Implement TLS support in WebSocket server for secure connections
- Added environment variable configuration for enabling TLS in the WebSocket server. - Implemented logic to read TLS key, certificate, and optional CA paths from environment variables. - Enhanced server initialization to handle both secure (WSS) and non-secure (WS) connections based on the TLS setting. - Included error handling for missing TLS configuration to prevent server startup failures.
This commit is contained in:
Torsten Schulz (local)
@@ -1,14 +1,37 @@
|
||||
import WebSocket, { WebSocketServer } from 'ws';
|
||||
import https from 'https';
|
||||
import fs from 'fs';
|
||||
|
||||
const PORT = 4551;
|
||||
const PORT = Number.parseInt(process.env.DAEMON_PORT || '4551', 10);
|
||||
const USE_TLS = process.env.DAEMON_TLS === '1';
|
||||
const TLS_KEY_PATH = process.env.DAEMON_TLS_KEY_PATH;
|
||||
const TLS_CERT_PATH = process.env.DAEMON_TLS_CERT_PATH;
|
||||
const TLS_CA_PATH = process.env.DAEMON_TLS_CA_PATH; // optional
|
||||
|
||||
// Einfache In-Memory-Struktur für Verbindungen (für spätere Erweiterungen)
|
||||
const connections = new Set();
|
||||
|
||||
function createServer() {
|
||||
const wss = new WebSocketServer({ port: PORT });
|
||||
let wss;
|
||||
|
||||
console.log(`[Daemon] WebSocket-Server startet auf Port ${PORT} ...`);
|
||||
if (USE_TLS) {
|
||||
if (!TLS_KEY_PATH || !TLS_CERT_PATH) {
|
||||
console.error('[Daemon] DAEMON_TLS=1 gesetzt, aber DAEMON_TLS_KEY_PATH/DAEMON_TLS_CERT_PATH fehlen.');
|
||||
process.exit(1);
|
||||
}
|
||||
const httpsServer = https.createServer({
|
||||
key: fs.readFileSync(TLS_KEY_PATH),
|
||||
cert: fs.readFileSync(TLS_CERT_PATH),
|
||||
ca: TLS_CA_PATH ? fs.readFileSync(TLS_CA_PATH) : undefined,
|
||||
});
|
||||
wss = new WebSocketServer({ server: httpsServer });
|
||||
httpsServer.listen(PORT, '0.0.0.0', () => {
|
||||
console.log(`[Daemon] WSS (TLS) Server gestartet auf Port ${PORT}`);
|
||||
});
|
||||
} else {
|
||||
wss = new WebSocketServer({ port: PORT });
|
||||
console.log(`[Daemon] WS (ohne TLS) Server startet auf Port ${PORT} ...`);
|
||||
}
|
||||
|
||||
wss.on('connection', (ws, req) => {
|
||||
const peer = req.socket.remoteAddress + ':' + req.socket.remotePort;
|
||||
|
||||
Reference in New Issue
Block a user