✨ Load certificate to use HTTPs

2025-07-20 16:51:47 +08:00
parent f499e7d31a
commit 4557631153
7 changed files with 31 additions and 44 deletions
--- a/DysonNetwork.Drive/Program.cs
+++ b/DysonNetwork.Drive/Program.cs
@@ -9,7 +9,7 @@ using tusdotnet.Stores;
 var builder = WebApplication.CreateBuilder(args);

 // Configure Kestrel and server options
-builder.ConfigureAppKestrel();
+builder.ConfigureAppKestrel(builder.Configuration);

 // Add application services
 builder.Services.AddRegistryService(builder.Configuration);
--- a/DysonNetwork.Pass/Program.cs
+++ b/DysonNetwork.Pass/Program.cs
@@ -9,7 +9,7 @@ using Microsoft.EntityFrameworkCore;
 var builder = WebApplication.CreateBuilder(args);

 // Configure Kestrel and server options
-builder.ConfigureAppKestrel();
+builder.ConfigureAppKestrel(builder.Configuration);

 // Add metrics and telemetry
 builder.Services.AddAppMetrics();
--- a/DysonNetwork.Pusher/Program.cs
+++ b/DysonNetwork.Pusher/Program.cs
@@ -1,13 +1,14 @@
 using DysonNetwork.Pusher;
 using DysonNetwork.Pusher.Startup;
 using DysonNetwork.Shared.Auth;
+using DysonNetwork.Shared.Http;
 using DysonNetwork.Shared.Registry;
 using Microsoft.EntityFrameworkCore;

 var builder = WebApplication.CreateBuilder(args);

 // Configure Kestrel and server options
-builder.ConfigureAppKestrel();
+builder.ConfigureAppKestrel(builder.Configuration);

 // Add application services
 builder.Services.AddRegistryService(builder.Configuration);
--- a/DysonNetwork.Pusher/Startup/KestrelConfiguration.cs
+++ b/DysonNetwork.Pusher/Startup/KestrelConfiguration.cs
@@ -1,17 +0,0 @@
-namespace DysonNetwork.Pusher.Startup;
-
-public static class KestrelConfiguration
-{
-    public static WebApplicationBuilder ConfigureAppKestrel(this WebApplicationBuilder builder)
-    {
-        builder.Host.UseContentRoot(Directory.GetCurrentDirectory());
-        builder.WebHost.ConfigureKestrel(options =>
-        {
-            options.Limits.MaxRequestBodySize = 50 * 1024 * 1024;
-            options.Limits.KeepAliveTimeout = TimeSpan.FromMinutes(2);
-            options.Limits.RequestHeadersTimeout = TimeSpan.FromSeconds(30);
-        });
-
-        return builder;
-    }
-}
--- a/DysonNetwork.Shared/Http/KestrelConfiguration.cs
+++ b/DysonNetwork.Shared/Http/KestrelConfiguration.cs
@@ -1,13 +1,16 @@
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Server.Kestrel.Core;
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Hosting;

 namespace DysonNetwork.Shared.Http;

 public static class KestrelConfiguration
 {
-    public static WebApplicationBuilder ConfigureAppKestrel(this WebApplicationBuilder builder)
+    public static WebApplicationBuilder ConfigureAppKestrel(this WebApplicationBuilder builder, IConfiguration configuration)
    {
        builder.Host.UseContentRoot(Directory.GetCurrentDirectory());
        builder.WebHost.ConfigureKestrel(options =>
@@ -15,10 +18,26 @@ public static class KestrelConfiguration
            options.Limits.MaxRequestBodySize = 50 * 1024 * 1024;
            options.Limits.KeepAliveTimeout = TimeSpan.FromMinutes(2);
            options.Limits.RequestHeadersTimeout = TimeSpan.FromSeconds(30);
-            options.ConfigureEndpointDefaults(endpoints =>
+            
+            var certPath = configuration["Service:ClientCert"]!;
+            var keyPath = configuration["Service:ClientKey"]!;
+
+            // Load PEM cert and key manually
+            var certificate = X509Certificate2.CreateFromPemFile(certPath, keyPath);
+
+            // You MUST call this to make sure the key is usable
+            certificate = certificate.CopyWithPrivateKey(
+                RSA.Create()
+            );
+
+            // Now pass the full cert
+            options.ListenAnyIP(5001, listenOptions =>
            {
-                endpoints.Protocols = HttpProtocols.Http1AndHttp2;
+                listenOptions.UseHttps(certificate);
            });
+
+            // Optional: HTTP fallback
+            options.ListenAnyIP(8080);
        });
        
        return builder;
--- a/DysonNetwork.Sphere/Program.cs
+++ b/DysonNetwork.Sphere/Program.cs
@@ -1,4 +1,5 @@
 using DysonNetwork.Shared.Auth;
+using DysonNetwork.Shared.Http;
 using DysonNetwork.Shared.Registry;
 using DysonNetwork.Sphere;
 using DysonNetwork.Sphere.Startup;
@@ -7,7 +8,7 @@ using Microsoft.EntityFrameworkCore;
 var builder = WebApplication.CreateBuilder(args);

 // Configure Kestrel and server options
-builder.ConfigureAppKestrel();
+builder.ConfigureAppKestrel(builder.Configuration);

 // Add metrics and telemetry
 builder.Services.AddAppMetrics();
--- a/DysonNetwork.Sphere/Startup/KestrelConfiguration.cs
+++ b/DysonNetwork.Sphere/Startup/KestrelConfiguration.cs
@@ -1,17 +0,0 @@
-namespace DysonNetwork.Sphere.Startup;
-
-public static class KestrelConfiguration
-{
-    public static WebApplicationBuilder ConfigureAppKestrel(this WebApplicationBuilder builder)
-    {
-        builder.Host.UseContentRoot(Directory.GetCurrentDirectory());
-        builder.WebHost.ConfigureKestrel(options =>
-        {
-            options.Limits.MaxRequestBodySize = 50 * 1024 * 1024;
-            options.Limits.KeepAliveTimeout = TimeSpan.FromMinutes(2);
-            options.Limits.RequestHeadersTimeout = TimeSpan.FromSeconds(30);
-        });
-
-        return builder;
-    }
-}