search

basecamp / thruster

MIT License
912 stars 31 forks source link

Add support for local TLS. #40

Open ioquatix opened 1 month ago

ioquatix commented 1 month ago

Fixed https://github.com/basecamp/thruster/pull/34 so that it cleanly applies to the current HEAD.

In addition, here is how to test it:

# In a new rails app, e.g. testapp/

TLS_LOCAL=true TLS_DOMAIN=localhost HTTP_PORT=8080 HTTPS_PORT=8443 RAILS_ENV=production thrust bundle exec bin/rails server

Then you can test it:

> curl -k -v https://localhost:8443/index.html
* Host localhost:8443 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
*   Trying [::1]:8443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / x25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
*  subject: O=Thruster Local CA
*  start date: Oct  1 00:52:36 2024 GMT
*  expire date: Sep 29 00:52:36 2034 GMT
*  issuer: O=Thruster Local CA
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connected to localhost (::1) port 8443
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://localhost:8443/index.html
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: localhost:8443]
* [HTTP/2] [1] [:path: /index.html]
* [HTTP/2] [1] [user-agent: curl/8.10.1]
* [HTTP/2] [1] [accept: */*]
> GET /index.html HTTP/2
> Host: localhost:8443
> User-Agent: curl/8.10.1
> Accept: */*
> 
* Request completely sent off
reesericci commented 1 month ago

Incredible, thanks - should I close #34 in favor of this?

ioquatix commented 1 month ago

@reesericci I basically just squashed your PR and made a few fixes. You are welcome to close #34 in favour of this if you think that makes sense. You already solved all the tricky problems like constructing the local CA etc.

ioquatix commented 3 weeks ago

@kevinmcconnell can you please review this PR?