ssl

dkhalife · Jun 16, 2024 · 8684f9d · 8684f9d
1 parent ded3966
commit 8684f9d
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/meross_local_broker/rootfs/opt/custom_broker/http_api.py b/meross_local_broker/rootfs/opt/custom_broker/http_api.py
@@ -16,6 +16,7 @@
 from logger import get_logger
 from messaging import make_api_response
 from model.exception import BadRequestError
+import ssl
 
 # Configure the current logger
 _LOGGER = get_logger("http_api")
@@ -31,6 +32,7 @@
 app.register_blueprint(hub_blueprint, url_prefix='/v1/Hub')
 app.register_blueprint(devs_blueprint, url_prefix="/_devs_")
 
+
 # Initialize DB
 init_db()
 
@@ -68,6 +70,7 @@ def parse_args():
     parser.add_argument('--host', type=str, help='HTTPS server hostname', default='127.0.0.1')
     parser.add_argument('--debug', dest='debug', action='store_true', help='When set, prints debug messages')
     parser.add_argument('--cert-ca', required=True, type=str, help='Path to the certificate to use')
+    parser.add_argument('--cert-key', required=True, type=str, help='Path to the certificate private key')
     parser.set_defaults(debug=False)
     return parser.parse_args()
 
@@ -76,6 +79,7 @@ def parse_args():
    # Parse Args
     args = parse_args()
 
-    # Bind to localhost, as the traffic is "routed" throughout a front-facing
-    # reverse proxy, which filters the inboud traffic.
-    app.run(port=args.port, host=args.host, debug=args.debug, use_debugger=False, use_reloader=args.debug)
+    context = ssl.create_default_context()
+    context.load_cert_chain(args.cert_ca, '/data/ssl/key.pem')
+
+    app.run(port=args.port, host=args.host, debug=args.debug, use_debugger=False, use_reloader=args.debug, ssl_context=context)
diff --git a/meross_local_broker/rootfs/usr/local/bin/api.sh b/meross_local_broker/rootfs/usr/local/bin/api.sh
@@ -6,6 +6,7 @@ pushd /opt/custom_broker >/dev/null
 HTTPS_HOST=$(get_option 'https_host' '127.0.0.1')
 HTTPS_PORT=$(get_option 'https_port' '443')
 CA_CERT=$(get_option 'https_cert' '')
+CA_KEY=$(get_option 'https_key' '')
 DEBUG_PORT=$(get_option 'api_debug_port' '')
 
 # Setup debug flag
@@ -23,4 +24,4 @@ fi
 bashio::log.info "Starting flask..."
 bashio::net.wait_for $HTTPS_PORT
 
-exec python3 $debug_prefix ./http_api.py --port $HTTPS_PORT --host "$HTTPS_HOST" --cert-ca "$CA_CERT" $debug_postfix
+exec python3 $debug_prefix ./http_api.py --port $HTTPS_PORT --host "$HTTPS_HOST" --cert-ca "$CA_CERT" --cert-key "$CA_KEY" $debug_postfix