diff --git a/meross_local_broker/rootfs/opt/custom_broker/http_api.py b/meross_local_broker/rootfs/opt/custom_broker/http_api.py index 9e19689..db550be 100644 --- a/meross_local_broker/rootfs/opt/custom_broker/http_api.py +++ b/meross_local_broker/rootfs/opt/custom_broker/http_api.py @@ -16,6 +16,7 @@ from logger import get_logger from messaging import make_api_response from model.exception import BadRequestError +import ssl # Configure the current logger _LOGGER = get_logger("http_api") @@ -31,6 +32,7 @@ app.register_blueprint(hub_blueprint, url_prefix='/v1/Hub') app.register_blueprint(devs_blueprint, url_prefix="/_devs_") + # Initialize DB init_db() @@ -68,6 +70,7 @@ def parse_args(): parser.add_argument('--host', type=str, help='HTTPS server hostname', default='127.0.0.1') parser.add_argument('--debug', dest='debug', action='store_true', help='When set, prints debug messages') parser.add_argument('--cert-ca', required=True, type=str, help='Path to the certificate to use') + parser.add_argument('--cert-key', required=True, type=str, help='Path to the certificate private key') parser.set_defaults(debug=False) return parser.parse_args() @@ -76,6 +79,7 @@ def parse_args(): # Parse Args args = parse_args() - # Bind to localhost, as the traffic is "routed" throughout a front-facing - # reverse proxy, which filters the inboud traffic. - app.run(port=args.port, host=args.host, debug=args.debug, use_debugger=False, use_reloader=args.debug) + context = ssl.create_default_context() + context.load_cert_chain(args.cert_ca, '/data/ssl/key.pem') + + app.run(port=args.port, host=args.host, debug=args.debug, use_debugger=False, use_reloader=args.debug, ssl_context=context) diff --git a/meross_local_broker/rootfs/usr/local/bin/api.sh b/meross_local_broker/rootfs/usr/local/bin/api.sh index bd6109d..433f3ac 100755 --- a/meross_local_broker/rootfs/usr/local/bin/api.sh +++ b/meross_local_broker/rootfs/usr/local/bin/api.sh @@ -6,6 +6,7 @@ pushd /opt/custom_broker >/dev/null HTTPS_HOST=$(get_option 'https_host' '127.0.0.1') HTTPS_PORT=$(get_option 'https_port' '443') CA_CERT=$(get_option 'https_cert' '') +CA_KEY=$(get_option 'https_key' '') DEBUG_PORT=$(get_option 'api_debug_port' '') # Setup debug flag @@ -23,4 +24,4 @@ fi bashio::log.info "Starting flask..." bashio::net.wait_for $HTTPS_PORT -exec python3 $debug_prefix ./http_api.py --port $HTTPS_PORT --host "$HTTPS_HOST" --cert-ca "$CA_CERT" $debug_postfix +exec python3 $debug_prefix ./http_api.py --port $HTTPS_PORT --host "$HTTPS_HOST" --cert-ca "$CA_CERT" --cert-key "$CA_KEY" $debug_postfix