1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199
|
# TLS/SSL Support in Glaze HTTP Server
Glaze supports TLS/SSL encryption for HTTPS servers through a template-based approach that provides zero overhead for HTTP-only applications.
## Overview
The `http_server` has been enhanced with a template parameter `<bool EnableTLS>` that allows you to create both HTTP and HTTPS servers:
- `http_server<false>` or `http_server<>` - Standard HTTP server (default)
- `http_server<true>` or `https_server` - HTTPS server with TLS support
## Building with TLS Support
### Prerequisites
- OpenSSL development libraries
- CMake 3.21 or later
- C++23 compatible compiler
### CMake Configuration
Enable TLS support when configuring your build:
```bash
cmake -Dglaze_ENABLE_SSL=ON ..
```
This will:
- Find and link OpenSSL libraries
- Define `GLZ_ENABLE_SSL` preprocessor macro
- Enable TLS functionality in the http_server template
## Usage
### Basic HTTPS Server
```cpp
#include "glaze/net/http_server.hpp"
int main() {
// Create HTTPS server using alias
glz::https_server server;
// Load SSL certificate and private key
server.load_certificate("path/to/cert.pem", "path/to/private_key.pem");
// Configure routes
server.get("/", [](const glz::request& req, glz::response& res) {
res.body("Hello, HTTPS World!");
});
// Start server on port 8443
server.bind(8443).start();
return 0;
}
```
### Using Template Parameter
```cpp
// Explicit template parameter
glz::http_server<true> https_server;
glz::http_server<false> http_server; // or just http_server<>
```
### SSL Configuration
```cpp
glz::https_server server;
// Load certificate and key
server.load_certificate("cert.pem", "key.pem");
// Set SSL verification mode (optional)
server.set_ssl_verify_mode(SSL_VERIFY_NONE); // For development
// server.set_ssl_verify_mode(SSL_VERIFY_PEER); // For production
```
## Certificate Generation
For development and testing, you can generate self-signed certificates:
```bash
# Generate private key
openssl genrsa -out key.pem 2048
# Generate self-signed certificate
openssl req -new -x509 -key key.pem -out cert.pem -days 365
```
## API Reference
### Template Parameters
- `EnableTLS` (bool): Enable TLS support
- `false` (default): HTTP server
- `true`: HTTPS server
### Type Aliases
- `https_server`: Alias for `http_server<true>`
### HTTPS-Specific Methods
#### `load_certificate(cert_file, key_file)`
Load SSL certificate and private key files (PEM format).
```cpp
server.load_certificate("path/to/cert.pem", "path/to/key.pem");
```
#### `set_ssl_verify_mode(mode)`
Set SSL peer verification mode.
```cpp
server.set_ssl_verify_mode(SSL_VERIFY_NONE); // No verification
server.set_ssl_verify_mode(SSL_VERIFY_PEER); // Verify peer certificate
```
## Design Benefits
### Zero Overhead for HTTP
- HTTP servers (`EnableTLS = false`) have no TLS-related code or memory overhead
- SSL headers and context are only included when `EnableTLS = true`
- Compile-time optimization ensures maximum performance
### Type Safety
- Template parameter provides compile-time differentiation
- Prevents accidental mixing of HTTP and HTTPS configurations
- Clear API distinction between server types
### Backward Compatibility
- Existing HTTP server code continues to work unchanged
- Default template parameter maintains HTTP behavior
- No breaking changes to existing APIs
## Example: Mixed HTTP/HTTPS Setup
```cpp
#include "glaze/net/http_server.hpp"
int main() {
// HTTP server for public content
glz::http_server<> http_server;
http_server.get("/", [](const glz::request& req, glz::response& res) {
res.body("Public HTTP content");
});
// HTTPS server for secure content
glz::https_server https_server;
https_server.load_certificate("cert.pem", "key.pem")
.get("/secure", [](const glz::request& req, glz::response& res) {
res.body("Secure HTTPS content");
});
// Start both servers
std::thread http_thread([&]() {
http_server.bind(8080).start();
});
std::thread https_thread([&]() {
https_server.bind(8443).start();
});
http_thread.join();
https_thread.join();
return 0;
}
```
## Troubleshooting
### OpenSSL Not Found
If CMake cannot find OpenSSL:
```bash
# On Ubuntu/Debian
sudo apt-get install libssl-dev
# On macOS with Homebrew
brew install openssl
export PKG_CONFIG_PATH="/opt/homebrew/lib/pkgconfig"
# On Windows
vcpkg install openssl
```
### Certificate Issues
- Ensure certificate and key files are in PEM format
- Check file permissions and paths
- For production, use certificates from a trusted CA
- For development, self-signed certificates are acceptable
### Compilation Errors
- Ensure `GLZ_ENABLE_SSL` is defined when using TLS features
- Verify OpenSSL libraries are properly linked
- Check that C++23 standard is enabled
|