1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
//! Run with `cargo run --all-features --example rustls_reload` command.
//!
//! To connect through browser, navigate to "https://localhost:3000" url.
//!
//! Certificate common name will be "localhost".
//!
//! After 20 seconds, certificate common name will be "reloaded".

use axum::{routing::get, Router};
use axum_server::tls_rustls::RustlsConfig;
use std::{net::SocketAddr, time::Duration};
use tokio::time::sleep;

#[tokio::main]
async fn main() {
    let app = Router::new().route("/", get(|| async { "Hello, world!" }));

    let config = RustlsConfig::from_pem_file(
        "examples/self-signed-certs/cert.pem",
        "examples/self-signed-certs/key.pem",
    )
    .await
    .unwrap();

    // Spawn a task to reload tls.
    tokio::spawn(reload(config.clone()));

    let addr = SocketAddr::from(([127, 0, 0, 1], 3000));
    println!("listening on {}", addr);
    axum_server::bind_rustls(addr, config)
        .serve(app.into_make_service())
        .await
        .unwrap();
}

async fn reload(config: RustlsConfig) {
    // Wait for 20 seconds.
    sleep(Duration::from_secs(20)).await;

    println!("reloading rustls configuration");

    // Reload rustls configuration from new files.
    config
        .reload_from_pem_file(
            "examples/self-signed-certs/reload/cert.pem",
            "examples/self-signed-certs/reload/key.pem",
        )
        .await
        .unwrap();

    println!("rustls configuration reloaded");
}