From 8e618ab4439996acf9c17be317acd41dd7308332 Mon Sep 17 00:00:00 2001
From: "Torsten Schulz (local)" <tsschulz@gmx.net>
Date: Mon, 5 Jan 2026 16:06:37 +0100
Subject: [PATCH] Implement TLS support in WebSocket server for secure
 connections

- Added environment variable configuration for enabling TLS in the WebSocket server.
- Implemented logic to read TLS key, certificate, and optional CA paths from environment variables.
- Enhanced server initialization to handle both secure (WSS) and non-secure (WS) connections based on the TLS setting.
- Included error handling for missing TLS configuration to prevent server startup failures.
---
 backend/daemonServer.js | 29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/backend/daemonServer.js b/backend/daemonServer.js
index 36f4691..50cff03 100644
--- a/backend/daemonServer.js
+++ b/backend/daemonServer.js
@@ -1,14 +1,37 @@
 import WebSocket, { WebSocketServer } from 'ws';
+import https from 'https';
+import fs from 'fs';
 
-const PORT = 4551;
+const PORT = Number.parseInt(process.env.DAEMON_PORT || '4551', 10);
+const USE_TLS = process.env.DAEMON_TLS === '1';
+const TLS_KEY_PATH = process.env.DAEMON_TLS_KEY_PATH;
+const TLS_CERT_PATH = process.env.DAEMON_TLS_CERT_PATH;
+const TLS_CA_PATH = process.env.DAEMON_TLS_CA_PATH; // optional
 
 // Einfache In-Memory-Struktur für Verbindungen (für spätere Erweiterungen)
 const connections = new Set();
 
 function createServer() {
-  const wss = new WebSocketServer({ port: PORT });
+  let wss;
 
-  console.log(`[Daemon] WebSocket-Server startet auf Port ${PORT} ...`);
+  if (USE_TLS) {
+    if (!TLS_KEY_PATH || !TLS_CERT_PATH) {
+      console.error('[Daemon] DAEMON_TLS=1 gesetzt, aber DAEMON_TLS_KEY_PATH/DAEMON_TLS_CERT_PATH fehlen.');
+      process.exit(1);
+    }
+    const httpsServer = https.createServer({
+      key: fs.readFileSync(TLS_KEY_PATH),
+      cert: fs.readFileSync(TLS_CERT_PATH),
+      ca: TLS_CA_PATH ? fs.readFileSync(TLS_CA_PATH) : undefined,
+    });
+    wss = new WebSocketServer({ server: httpsServer });
+    httpsServer.listen(PORT, '0.0.0.0', () => {
+      console.log(`[Daemon] WSS (TLS) Server gestartet auf Port ${PORT}`);
+    });
+  } else {
+    wss = new WebSocketServer({ port: PORT });
+    console.log(`[Daemon] WS (ohne TLS) Server startet auf Port ${PORT} ...`);
+  }
 
   wss.on('connection', (ws, req) => {
     const peer = req.socket.remoteAddress + ':' + req.socket.remotePort;