can go ahead and document what is present.

This version only works with openssl.

// Although the following code doesn't run as-is, it's basically a
// simplified version of code that has run.  Unfortunately, there's no
// way to provide a sample that will run 100% out of the box, because
// to use a certificate you must have DNS pointing a domain to the host
// you're running this on.
#![feature(proc_macro_hygiene)]

use {
    actix_web::{
        actix::Actor, http::Method, server, App,
        HttpRequest, HttpResponse, Result,
    },
    actix_web_lets_encrypt::{CertBuilder, LetsEncrypt},
};

// ... asset and other non-certificate code elided ...

fn main() {
    let example_prod = CertBuilder::new("0.0.0.0:8089", &["example.com"]).email("ctm@example.com");

    let two_certs_prod =
        CertBuilder::new("0.0.0.0:8090", &["example.org", "example.net"]).email("ctm@example.org");

    let example_test = CertBuilder::new("0.0.0.0:8091", &["test.example.com"])
        .email("ctm@example.com")
        .test();

    // 8088 is for all http and is bound after we set up the server.
    let app_encryption_enabler = LetsEncrypt::encryption_enabler()
        .nonce_directory("/var/nonce")
        .ssl_directory("ssl")
        .add_cert(example_prod)
        .add_cert(two_certs_prod)
        .add_cert(example_test);

    let server_encryption_enabler = app_encryption_enabler.clone();

    let mut server = server::new(move || {
        App::new().configure(|app| {
            let app = app
                .resource("/assets/{asset:.*}", |r| r.method(Method::GET).f(asset))
                .resource("/", |r| r.method(Method::GET).f(index));
            app_encryption_enabler.register(app)
        })
    });

    server = server_encryption_enabler
                 .attach_certificates_to(server)
                 .bind("0.0.0.0:8088")
                 .unwrap()
    };
    server_encryption_enabler.start();
    server.run();
}
You can’t perform that action at this time.