Add JF_SSL_KEY_PATH and JF_SSL_CERT_PATH env vars (#129)

fishjam-dev · Dec 14, 2023 · 76f4d48 · 76f4d48
1 parent 66c8451
commit 76f4d48
Show file tree

Hide file tree

Showing 7 changed files with 71 additions and 43 deletions.
diff --git a/config/ci.exs b/config/ci.exs
@@ -1,12 +1,10 @@
 import Config
 
-config :jellyfish, server_api_token: "development"
+config :jellyfish, ip: {127, 0, 0, 1}, port: 4002, server_api_token: "development"
 
 # We don't run a server during test. If one is required,
 # you can enable the server option below.
-config :jellyfish, JellyfishWeb.Endpoint,
-  http: [ip: {127, 0, 0, 1}, port: 4002],
-  server: false
+config :jellyfish, JellyfishWeb.Endpoint, server: false
 
 # Print only warnings and errors during test
 config :logger, level: :warning

diff --git a/config/dev.exs b/config/dev.exs
@@ -1,6 +1,12 @@
 import Config
 
-config :jellyfish, server_api_token: "development", dev_routes: true
+# Binding to loopback ipv4 address prevents access from other machines.
+# Change to `ip: {0, 0, 0, 0}` to allow access from other machines.
+config :jellyfish,
+  ip: {127, 0, 0, 1},
+  port: 5002,
+  server_api_token: "development",
+  dev_routes: true
 
 # For development, we disable any cache and enable
 # debugging and code reloading.
@@ -9,37 +15,11 @@ config :jellyfish, server_api_token: "development", dev_routes: true
 # watchers to your application. For example, we use it
 # with esbuild to bundle .js and .css sources.
 config :jellyfish, JellyfishWeb.Endpoint,
-  # Binding to loopback ipv4 address prevents access from other machines.
-  # Change to `ip: {0, 0, 0, 0}` to allow access from other machines.
-  http: [ip: {127, 0, 0, 1}, port: 5002],
   check_origin: false,
   code_reloader: true,
   debug_errors: true,
   watchers: []
 
-# ## SSL Support
-#
-# In order to use HTTPS in development, a self-signed
-# certificate can be generated by running the following
-# Mix task:
-#
-#     mix phx.gen.cert
-#
-# Run `mix help phx.gen.cert` for more information.
-#
-# The `http:` config above can be replaced with:
-#
-#     https: [
-#       port: 4001,
-#       cipher_suite: :strong,
-#       keyfile: "priv/cert/selfsigned_key.pem",
-#       certfile: "priv/cert/selfsigned.pem"
-#     ],
-#
-# If desired, both `http:` and `https:` keys can be
-# configured to run both http and https servers on
-# different ports.
-
 # Do not include metadata nor timestamps in development logs
 config :logger, :console, level: :info, format: "[$level] $message\n"
 

diff --git a/config/prod.exs b/config/prod.exs
@@ -7,10 +7,12 @@ import Config
 # Do not print debug messages in production
 config :logger, level: :info
 
+config :jellyfish,
+  ip: {127, 0, 0, 1},
+  port: 8080
+
 # run the server automatically when using prod release
-config :jellyfish, JellyfishWeb.Endpoint,
-  http: [ip: {127, 0, 0, 1}, port: 8080],
-  server: true
+config :jellyfish, JellyfishWeb.Endpoint, server: true
 
 config :bundlex, :disable_precompiled_os_deps, apps: [:membrane_h264_ffmpeg_plugin]
 

diff --git a/config/runtime.exs b/config/runtime.exs
@@ -13,13 +13,9 @@ config :opentelemetry, traces_exporter: :none
 
 prod? = config_env() == :prod
 
-ip =
-  ConfigReader.read_ip("JF_IP") ||
-    Application.get_env(:jellyfish, JellyfishWeb.Endpoint)[:http][:ip]
+ip = ConfigReader.read_ip("JF_IP") || Application.fetch_env!(:jellyfish, :ip)
 
-port =
-  ConfigReader.read_port("JF_PORT") ||
-    Application.get_env(:jellyfish, JellyfishWeb.Endpoint)[:http][:port]
+port = ConfigReader.read_port("JF_PORT") || Application.fetch_env!(:jellyfish, :port)
 
 host =
   case System.get_env("JF_HOST") do
@@ -61,9 +57,26 @@ end
 config :jellyfish, JellyfishWeb.Endpoint,
   secret_key_base:
     System.get_env("JF_SECRET_KEY_BASE") || Base.encode64(:crypto.strong_rand_bytes(48)),
-  http: [ip: ip, port: port],
   url: [host: host_name, port: host_port]
 
+# In order to use HTTPS in development, a self-signed
+# certificate can be generated by running the following
+# Mix task: mix phx.gen.cert
+case ConfigReader.read_ssl_config() do
+  {ssl_key_path, ssl_cert_path} ->
+    config :jellyfish, JellyfishWeb.Endpoint,
+      https: [
+        ip: ip,
+        port: port,
+        cipher_suite: :strong,
+        keyfile: ssl_key_path,
+        certfile: ssl_cert_path
+      ]
+
+  nil ->
+    config :jellyfish, JellyfishWeb.Endpoint, http: [ip: ip, port: port]
+end
+
 check_origin = ConfigReader.read_check_origin("JF_CHECK_ORIGIN")
 
 if check_origin != nil do

diff --git a/config/test.exs b/config/test.exs
@@ -1,11 +1,11 @@
 import Config
 
 config :jellyfish,
+  ip: {127, 0, 0, 1},
+  port: 4002,
   server_api_token: "development",
   metrics_scrape_interval: 50
 
-# We don't run a server during test. If one is required,
-# you can enable the server option below.
 config :jellyfish, JellyfishWeb.Endpoint,
   http: [ip: {127, 0, 0, 1}, port: 4002],
   server: true

diff --git a/lib/jellyfish/config_reader.ex b/lib/jellyfish/config_reader.ex
@@ -78,6 +78,25 @@ defmodule Jellyfish.ConfigReader do
     end
   end
 
+  def read_ssl_config() do
+    ssl_key_path = System.get_env("JF_SSL_KEY_PATH")
+    ssl_cert_path = System.get_env("JF_SSL_CERT_PATH")
+
+    case {ssl_key_path, ssl_cert_path} do
+      {nil, nil} ->
+        nil
+
+      {nil, ssl_cert_path} when ssl_cert_path != nil ->
+        raise "JF_SSL_CERT_PATH has been set but JF_SSL_KEY_PATH remains unset"
+
+      {ssl_key_path, nil} when ssl_key_path != nil ->
+        raise "JF_SSL_KEY_PATH has been set but JF_SSL_CERT_PATH remains unset"
+
+      other ->
+        other
+    end
+  end
+
   def read_webrtc_config() do
     webrtc_used = read_boolean("JF_WEBRTC_USED")
 

diff --git a/test/jellyfish/config_reader_test.exs b/test/jellyfish/config_reader_test.exs
@@ -112,6 +112,22 @@ defmodule Jellyfish.ConfigReaderTest do
     end
   end
 
+  test "read_ssl_config/0" do
+    with_env ["JF_SSL_KEY_PATH", "JF_SSL_CERT_PATH"] do
+      assert ConfigReader.read_ssl_config() == nil
+
+      System.put_env("JF_SSL_KEY_PATH", "/some/key/path")
+      assert_raise RuntimeError, fn -> ConfigReader.read_ssl_config() end
+      System.delete_env("JF_SSL_KEY_PATH")
+
+      System.put_env("JF_SSL_CERT_PATH", "/some/cert/path")
+      assert_raise RuntimeError, fn -> ConfigReader.read_ssl_config() end
+
+      System.put_env("JF_SSL_KEY_PATH", "/some/key/path")
+      assert ConfigReader.read_ssl_config() == {"/some/key/path", "/some/cert/path"}
+    end
+  end
+
   test "read_dist_config/0 NODES_LIST" do
     with_env ["JF_DIST_ENABLED", "JF_DIST_COOKIE", "JF_DIST_NODE_NAME", "JF_DIST_NODES"] do
       assert ConfigReader.read_dist_config() == [