We're finally saying goodbye to our old pal HTTP, and entering the new era with HTTPS, and to
make this work we'll need a few things:
- A TLS certificate, and;
- Setting up our actix-web server to use said certificate;
Creating and validating a certificate is out of scope for this project, but I'll give you some pointers:
- mkcert is a tool that creates locally trusted certificates;
- openssl may also be used to generate a certificate, but requires you to manually handle the trust setup;
- You'll find many online tools that create a cert, and key pair, any of these approaches will work just fine for learning purposes;
Now that you have a certificate, you can add it to the trusted list on your OS, browser, API testing tool, or you can just set whatever tool you're using to skip validation (this is the approach I'm taking here).
This project already contains a cert and key files, I strongly suggest not sharing your private certificates! Remember that we're skimping on security here!
We'll be using rustls to handle the TLS configuration, as it pairs nicely with actix-web.
pub fn setup_tls() -> Result<rustls::ServerConfig, rustls::TLSError>This function will load and parse our certificate into the type that actix-web wants.
We use the rustls::ServerConfig
returned, and pass it into
HttpServer::bind_rustls.
Previously, we were just using
HttpServer::bind
to bind an address, but now we bind the address, and the TLS configuration.
With these simple steps out of the way, we now have our server running on HTTPS.