Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Code Issues Releases Wiki Activity
libwebsockets/minimal-examples/http-server/minimal-http-server-tls
History
Andy Green f6ae0edf8d strict host check vhost flag 
https://github.com/warmcat/libwebsockets/issues/1423

If you vhost->options has the flag LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK,
then if the server is sent an upgrade request, the content of the Host: header is
required to match the vhost name + port.  The port is set to the well-known values
of 80 and 443 if no :port on the host: value, depending on tls or not on the
connection.

minimal-ws-server can now take a -h flag to set this.  lejp-conf (eg, lwsws) can now take
a flag strict-host-check on the vhost to enable it as well.
2018-11-13 09:55:06 +08:00
..
mount-origin minimal: http-server-tls 2018-04-06 10:38:03 +08:00
CMakeLists.txt refactor: most preparation for -DLWS_ROLE_H1=0 2018-04-27 19:16:50 +08:00
localhost-100y.cert minimal: http-server-tls 2018-04-06 10:38:03 +08:00
localhost-100y.key minimal: http-server-tls 2018-04-06 10:38:03 +08:00
minimal-http-server-tls.c strict host check vhost flag 2018-11-13 09:55:06 +08:00
README.md minimal: http-server-tls 2018-04-06 10:38:03 +08:00

README.md

lws minimal http server with tls

build

 $ cmake . && make

usage

 $ ./lws-minimal-http-server-tls
[2018/03/20 13:23:13:0131] USER: LWS minimal http server TLS | visit https://localhost:7681
[2018/03/20 13:23:13:0142] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off
[2018/03/20 13:23:13:0142] NOTICE:  Using SSL mode
[2018/03/20 13:23:13:0146] NOTICE:  SSL ECDH curve 'prime256v1'
[2018/03/20 13:23:13:0146] NOTICE:  HTTP2 / ALPN enabled
[2018/03/20 13:23:13:0195] NOTICE: lws_tls_client_create_vhost_context: doing cert filepath localhost-100y.cert
[2018/03/20 13:23:13:0195] NOTICE: Loaded client cert localhost-100y.cert
[2018/03/20 13:23:13:0195] NOTICE: lws_tls_client_create_vhost_context: doing private key filepath
[2018/03/20 13:23:13:0196] NOTICE: Loaded client cert private key localhost-100y.key
[2018/03/20 13:23:13:0196] NOTICE: created client ssl context for default
[2018/03/20 13:23:14:0207] NOTICE:    vhost default: cert expiry: 730459d

Visit https://localhost:7681

Because it uses a selfsigned certificate, you will have to make an exception for it in your browser.

Certificate creation

The selfsigned certs provided were created with

echo -e "GB\nErewhon\nAll around\nlibwebsockets-test\n\nlocalhost\nnone@invalid.org\n" | openssl req -new -newkey rsa:4096 -days 36500 -nodes -x509 -keyout "localhost-100y.key" -out "localhost-100y.cert"

they cover "localhost" and last 100 years from 2018-03-20.

You can replace them with commercial certificates matching your hostname.

HTTP/2

If you built lws with -DLWS_WITH_HTTP2=1 at cmake, this simple server is also http/2 capable out of the box. If the index.html was loaded over http/2, it will display an HTTP 2 png.